Industrial Control System Cyber Security Frameworks: Assessment using Defense-in-Depth Criteria
摘要
In the last years, the cyber attackers have targeted the Industrial Control Systems (ICSs) that administrate the countries’ critical infrastructure as energy, water, oil and gas, chemicals, manufacturing etc. As most of these attacks are not reported to the public, the incident response and recovery processes are delayed by the lack of lessons learned from previous cases. A holistic countermeasure approach would support the protection against cyber security vulnerabilities and threats that could disturb these systems. The purpose of this paper is to frame high level solutions to concerns and challenges in cyber security for ICS. The article also highlights the main ICS cyber security frameworks reviewing the controls and comparing them under Defense-in-Depth criteria. This grouping occurs into seven categories according to the number of keywords or phrases that appear in each standard. The results of the comparison analysis led to identification and recommendation of cyber security countermeasure standardization in any size companies and the publication of best practices for cyber threats to critical infrastructures.