Reading list1

So far, we focused on the first strategy for defending cyber attack on the SCADA/ICS systems, which is the physical/logical network separation. There are many literatures related to this topic. In order not to be overwhelmed by an excess of documents, I selected a few of them by which I hope you can get some help and directions to grasp the part and parcel of the issues we discussed in the class

1. Concept and model

Among many documents, I recommend this one as a launchpad, since it explains the general ideas underlining the ICS system security, especially touching the subject of the network separation approach.

  1. ISA-62443-1-1 Security for Industrial automation and control systems: Models and concepts, Draft 6, Edit 4, March 2017

This ISA report deals with security technologies, so you can have an overview of various technologies involving the ICS security.

2. Firewall and Intrusion Detection System(IDS)

Firewall and Intrusion Detection System(IDS) are two widely used security tools for network separation:.

This technical report is easy to understand how a firewall works and what peculiar features should be considered in the context of the SCADA/ICS system.

  1. Firewall Deployment for SCADA and process Control Networks, Good Practice Guide, CPNI, 2005

Here are the academic papers if you are interested.

For IDS, this is a good survey about the IDS/IPS.

And more about the SCADA-specific IDS.

 

3. Case studies

I listed 3 case studies for cyber attack incidents.

  1. W32 stuxnet dossier (SIMENTEC)
  2. To kill a centrifuge (STUXNET)
  3. Analysis of the cyber attack on the Ukrainian power grid: Defense use case, 2016
  4. Saudi Aramco.

4. Cyber kill chain

And I also include some references related to the cyber kill chain which I explained as an attack model in the class. Not much special in these documents, but who knows if you are interested.