Identification of safety elements based on the C2M2 model for the textile industry
Keywords:
C2M2, Cibersecurity, SCADA, Security elements, Textile industry
Abstract
This paper presents a study based on the identification of the security elements that affect the textile industry where SCADA systems are used, and that may cause risks of leakage, unavailability or unauthorized alteration of information, in common environments in which information technologies (IT) and operating technologies (OT) operate. For this, the elements identified in the safety guide for industrial control systems NIST 800-82 and the cybersecurity maturity model C2M2 were used. As a result, the security elements that are involved in the different processes, technological trends of the analyzed industry were obtained and a comparison of the C2M2 and NIST 800-82 models is made.
References
Ani, U. P. D., He, H. (Mary), & Tiwari, A. (2017). Review of cybersecurity issues in industrial critical infrastructure: manufacturing in perspective. Journal of Cyber Security Technology, 1(1), 32–74. https://doi.org/10.1080/23742917.2016.1252211
Assante, D., Romano, E., Flamini, M., Castro, M., Martin, S., Lavirotte, S., & Spatafora, M. (2018). Internet of Things education: Labor market training needs and national policies. In 2018 IEEE Global Engineering Education Conference (EDUCON) (pp. 1846–1853). IEEE. https://doi.org/10.1109/EDUCON.2018.8363459
Bernieri, G., Etchevés Miciolino, E., Pascucci, F., & Setola, R. (2017). Monitoring system reaction in cyber-physical testbed under cyber-attacks. Computers & Electrical Engineering, 59, 86–98. https://doi.org/10.1016/j.compeleceng.2017.02.010
Candell, R., Anand, D., & Stouffer, K. (2014). A cybersecurity testbed for industrial control systems. In Proceedings of the 2014 Process Control and Safety Symposium (pp. 1–16). Retrieved from https://ws680.nist.gov/publication/get_pdf.cfm?pub_id=915876
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K. (2016). A review of cyber security risk assessment methods for SCADA systems. Computers & Security, 56, 1–27. https://doi.org/10.1016/j.cose.2015.09.009
CIDETEXCO. (2011). Tendencias tecnológicas ciclo de vida de producto. industria fibra textil confección R2-2011-CIDETEXCO.
Curtis, P. D., & Mehravari, N. (2015). Evaluating and improving cybersecurity capabilities of the energy critical infrastructure. In 2015 IEEE International Symposium on Technologies for Homeland Security (HST) (pp. 1–6). IEEE. https://doi.org/10.1109/THS.2015.7225323.
Cybersecurity and Infrastructure Security Agency. (2018). ICS Alert (ICS-ALERT-12-195-01). Retrieved May 30, 2019, from https://www.us-cert.gov/ics/alerts/ICS-ALERT-12-195-01.
Hernández Cevallos, M. I., & Ledesma Marcalla, D. A. (2010). Desarrollo de un sistema SCADA para la medición de voltajes con sistemas embebidos para el laboratorio de mecatrónica de la facultad de mecánica. Retrieved from http://dspace.espoch.edu.ec/bitstream/123456789/1137/1/25T00140.pdf.
Johnson, C. (2012). CyberSafety: CyberSecurity and Safety-Critical Software Engineering. In Achieving Systems Safety (pp. 85–95). London: Springer London. https://doi.org/10.1007/978-1-4471-2494-8_8.
Knapp, E. D., & Langill, J. T. (2015). Industrial Network Security (Second). Elsevier. https://doi.org/10.1016/C2013-0-06836-3.
Kornecki, A. J., & Zalewski, J. (2010). Safety and security in industrial control. In Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research - CSIIRW ’10 (p. 1). New York, New York, USA: ACM Press. https://doi.org/10.1145/1852666.1852754.
Kriz, D. (2011). Cybersecurity principles for industry and government: A useful framework for efforts globally to improve cybersecurity. In 2011 Second Worldwide Cybersecurity Summit (WCS). London, UK: IEEE. Retrieved from https://ieeexplore.ieee.org/abstract/document/5978798.
McGurk, S. P. (2008). Industrial Control Systems Security. Retrieved from https://csrc.nist.gov/csrc/media/events/ispab-december-2008-meeting/documents/icssecurity_ispab-dec2008_spmcgurk.pdf.
Proença, D., & Borbinha, J. (2016). Maturity Models for Information Systems - A State of the Art. Procedia Computer Science, 100, 1042–1049. https://doi.org/10.1016/j.procs.2016.09.279.
Schrecker, S. (2015). Industrial automation systems cybersecurity. Embedding end-to-end trust and security. Retrieved May 30, 2019, from https://www.isa.org/intech/20150401/.
