Securing industrial control systems

Krotofil, Marina; Kursawe, Klaus; Gollmann, Dieter

Securing industrial control systems

Publikationstyp

Book Part

Date Issued

2019

Sprache

English

Author(s)

Krotofil, Marina

Kursawe, Klaus

Gollmann, Dieter

Institut

Sicherheit in verteilten Anwendungen E-15

TORE-URI

http://hdl.handle.net/11420/3991

Start Page

3

End Page

27

Citation

Security and Privacy Trends in the Industrial Internet of Things: 3-27 (2019)

Publisher DOI

10.1007/978-3-030-12330-7_1

Scopus ID

2-s2.0-85075812116

Publisher

Springer

We propose controllability, observability, and operability as the core security objectives of a control system, whilst the much-used triad of confidentiality, integrity, and availability captures the security requirements on IT infrastructures. We discuss how the deployment of IT in industrial control systems has changed the attack surface, how this invalidates assumptions about independent failure modes crucial in safety design, and explain why stronger IT infrastructure security does not necessarily imply better ICS security. We show how process physics can be used to carry attack payloads and thus become an instrument for the attacker, and argue that ICS security standards should expand their scope to the physical processes layer.

Subjects

Controllability

ICS security

IIoT

Integrity

Observability

Operability

Safety

Veracity

Options

Securing industrial control systems