Understanding Security Requirements for Industrial Control System Supply Chains

Ye Hou; Jose Such; Awais Rashid

doi:10.1109/SEsCPS.2019.00016

Understanding Security Requirements for Industrial Control System Supply Chains

Ye Hou, Jose Such, Awais Rashid

Department of Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference Contribution (Conference Proceeding)

19 Citations (Scopus)

382 Downloads (Pure)

Abstract

We address the need for security requirements to take into account risks arising from complex supply chains underpinning cyber-physical infrastructures such as industrial control systems (ICS). We present SEISMiC (SEcurity Industrial control SysteM supply Chains), a framework that takes into account the whole spectrum of security risks – from technical aspects through to human and organizational issues – across an ICS supply chain. We demonstrate the effectiveness of SEISMiC through a supply chain risk assessment of Natanz, Iran’s nuclear facility that was the subject of the Stuxnet attack.

Original language	English
Title of host publication	Proceedings of 5th International Workshop on Software Engineering for Smart Cyber-Physical Systems (SEsCPS'19)
Publisher	Institute of Electrical and Electronics Engineers (IEEE)
Pages	50-53
Number of pages	4
ISBN (Electronic)	9781728122823
ISBN (Print)	9781728134383
DOIs	https://doi.org/10.1109/SEsCPS.2019.00016
Publication status	Published - 5 Sept 2019

Research Groups and Themes

Cyber Security

Access to Document

10.1109/SEsCPS.2019.00016

Full-text PDF (accepted author manuscript)
This is the accepted author manuscript (AAM). The final published version (version of record) is available online via IEEE at https://doi.org/10.1109/SEsCPS.2019.00016 . Please refer to any applicable terms of use of the publisher.
Accepted author manuscript, 1.19 MBLicence: Other

Handle.net

Persistent link

Cite this

@inproceedings{96983e36ec2b4b31b146b1983fdc32b7,

title = "Understanding Security Requirements for Industrial Control System Supply Chains",

abstract = "We address the need for security requirements to take into account risks arising from complex supply chains underpinning cyber-physical infrastructures such as industrial control systems (ICS). We present SEISMiC (SEcurity Industrial control SysteM supply Chains), a framework that takes into account the whole spectrum of security risks – from technical aspects through to human and organizational issues – across an ICS supply chain. We demonstrate the effectiveness of SEISMiC through a supply chain risk assessment of Natanz, Iran{\textquoteright}s nuclear facility that was the subject of the Stuxnet attack.",

author = "Ye Hou and Jose Such and Awais Rashid",

year = "2019",

month = sep,

day = "5",

doi = "10.1109/SEsCPS.2019.00016",

language = "English",

isbn = "9781728134383",

pages = "50--53",

booktitle = "Proceedings of 5th International Workshop on Software Engineering for Smart Cyber-Physical Systems (SEsCPS'19)",

publisher = "Institute of Electrical and Electronics Engineers (IEEE)",

address = "United States",

}

Understanding Security Requirements for Industrial Control System Supply Chains. / Hou, Ye; Such, Jose; Rashid, Awais.
Proceedings of 5th International Workshop on Software Engineering for Smart Cyber-Physical Systems (SEsCPS'19). Institute of Electrical and Electronics Engineers (IEEE), 2019. p. 50-53.

Research output: Chapter in Book/Report/Conference proceeding › Conference Contribution (Conference Proceeding)

TY - GEN

T1 - Understanding Security Requirements for Industrial Control System Supply Chains

AU - Hou, Ye

AU - Such, Jose

AU - Rashid, Awais

PY - 2019/9/5

Y1 - 2019/9/5

N2 - We address the need for security requirements to take into account risks arising from complex supply chains underpinning cyber-physical infrastructures such as industrial control systems (ICS). We present SEISMiC (SEcurity Industrial control SysteM supply Chains), a framework that takes into account the whole spectrum of security risks – from technical aspects through to human and organizational issues – across an ICS supply chain. We demonstrate the effectiveness of SEISMiC through a supply chain risk assessment of Natanz, Iran’s nuclear facility that was the subject of the Stuxnet attack.

AB - We address the need for security requirements to take into account risks arising from complex supply chains underpinning cyber-physical infrastructures such as industrial control systems (ICS). We present SEISMiC (SEcurity Industrial control SysteM supply Chains), a framework that takes into account the whole spectrum of security risks – from technical aspects through to human and organizational issues – across an ICS supply chain. We demonstrate the effectiveness of SEISMiC through a supply chain risk assessment of Natanz, Iran’s nuclear facility that was the subject of the Stuxnet attack.

U2 - 10.1109/SEsCPS.2019.00016

DO - 10.1109/SEsCPS.2019.00016

M3 - Conference Contribution (Conference Proceeding)

SN - 9781728134383

SP - 50

EP - 53

BT - Proceedings of 5th International Workshop on Software Engineering for Smart Cyber-Physical Systems (SEsCPS'19)

PB - Institute of Electrical and Electronics Engineers (IEEE)

ER -

Understanding Security Requirements for Industrial Control System Supply Chains

Abstract

Research Groups and Themes

Access to Document

Handle.net

Fingerprint

Cite this