Abstract
We propose controllability, observability, and operability as the core security objectives of a control system, whilst the much-used triad of confidentiality, integrity, and availability captures the security requirements on IT infrastructures. We discuss how the deployment of IT in industrial control systems has changed the attack surface, how this invalidates assumptions about independent failure modes crucial in safety design, and explain why stronger IT infrastructure security does not necessarily imply better ICS security. We show how process physics can be used to carry attack payloads and thus become an instrument for the attacker, and argue that ICS security standards should expand their scope to the physical processes layer.
Author supplied keywords
Cite
CITATION STYLE
Krotofil, M., Kursawe, K., & Gollmann, D. (2019). Securing industrial control systems. In Advanced Sciences and Technologies for Security Applications (pp. 3–27). Springer. https://doi.org/10.1007/978-3-030-12330-7_1
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
