Please enable JavaScript.
Coggle requires JavaScript to display documents.
SCADA = a type of CPS (SCADA étaient idolés et basés sur des composants…
SCADA = a type of CPS
SCADA étaient idolés et basés sur des composants standards et propriétaires. Afin de faciliter la supervision du processus industriel et réduire les coûts, ils intègrent de plus en plus des TIC
Ceci les rends plus complexes et les expose à des cyber-attaques qui exploitent les vulnéarbilités existantes des TIC. Ces attaques peuvent modifier le fonctionnement du système et nuire à sa sûreté
-
Traditional ICS were based solely on mechanical and electrotechnical devices and proprietary standards which were well mastered. These systems however have become expensive to deploy, maintain and operate, and it is becoming difficult to follow the innovation trend in the industrial context. To address these challenges, new ICT are being increasingly integrated into modern control systems
The overall infrastructures have become vulnerable to external malevolence. Indeed, with their increasing complexity and interconnection, modern ICS are exposed to new security rellated threats like cyber-attacks
Today, in this context characterized by the migration of industrial infrastructures towards digital control systems, system safety can also be compromised by security breaches and electronic attacks. It is consequently no longer sufficient to address accidental threats of such systems, threats of intentional origin need to be covered as well.
Indeed, security related requirements and risks can influence the system safety and inversely safety related requirements and risks can influence the system security
This first chapter addresses first the new security risks related to modern Control Systems in different industries and the safety challenges they result into. It also clarifies the definitions of safety and security, their similarities and differences and their possible interdependencies. Secondly, the Industrial Control Systems specificities and requirements are outlined. Thirdly, we present some emergent standardization initiatives that consider safety and security coordination for ICS.
Numerous industrials have been affected by the modernization and digitalization of their control
systems.
Moreover, the deployment of Ethernet-based networks and COTS into aerospace systems has increased risks of intentional misuse of aircraft information systems and made them targets of security breaches that could have an impact on aircraft safety and lead to human losses.
especially the migration to remotely controlled trains and the trend towards radio transmissions, or communications based train control (CBTC), which have created new safety and security challenges
Likewise, Johnsen [13] highlighted the need to improve safety and security in distributed process control systems used in the oil and gas industry. This need emerges from the increasing connection of SCADA systems to networks and their migration towards standardized information and communication technologies which increases their exposure to security threats
New situations in which cyber security requirements and safety issues would affect the same systems must be considered when deploying these systems.
Considering in addition security into dependability analyses, data alteration or absence is associated to “unauthorized” actions related to malevolence.
both safety and security deal with risks, result in constraints, involve protective measures, and create requirements
Conditional dependency: This interaction is present
in the context of many, if not all digital systems that control and monitor safety-critical industrial
processes. For example, Smith et al.
[10] emphasized the security requirements of railway signaling to guarantee train safety. In this
context, malicious changes to sensor data or automated device settings may prevent safety
systems from protecting an industrial facility in case of an accident. One example of safety
conditioning security would be a crisis situation following an accident in which safety functions
would prevent efficient intrusion detection because of preemption and priorities on humanmachine
interfaces and security-related alarms.
We provide in this section an overview on Industrial Control Systems and their safety and security requirements.
We give in the following sections an overview on ICS specificities and underline the differences
between securing traditional IT systems and securing ICS.
As Industrial Control Systems integrate new information and Communication Technologies (ICT) traditionally used in Management Information Systems, they consequently inherit of their vulnerabilities. However ICS have their own characteristics that render their security different from securing traditional IT systems.
-
Security properties and requirements applied for IT systems are consequently not completely adapted to control systems and need to be adjusted taking into consideration ICS specificities