Vulnerability modelling for hybrid industrial control system networks

- Ur-Rehman, Attiq, Gondal, Iqbal, Kamruzzaman, Joarder, Jolfaei, Alireza

Title
Vulnerability modelling for hybrid industrial control system networks
Creator
Ur-Rehman, Attiq; Gondal, Iqbal; Kamruzzaman, Joarder; Jolfaei, Alireza
Date
2020
Type
Text; Journal article
Identifier
http://researchonline.federation.edu.au/vital/access/HandleResolver/1959.17/184382
Identifier
vital:16485
Identifier
https://doi.org/10.1007/s10723-020-09528-w
Identifier
ISBN:1570-7873 (ISSN)
Abstract
With the emergence of internet-based devices, the traditional industrial control system (ICS) networks have evolved to co-exist with the conventional IT and internet enabled IoT networks, hence facing various security challenges. The IT industry around the world has widely adopted the common vulnerability scoring system (CVSS) as an industry standard to numerically evaluate the vulnerabilities in software systems. This mathematical score of vulnerabilities is combined with environmental knowledge to determine the vulnerable nodes and attack paths. IoT and ICS systems have unique dynamics and specific functionality as compared to traditional computer networks, and therefore, the legacy cyber security models would not fit these advanced networks. In this paper, we studied the CVSS v3.1 framework’s application to ICS embedded networks and an improved vulnerability framework, named CVSSIoT-ICS, is proposed. CVSSIoT-ICS and CVSS v3.1 are applied to a realistic supply chain hybrid network which consists of IT, IoT, and ICS nodes. This hybrid network is assigned with actual vulnerabilities listed in the national vulnerability database (NVD). The comparison results confirm the effectiveness of CVSSIoT-ICS framework as it is equally applicable to all nodes of a hybrid network and evaluates the vulnerabilities based on the distinct features of each node type. © 2020, Springer Nature B.V.
Publisher
Springer Science and Business Media B.V.
Relation
Journal of Grid Computing Vol. 18, no. 4 (2020), p. 863-878
Rights
All metadata describing materials held in, or linked to, the repository is freely available under a CC0 licence
Rights
Copyright © 2020, Springer Nature B.V.
Subject
4606 Distributed Computing and Systems Software; Industrial control system; Internet of things (IoT); Security; Supply chain; Vulnerability modelling
Reviewed
  • Hits: 861
  • Visitors: 326
  • Downloads: 0
Thumbnail File Description Size Format