Understanding Security Requirements for Industrial Control System Supply Chains

We address the need for security requirements to take into account risks arising from complex supply chains underpinning cyber-physical infrastructures such as industrial control systems (ICS). We present SEISMiC (SEcurity Industrial control SysteM supply Chains), a framework that takes into account...

Full description

Saved in:
Bibliographic Details
Published in2019 IEEE/ACM 5th International Workshop on Software Engineering for Smart Cyber-Physical Systems (SEsCPS) pp. 50 - 53
Main Authors Hou, Ye, Such, Jose, Rashid, Awais
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.05.2019
Subjects
cyber-physical systems
risk decision-making
security requirements
supply chains
Online AccessGet full text
DOI10.1109/SEsCPS.2019.00016

Cover

More Information
Summary:We address the need for security requirements to take into account risks arising from complex supply chains underpinning cyber-physical infrastructures such as industrial control systems (ICS). We present SEISMiC (SEcurity Industrial control SysteM supply Chains), a framework that takes into account the whole spectrum of security risks - from technical aspects through to human and organizational issues - across an ICS supply chain. We demonstrate the effectiveness of SEISMiC through a supply chain risk assessment of Natanz, Iran's nuclear facility that was the subject of the Stuxnet attack.
DOI:10.1109/SEsCPS.2019.00016