nach oben

Erschienen in:

2018 | OriginalPaper | Buchkapitel

Cyber-Risks in the Industrial Internet of Things (IIoT): Towards a Method for Continuous Assessment

verfasst von : Carolina Adaros Boye, Paul Kearney, Mark Josephs

Erschienen in: Information Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Continuous risk monitoring is considered in the context of cybersecurity management for the Industrial Internet-of-Thing. Cyber-risk management best practice is for security controls to be deployed and configured in order to bring down risk exposure to an acceptable level. However, threats and known vulnerabilities are subject to change, and estimates of risk are subject to many uncertainties, so it is important to review risk assessments and update controls when required. Risks are typically reviewed periodically (e.g. once per month), but the accelerating pace of change means that this approach is not sustainable, and there is a requirement for continuous monitoring of cybersecurity risks. The method described in this paper aims to alert security staff of significant changes or trends in estimated risk exposure to facilitate rational and timely decisions. Additionally, it helps predict the success and impact of a nascent security breach allowing better prioritisation of threats and selection of appropriate responses. The method is illustrated using a scenario based on environmental control in a data centre.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Beyond Cookie Monster Amnesia: Real World Persistent Online Tracking

This means basing the analysis only on known attack mechanisms and failure modes.

Boddy, S., Shattuck, J.: Threat Analysis Report. The Hunt for IoT. The Growth and Evolution of Thingbots Ensures Chaos (2018). https://www.f5.com/labs/articles/threat-intelligence/the-hunt-for-iot-the-growth-and-evolution-of-thingbots-ensures-chaos. Accessed 25 June 2018

Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., Stoddart, K.: A review of cyber security risk assessment methods for SCADA systems. Comput. Secur. 56, 1–27 (2016)CrossRef

Cisco: Cisco 2017 annual security report. Technical report (2017)

Cook, E., Kearney, P.: Security challenges and cybercrime. J. Inst. Telecommun. Prof. 9, 22–25 (2015)

Common vulnerability scoring system sig. https://www.first.org/cvss/. Accessed 09 Apr 2018

Dempsey, K., et al.: Information security continuous monitoring (ISCM) for federal information systems and organizations: National institute of standards and technology special publication 800–137 (2012)

Dempsey, K., Ross, R., Stine, K.: Supplemental guidance on ongoing authorization (2014)

Desnitsky, V., Kotenko, I., Nogin, S.: Detection of anomalies in data for monitoring of security components in the internet of things. In: 2015 XVIII International Conference on Soft Computing and Measurements (SCM), pp. 189–192. IEEE (2015)

ENISA: Security Recommendations for IoT in the context of Critical Information Infrastructures (2017). https://www.enisa.europa.eu/publications/baseline-security-recommendations-for-iot. Accessed 09 Apr 2018

10.

Gartner newsroom (2017). http://www.gartner.com/newsroom/id/3598917. Accessed 30 July 2017

11.

Greensmith, J.: Securing the internet of things with responsive artificial immune systems. In: Proceedings of the 2015 Annual Conference on Genetic and Evolutionary Computation, pp. 113–120. ACM (2015)

12.

Henrie, M.: Cyber security risk management in the SCADA critical infrastructure environment. Eng. Manag. J. 25(2), 38–45 (2013)CrossRef

13.

Huang, H., Xie, D.: Real-time network risk evaluation paradigm-inspired by immune. In: 2015 11th International Conference on Natural Computation (ICNC), pp. 786–790. IEEE (2015)

14.

IBM Institute for Business Value: Internet of threats. securing the internet of things for industrial and utility companies (2018)

15.

ISO/IEC: Iso/iec 27005:2011. information security risk management (2011)

16.

Jing, Q., Vasilakos, A.V., Wan, J., Lu, J., Qiu, D.: Security of the internet of things: perspectives and challenges. Wirel. Netw. 20(8), 2481–2501 (2014)CrossRef

17.

Kotenko, I., Saenko, I., Ageev, S.: Countermeasure security risks management in the internet of things based on fuzzy logic inference. In: 2015 IEEE on Trustcom/BigDataSE/ISPA, vol. 1, pp. 654–659. IEEE (2015)

18.

Lin, S.W., et al.: Industrial internet reference architecture. Technical report, Industrial Internet Consortium (IIC) (2015)

19.

