System-specific risk rating of software vulnerabilities in industrial automation & control systems

被引：0

作者：

Maidl, Monika ^{[1
]}

Kroeselberg, Dirk ^{[1
]}

Zhao, Tiange ^{[1
]}

Limmer, Tobias ^{[1
]}

机构：

[1] SIEMENS AG, Otto Hahn Ring 6, D-81739 Munich, Germany

来源：

2021 IEEE INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING WORKSHOPS (ISSREW 2021) | 2021年

关键词：

Industrial automation & control; security vulnerability; security risk rating; patch management;

D O I：

10.1109/ISSREW53611.2021.00097

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

Security vulnerabilities are constantly detected in software, and with CVE a world wide infrastructure exists to inform about such vulnerabilities. Typically, the software vendor issues a patch for the vulnerability. The system owners have to install patches timely in order protect against attacks that exploit vulnerabilities. In industrial automation & control systems, there is often a lot of overhead for installing patches, as availability must be ensured. Hence it makes sense to patch immediately only if the vulnerability poses a high risk to the operation of the plant. We propose an algorithm for calculating the system-specific risk of a vulnerability, based on a system model and a system risk image for system-specific exposure and impact. The system-specific exposure depends on the deployment, while the level of impact depends on the purpose of the system, e.g. in critical infrastructure.

引用

页码：327 / 332

页数：6

共 50 条

[1] Cybersecurity Threats, Vulnerabilities, Mitigation Measures in Industrial Control and Automation Systems: A Technical Review
Ocaka, Alfred
Briain, Diarmuid O.
Davy, Steven
Barrett, Keara
[J]. 2022 CYBER RESEARCH CONFERENCE - IRELAND (CYBER-RCI), 2022, : 20 - 27
[2] Key Vulnerabilities of Industrial Automation and Control Systems and Recommendations to Prevent Cyber-Attacks
Calvo, I.
Etxeberria-Agiriano, I.
Inigo, M. A.
Gonzalez-Nalda, P.
[J]. INTERNATIONAL JOURNAL OF ONLINE ENGINEERING, 2016, 12 (01) : 9 - 16
[3] Visualization of Variability Analysis of Control Software from Industrial Automation Systems
Bougouffa, Safa
Vogel-Heuser, Birgit
Fischer, Juliane
Schaefer, Ina
Li, Huaxia
[J]. 2019 IEEE INTERNATIONAL CONFERENCE ON SYSTEMS, MAN AND CYBERNETICS (SMC), 2019, : 3357 - 3364
[4] Secure Design of Engineering Software Tools in Industrial Automation and Control Systems
Hristova, Ana
Obermeier, Sebastian
Schlegel, Roman
[J]. 2013 11TH IEEE INTERNATIONAL CONFERENCE ON INDUSTRIAL INFORMATICS (INDIN), 2013, : 695 - 700
[5] A Qualitative Study of Variability Management of Control Software for Industrial Automation Systems
Fischer, Juliane
Bougouffa, Safa
Schlie, Alexander
Schaefer, Ina
Vogel-Heuser, Birgit
[J]. PROCEEDINGS 2018 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE MAINTENANCE AND EVOLUTION (ICSME), 2018, : 615 - 624
[6] SOFTWARE TECHNOLOGY Software Agents in Industrial Automation Systems
Pech, Stephan
[J]. IEEE SOFTWARE, 2013, 30 (03) : 20 - 24
[7] Vulnerabilities of Industrial Control Systems Outside
Sergey, Mezin, V
Alexander, Mayantsev, V
Anatoly, Kosoy A.
[J]. 2018 RENEWABLE ENERGIES, POWER SYSTEMS & GREEN INCLUSIVE ECONOMY (REPS-GIE), 2018,
[8] SOFTWARE STANDARDIZATION INTEGRATING INDUSTRIAL AUTOMATION SYSTEMS
MESSINA, G
TRICOMI, G
[J]. COMPUTERS IN INDUSTRY, 1994, 25 (02) : 113 - 124
[9] On design automation of automatic control system for industrial power systems
Turkin, M.S.
[J]. Promyshlennaya Energetika, 2001, (04): : 29 - 31
[10] Cybersecurity for industrial automation and control systems
Haas, Christian
Bretthauer, Georg
Beyerer, Jurgen
[J]. AT-AUTOMATISIERUNGSTECHNIK, 2023, 71 (09) : 723 - 725

← 1 2 3 4 5 →