Analysis of the probability implementation of threats protection of information in industrial control systems

Authors

  • Сергій Феодосійович Гончар Державний науково-дослідний інститут спеціального зв’язку та захисту інформації.

DOI:

https://doi.org/10.18372/2410-7840.16.6284

Keywords:

threat, information protection, industrial control systems, vulnerability, risk, lifecycle

Abstract

For the purpose of the decision of the tasks connected to support of information security of industrial control sys­tems the analysis of threats of information security and the detailed description of sources of deliberate threats is car­ried out. The analysis of vulnerabilities information security of the industrial control systems, classification and the reasons of their origin is made. Recommendations about elimination or leveling of these vulnerabilities are made. Expression for determination of probability of implemen­tation of threats of the information is resulted. Correlations between threats, vulnerabilities and risk for the industrial control systems are researched. Lifecycle of probability of implementation of threats of information security of the industrial control systems is resulted and the initial data necessary for the given analysis is formulated.

Author Biography

Сергій Феодосійович Гончар, Державний науково-дослідний інститут спеціального зв’язку та захисту інформації.

PhD in Eng., Deputy Chief of State Research Institute for Special Telecommunication and Information Protection (Kyiv, Ukraine)

References

Гончар С.Ф. Особенности обеспечения кибербезопасности индустриальных систем управления: тези доповідей міжнародної науково-практичної конференції «Проблеми та перспективи розвитку енергетики, електротехнологій та автоматики в АПК», Київ, - 2013. - С. 36-37.

Мохор В.В. Наставления по кибербезопасности (ISO/IEC 27032:2012) / В.В.Мохор, А.М. Богданов, А.С. Килевой — К.: ООО «ТриК», 2013. — 129 с.

Power systems management and associated information exchange — Data and communications securi-ty: IEC 62351-1. — Part 1: Communication network and system security — Introduction to security issues.

Guide to Industrial Control Systems (ICS) Security: NIST Special Publication 800-82. — Recommendations of the National Institute of Standards and Technology.

Information technology — Security techniques — Information security risk management: BS ISO/IEC 27005:2008.

Industrial communication networks — Network and system security: IEC 62443, Part 3.

Gonchar S.F. Features of cybersecurity industrial control systems : Materials of International Scientific Conference "Problems and prospects of power en-gineering, electrotechnology and automation in agri-culture", 2013, pp. 36-37.

Mokhor V.V. Guidelines for cybersecurity (ISO/IEC 27032:2012), 2013, 129 p.

Power systems management and associated infor-mation exchange — Data and communications securi-ty: IEC 62351-1. — Part 1: Communication network and system security — Introduction to security issues.

Guide to Industrial Control Systems (ICS) Security: NIST Special Publication 800-82. — Recommendations of the National Institute of Standards and Technology.

Information technology — Security techniques — Information security risk management: BS ISO/IEC 27005:2008.

Industrial communication networks — Network and system security: IEC 62443, Part 3.

Issue

Section

Articles