Linda, O., Manic, M., Vollmer, T.: Improving cyber-security of smart grid systems via anomaly detection and linguistic domain knowledge. In: 2012 5th International Symposium on Resilient Control Systems (ISRCS), pp. 48–54. IEEE (2012)

20.

Liu, C., Zhang, Y., Zeng, J., Peng, L., Chen, R.: Research on dynamical security risk assessment for the internet of things inspired by immunology. In: 2012 Eighth International Conference on Natural Computation (ICNC), pp. 874–878. IEEE (2012)

21.

Macaulay, T.: RIoT Control: Understanding and Managing Risks and the Internet of Things. Morgan Kaufmann, San Francisco (2016)

22.

Mateski, M., et al.: Cyber threat metrics. Sandia National Laboratories (2012)

23.

Moss, D.L.: Data center operating temperature: The sweet spot (2011)

24.

Pan, S., Morris, T., Adhikari, U.: Developing a hybrid intrusion detection system using data mining for power systems. IEEE Trans. Smart Grid 6(6), 3104–3113 (2015)CrossRef

25.

Positive Technologies: Industrial companies attack vectors (2018). https://www.ptsecurity.com/upload/corporate/ww-en/analytics/ICS-attacks-2018-eng.pdf. Accessed 25 June 2018

26.

Sadeghi, A.R., Wachsmann, C., Waidner, M.: Security and privacy challenges in industrial internet of things. In: 2015 52nd ACM/EDAC/IEEE on Design Automation Conference (DAC), pp. 1–6. IEEE (2015)

27.

Smith, B.J., Sholander, P.E., Phelan, J.M., Wyss, G.D., Varnado, G.B., Depoy, J.M.: Risk assessment for physical and cyber attacks on critical infrastructures. Technical report, Sandia National Laboratories (2005)

28.

Spyridopoulos, T., Maraslis, K., Tryfonas, T., Oikonomou, G., Li, S.: Managing cyber security risks in industrial control systems with game theory and viable system modelling. In: 2014 9th International Conference on System of Systems Engineering (SOSE), pp. 266–271. IEEE (2014)

29.

Symantec: Istr-internet security threat report. Technical report (2017)

30.

The Open Group: Fair - ISO/IEC 27005 cookbook (2010)

31.

Wang, J., Fan, K., Mo, W., Xu, D.: A method for information security risk assessment based on the dynamic bayesian network. In: 2016 International Conference on Networking and Network Applications (NaNA), pp. 279–283. IEEE (2016)

32.

Yang, Y., McLaughlin, K., Sezer, S., Littler, T., Im, E.G., Pranggono, B., Wang, H.: Multiattribute SCADA-specific intrusion detection system for power networks. IEEE Trans. Power Deliv. 29(3), 1092–1102 (2014)CrossRef

33.

Zhang, Q., Zhou, C., Tian, Y.C., Xiong, N., Qin, Y., Hu, B.: A fuzzy probability bayesian network approach for dynamic cybersecurity risk assessment in industrial control systems. IEEE Trans. Industr. Inf. 14(6), 2497–2506 (2017)CrossRef

Titel: Cyber-Risks in the Industrial Internet of Things (IIoT): Towards a Method for Continuous Assessment
verfasst von: Carolina Adaros Boye
Paul Kearney
Mark Josephs
Verlag: Springer International Publishing
Buch: Information Security
Print ISBN: 978-3-319-99135-1

Electronic ISBN: 978-3-319-99136-8

Copyright-Jahr: 2018
DOI: https://doi.org/10.1007/978-3-319-99136-8_27

Premium Partner

Bildnachweise

Rittal/© Rittal, NTT Data/© NTT Data, Wildix/© Wildix, Ceyoniq Technology GmbH/© Ceyoniq Technology GmbH, arvato Systems GmbH/© arvato Systems GmbH, Ninox Software GmbH/© Ninox Software GmbH, Everyday Software S.L./© Everyday Software S.L., Redgate/© Redgate, CELONIS Labs GmbH, DC-Datacenter-Group GmbH/© DC-Datacenter-Group GmbH, all for one/© all for one, G Data CyberDefense/© G Data CyberDefense, FAST LTA/© FAST LTA, Vendosoft/© Vendosoft, Kumavision/© Kumavision, Noriis Network AG/© Noriis Network AG, WSW Software GmbH/© WSW Software GmbH, tts GmbH/© tts GmbH

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"