A Security Assessment Methodology for Critical Infrastructures

M. Caselli; Frank Kargl

doi:10.1007/978-3-319-31664-2_34

A Security Assessment Methodology for Critical Infrastructures

M. Caselli, Frank Kargl

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

7 Citations (Scopus)

38 Downloads (Pure)

Abstract

Interest in security assessment and penetration testing techniques has steadily increased. Likewise, security of industrial control systems (ICS) has become more and more important. Very few methodologies directly target ICS and none of them generalizes the concept of "critical infrastructures pentesting". Existing methodologies and tools cannot be applied directly to critical infrastructures (CIs) due to safety and availability requirements. Moreover, there is no clear understanding on the specific output that CI operators need from such an assessment. We propose a new methodology tailored to support security testing in ICS/CI environments. By analyzing security assessments and penetration testing methodologies proposed for other domains and interviewing stakeholders to identify existing best practices adopted in industry, deriving related issues and collecting proposals for possible solutions we propose a new security assessment and penetration testing methodology for critical infrastructure.

Original language	Undefined
Title of host publication	Critical Information Infrastructures Security: Ninth International Conference, CRITIS 2014
Editors	Bernhard M. Hämmerli, Javier Lopez
Place of Publication	London
Publisher	Springer
Pages	332-343
Number of pages	12
ISBN (Print)	978-3-319-31663-5
DOIs	https://doi.org/10.1007/978-3-319-31664-2_34
Publication status	Published - 2014
Event	9th International Conference on Critical Information Infrastructures Security, CRITIS 2014 - University of Cyprus, Limassol, Cyprus Duration: 13 Oct 2014 → 15 Oct 2014 Conference number: 9

Publication series

Name	Critical Information Infrastructures Security
Publisher	Springer Verlag
Volume	8985

Workshop

Workshop	9th International Conference on Critical Information Infrastructures Security, CRITIS 2014
Abbreviated title	CRITIS
Country/Territory	Cyprus
City	Limassol
Period	13/10/14 → 15/10/14

Keywords

SCS-Cybersecurity
EC Grant Agreement nr.: FP7-SEC-285477-CRISALIS
METIS-309904
IR-94342
EWI-25749

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1007/978-3-319-31664-2_34

Cite this

@inproceedings{d88d58ec13b3485393acd0fd51a21ec3,

title = "A Security Assessment Methodology for Critical Infrastructures",

abstract = "Interest in security assessment and penetration testing techniques has steadily increased. Likewise, security of industrial control systems (ICS) has become more and more important. Very few methodologies directly target ICS and none of them generalizes the concept of {"}critical infrastructures pentesting{"}. Existing methodologies and tools cannot be applied directly to critical infrastructures (CIs) due to safety and availability requirements. Moreover, there is no clear understanding on the specific output that CI operators need from such an assessment. We propose a new methodology tailored to support security testing in ICS/CI environments. By analyzing security assessments and penetration testing methodologies proposed for other domains and interviewing stakeholders to identify existing best practices adopted in industry, deriving related issues and collecting proposals for possible solutions we propose a new security assessment and penetration testing methodology for critical infrastructure.",

keywords = "SCS-Cybersecurity, EC Grant Agreement nr.: FP7-SEC-285477-CRISALIS, METIS-309904, IR-94342, EWI-25749",

author = "M. Caselli and Frank Kargl",

note = "eemcs-eprint-25749 ; 9th International Conference on Critical Information Infrastructures Security, CRITIS 2014 ; Conference date: 13-10-2014 Through 15-10-2014",

year = "2014",

doi = "10.1007/978-3-319-31664-2_34",

language = "Undefined",

isbn = "978-3-319-31663-5",

series = "Critical Information Infrastructures Security",

publisher = "Springer",

pages = "332--343",

editor = "H{\"a}mmerli, {Bernhard M.} and Javier Lopez",

booktitle = "Critical Information Infrastructures Security: Ninth International Conference, CRITIS 2014",

address = "Germany",

}

Caselli, M & Kargl, F 2014, A Security Assessment Methodology for Critical Infrastructures. in BM Hämmerli & J Lopez (eds), Critical Information Infrastructures Security: Ninth International Conference, CRITIS 2014. Critical Information Infrastructures Security, vol. 8985, Springer, London, pp. 332-343, 9th International Conference on Critical Information Infrastructures Security, CRITIS 2014, Limassol, Cyprus, 13/10/14. https://doi.org/10.1007/978-3-319-31664-2_34

A Security Assessment Methodology for Critical Infrastructures. / Caselli, M.; Kargl, Frank.
Critical Information Infrastructures Security: Ninth International Conference, CRITIS 2014. ed. / Bernhard M. Hämmerli; Javier Lopez. London: Springer, 2014. p. 332-343 (Critical Information Infrastructures Security; Vol. 8985).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - A Security Assessment Methodology for Critical Infrastructures

AU - Caselli, M.

AU - Kargl, Frank

N1 - Conference code: 9

PY - 2014

Y1 - 2014

N2 - Interest in security assessment and penetration testing techniques has steadily increased. Likewise, security of industrial control systems (ICS) has become more and more important. Very few methodologies directly target ICS and none of them generalizes the concept of "critical infrastructures pentesting". Existing methodologies and tools cannot be applied directly to critical infrastructures (CIs) due to safety and availability requirements. Moreover, there is no clear understanding on the specific output that CI operators need from such an assessment. We propose a new methodology tailored to support security testing in ICS/CI environments. By analyzing security assessments and penetration testing methodologies proposed for other domains and interviewing stakeholders to identify existing best practices adopted in industry, deriving related issues and collecting proposals for possible solutions we propose a new security assessment and penetration testing methodology for critical infrastructure.

AB - Interest in security assessment and penetration testing techniques has steadily increased. Likewise, security of industrial control systems (ICS) has become more and more important. Very few methodologies directly target ICS and none of them generalizes the concept of "critical infrastructures pentesting". Existing methodologies and tools cannot be applied directly to critical infrastructures (CIs) due to safety and availability requirements. Moreover, there is no clear understanding on the specific output that CI operators need from such an assessment. We propose a new methodology tailored to support security testing in ICS/CI environments. By analyzing security assessments and penetration testing methodologies proposed for other domains and interviewing stakeholders to identify existing best practices adopted in industry, deriving related issues and collecting proposals for possible solutions we propose a new security assessment and penetration testing methodology for critical infrastructure.

KW - SCS-Cybersecurity

KW - EC Grant Agreement nr.: FP7-SEC-285477-CRISALIS

KW - METIS-309904

KW - IR-94342

KW - EWI-25749

U2 - 10.1007/978-3-319-31664-2_34

DO - 10.1007/978-3-319-31664-2_34

M3 - Conference contribution

SN - 978-3-319-31663-5

T3 - Critical Information Infrastructures Security

SP - 332

EP - 343

BT - Critical Information Infrastructures Security: Ninth International Conference, CRITIS 2014

A2 - Hämmerli, Bernhard M.

A2 - Lopez, Javier

PB - Springer

CY - London

T2 - 9th International Conference on Critical Information Infrastructures Security, CRITIS 2014

Y2 - 13 October 2014 through 15 October 2014

ER -