U.S. Department of Energy. (2014). Cybersecurity Capability Maturity Model (C2M2). Retrieved May 30, 2019, from https://www.energy.gov/ceser/activities/cybersecurity-critical-energy-infrastructure/energy-sector-cybersecurity-0-0.
Assante, D., Romano, E., Flamini, M., Castro, M., Martin, S., Lavirotte, S., & Spatafora, M. (2018). Internet of Things education: Labor market training needs and national policies. In 2018 IEEE Global Engineering Education Conference (EDUCON) (pp. 1846–1853). IEEE. https://doi.org/10.1109/EDUCON.2018.8363459
Bernieri, G., Etchevés Miciolino, E., Pascucci, F., & Setola, R. (2017). Monitoring system reaction in cyber-physical testbed under cyber-attacks. Computers & Electrical Engineering, 59, 86–98. https://doi.org/10.1016/j.compeleceng.2017.02.010
Candell, R., Anand, D., & Stouffer, K. (2014). A cybersecurity testbed for industrial control systems. In Proceedings of the 2014 Process Control and Safety Symposium (pp. 1–16). Retrieved from https://ws680.nist.gov/publication/get_pdf.cfm?pub_id=915876
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K. (2016). A review of cyber security risk assessment methods for SCADA systems. Computers & Security, 56, 1–27. https://doi.org/10.1016/j.cose.2015.09.009
CIDETEXCO. (2011). Tendencias tecnológicas ciclo de vida de producto. industria fibra textil confección R2-2011-CIDETEXCO.
Curtis, P. D., & Mehravari, N. (2015). Evaluating and improving cybersecurity capabilities of the energy critical infrastructure. In 2015 IEEE International Symposium on Technologies for Homeland Security (HST) (pp. 1–6). IEEE. https://doi.org/10.1109/THS.2015.7225323.
Cybersecurity and Infrastructure Security Agency. (2018). ICS Alert (ICS-ALERT-12-195-01). Retrieved May 30, 2019, from https://www.us-cert.gov/ics/alerts/ICS-ALERT-12-195-01.
Hernández Cevallos, M. I., & Ledesma Marcalla, D. A. (2010). Desarrollo de un sistema SCADA para la medición de voltajes con sistemas embebidos para el laboratorio de mecatrónica de la facultad de mecánica. Retrieved from http://dspace.espoch.edu.ec/bitstream/123456789/1137/1/25T00140.pdf.
Johnson, C. (2012). CyberSafety: CyberSecurity and Safety-Critical Software Engineering. In Achieving Systems Safety (pp. 85–95). London: Springer London. https://doi.org/10.1007/978-1-4471-2494-8_8.
Knapp, E. D., & Langill, J. T. (2015). Industrial Network Security (Second). Elsevier. https://doi.org/10.1016/C2013-0-06836-3.
Kornecki, A. J., & Zalewski, J. (2010). Safety and security in industrial control. In Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research - CSIIRW ’10 (p. 1). New York, New York, USA: ACM Press. https://doi.org/10.1145/1852666.1852754.
Kriz, D. (2011). Cybersecurity principles for industry and government: A useful framework for efforts globally to improve cybersecurity. In 2011 Second Worldwide Cybersecurity Summit (WCS). London, UK: IEEE. Retrieved from https://ieeexplore.ieee.org/abstract/document/5978798.
McGurk, S. P. (2008). Industrial Control Systems Security. Retrieved from https://csrc.nist.gov/csrc/media/events/ispab-december-2008-meeting/documents/icssecurity_ispab-dec2008_spmcgurk.pdf.
Proença, D., & Borbinha, J. (2016). Maturity Models for Information Systems - A State of the Art. Procedia Computer Science, 100, 1042–1049. https://doi.org/10.1016/j.procs.2016.09.279.
Schrecker, S. (2015). Industrial automation systems cybersecurity. Embedding end-to-end trust and security. Retrieved May 30, 2019, from https://www.isa.org/intech/20150401/.
U.S. Department of Energy. (2014). Cybersecurity Capability Maturity Model (C2M2). Retrieved May 30, 2019, from https://www.energy.gov/ceser/activities/cybersecurity-critical-energy-infrastructure/energy-sector-cybersecurity-0-0.
How to Cite
Aristizábal Correa, J. M., Marín Ramírez, L., & Álvarez Salazar, J. (2019). Identification of safety elements based on the C2M2 model for the textile industry. Revista Colombiana De Computación, 20(2), 56–67. https://doi.org/10.29375/25392115.3722
Downloads
Download data is not yet available.
Published
2019-12-01
Section
Article of scientific and technological research
Escanea para compartir
