A Security Architectural Pattern for Risk Management of Industry Control Systems within Critical National Infrastructure
SCADA and ICS security have been focusing on addressing issues such as vulnerability discovery and intrusion detection within critical national infrastructure. Less attention has been paid to architectural solutions to the cyber security risks from an information assurance perspective. Security controls are not always traced back to the business requirements. This paper presents a holistic end-to-end view of the requirements, medium to high severity risks and proposes a generic security architectural pattern to address them. The architectural pattern is developed based on the Sherwood Applied Business Security Architecture (SABSA) top two layers, contextual and conceptual, which are responsible for understanding the business requirements and development of a concept architecture and strategy. Moreover, this research is motivated by industrial practices and has reflected the recent changes of GCHQ’s mission. This research also contributes to the SCADA/ICS risk assessment by deriving holistic sets of risk management and architectural design requirements for SCADA/ICS.
The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.
Citation : Wood, A., He, Y.,Maglaras, L. and Janicke, H. (2017) A Security Architectural Pattern for Risk Management of Industry Control Systems within Critical National Infrastructure. International Journal of Critical Infrastructures, 13 (2-3), pp. 113-132
Research Institute : Cyber Technology Institute (CTI)
Peer Reviewed : Yes