Cyber Incident Exercise for Safety Protection in Critical Infrastructure

Cyber Incident Exercise for Safety Protection in Critical Infrastructure

Yuitaka Ota Tomomi Aoyama Davaaadorj Nyambayar Ichiro Koshijima 

Industrial Management Engineering, Nagoya Institute of Technology, Japan

Page: 
246-257
|
DOI: 
https://doi.org/10.2495/SAFE-V8-N2-246-257
Received: 
N/A
|
Accepted: 
N/A
|
Published: 
1 February 2018
| Citation

OPEN ACCESS

Abstract: 

Many companies, especially those that own critical infrastructure (CI), must prepare processes to cope with serious incidents before they happen. Conventional safety countermeasures already developed a priori to deal with expected problems, such as machinery malfunction, natural disasters and human errors. Field operators also are well trained against such problems. In recent years, however, cyber-attacks have emerged as a ‘clear and present danger’ and have rendered  CI uncertain and unsafe through industrial control systems (ICSs). Thus, CI owners should now prepare countermeasures to ensure the safety and security of ICSs. Unfortunately, responding to situations without experience and developing adequate countermeasures is a difficult challenge. A certain resilience must be developed that gives the actors the ability to flexibly cope with a crisis and quickly recover to a safer state. In CI systems, field operators are the most important element for dynamically managing ICS emergency response.

In this paper, the authors would like to discuss the following two problems:

1.  Simultaneous achievement framework of safety and security in ICSs

2.  Personnel training methodology based on the above framework

Also, we present an illustrative example of the proposed framework and methods based on exercises in which almost 200 CI personnel and security experts participated.

Keywords: 

cyber-incident, personnel training, ICS-SIRT

  References

[1] Symantec Stuxnet – Modus Operandi, available at https://www.sans.org/summitarchives/file/summit-archive-1493844778.pdf (accessed 4 July 2017).

[2] The Center for Strategic Cyberspace + Security Science, available at: http://cscss.org/CS/2017/01/19/ukraine-confirms-december-kiev-blackout-was-cyber-sabotage/ (accessed 4 July 2017).

[3] SANS Industrial Control Systems Security Blog, available at https://ics.sans.org/blog/2016/01/09/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid (accessed 4 July 2017).

[4] E-ISAC, Analysis of the Cyber Attack on the Ukrainian Power Grid (March 18, 2016).

[5] Japanese Ministry of Economy, Trade and Industry, available at http://www.meti.go.jp/english/press/2015/1228_03.html (accessed 4 July 2017).

[6] Hashimoto, Y., Toyoshima, T., Yogo, S., Koike, M., Hamaguchi, T., Jing, S. & Koshijima, I., Safety securing approach against cyber-attacks for process control system. Computers & Chemical Engineering, 57(15), pp. 181–186, 2013. https://doi.org/10.1016/j.compchemeng.2013.04.019

[7] Dell Sonicwall, Anatomy of a cyber-attack, Dell software, 2012.

[8] Metasploit Framework, available at http://www.metasploit.com/ (accessed 4 July 2017).