SCIENTIFIC AND PRACTICAL ANALYSIS OF RECOMMENDATIONS ON CYBERSECURITY OF AUTOMATED PROCESS CONTROL SYSTEMS

V.Yu. Zubok, S.F. Honchar, M.Yu. Komarov, A.V. Oniskova, A.V. Davydiuk

Èlektron. model. 2022, 44(2):68-81

https://doi.org/10.15407/emodel.44.02.068

ABSTRACT

Modern ICS directly manage complex and critical technological processes. Accidents caused by vulnerabilities in the energy, chemical, transport and other industries can lead to huge losses not only in business, but also to severe environmental consequences, including adversely affecting human health and life. After the end of the active phase of hostilities against the Russian invaders, restoring critical infrastructure and industrial production in Ukraine will become even more actual. The issue of improving their security, including cyber security, will be urgent. This paper presents an overview and analysis of the provisions of the second (current) edition of the Industrial Control Systems Security Guide (NIST SP 800-82 rev.2) issued by the US National Institute of Standards and Technology. The structure of the guide, its connections with other documents, strengths and weaknesses are considered, along with conclusions about the expediency of adaptation in Ukraine.

KEYWORDS

industrial cybersecurity, critical infrastructure, cybersecurity of automated control systems, security of computer networks, information security, information security management.

REFERENCES

  1. Law of Ukraine (2017), “On Basic Principles of Cyber Security of Ukraine”, available at: https://zakon.rada.gov.ua/laws/show/2163-19#Text.
  2. Order of the Administration of the State Service for Special Communications and Information Protection of Ukraine № 601 (2021), available at: https://cip.gov.ua/ua/docs/nakaz-administraciyi-derzhspeczv-yazku-vid-06-zhovtnya-2021-roku-601-pro-zatverdzhennya- metodichnikh-rekomendacii-shodo-pidvishennya-rivnya-kiberzakhistu-kritichnoyi-infor­maciinoyi-infrastrukturi.
  3. Framework for Improving Critical Infrastructure Cybersecurity, NIST (2018), available at: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf.
  4. Stouffer, K., Pillitteri, V., Abrams, M. and Hahn, A. (2015), “Special Publication 800-82 Guide to Industrial Control Systems (ICS) Security”, NIST, Vol. 2, pp. 1-247.
    https://doi.org/10.6028/NIST.SP.800-82r2
  5. Williamson, G. (2015), “OT, ICS, SCADA — What’s the difference?”, Kuppingercole Analysts, available at: https://www.kuppingercole.com/blog/williamson/ot-ics-scada- whats-the-difference.
  6. Collins, D. (2021), “What is Single Pair Ethernet (SPE) and how is it used in industrial applications?”, Motion Control Tips, available at: https://www.motioncontroltips.com/ what-is-single-pair-ethernet-how-is-it-used-in-industrial-applications/.
  7. Recommended Practice: Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies (2009), U.S. Department of Homeland Security, available at:https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/Defense_in_Depth_ Oct09.pdf
  8. Security and Privacy Controls for Information Systems and Organizations (2020), NIST Special Publication 800-53 Revision 5, NIST.

Full text: PDF