A Security Assessment Methodology for Critical Infrastructures

M. Caselli, Frank Kargl

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    2 Citations (Scopus)

    Abstract

    Interest in security assessment and penetration testing techniques has steadily increased. Likewise, security of industrial control systems (ICS) has become more and more important. Very few methodologies directly target ICS and none of them generalizes the concept of "critical infrastructures pentesting". Existing methodologies and tools cannot be applied directly to critical infrastructures (CIs) due to safety and availability requirements. Moreover, there is no clear understanding on the specific output that CI operators need from such an assessment. We propose a new methodology tailored to support security testing in ICS/CI environments. By analyzing security assessments and penetration testing methodologies proposed for other domains and interviewing stakeholders to identify existing best practices adopted in industry, deriving related issues and collecting proposals for possible solutions we propose a new security assessment and penetration testing methodology for critical infrastructure.
    Original languageUndefined
    Title of host publicationCritical Information Infrastructures Security: Ninth International Conference, CRITIS 2014
    EditorsBernhard M. Hämmerli, Javier Lopez
    Place of PublicationLondon
    PublisherSpringer
    Pages332-343
    Number of pages12
    ISBN (Print)978-3-319-31663-5
    DOIs
    Publication statusPublished - 2014
    Event9th International Conference on Critical Information Infrastructures Security, CRITIS 2014 - University of Cyprus, Limassol, Cyprus
    Duration: 13 Oct 201415 Oct 2014
    Conference number: 9

    Publication series

    NameCritical Information Infrastructures Security
    PublisherSpringer Verlag
    Volume8985

    Workshop

    Workshop9th International Conference on Critical Information Infrastructures Security, CRITIS 2014
    Abbreviated titleCRITIS
    CountryCyprus
    CityLimassol
    Period13/10/1415/10/14

    Keywords

    • SCS-Cybersecurity
    • EC Grant Agreement nr.: FP7-SEC-285477-CRISALIS
    • METIS-309904
    • IR-94342
    • EWI-25749

    Cite this