Cyber-physical Vulnerability Assessment in Manufacturing Systems

Procedia Manufacturing

Volumn 5, Issue , 2016, Pages 1060-1074

  DeSmit, Zach ^a   Elhabashy, Ahmad E ^a,b   Wells, Lee J ^c   Camelio, Jaime A ^a  

^a State University   (United States)

^b Alexandria University The Faculty Of Engineering   (Egypt)

^c Parkview Campus   (United States)

Author keywords

Cyber physical security; Decision tree analysis; Manufacturing systems; Vulnerability assessment

Indexed keywords

COMPUTER CRIME; CYBER PHYSICAL SYSTEM; DECISION TREES; INDUSTRIAL RESEARCH; NETWORK SECURITY;

ASSESSMENT APPROACHES; CYBER-PHYSICAL SECURITIES; DECISION TREE ANALYSIS; MANUFACTURING FIRMS; MANUFACTURING RESEARCH; MITIGATION TECHNIQUES; PRODUCTION PROCESS; VULNERABILITY ASSESSMENTS;

MANUFACTURE;

EID: 85014362362     PISSN: None     EISSN: 23519789     Source Type: Conference Proceeding    
DOI: 10.1016/j.promfg.2016.08.075     Document Type: Conference Paper

References (30)

1. [1] Albright, D., Brannan, P. & Christina, W., 2010. Did Stuxnet Take Out 1,000 Centrifuges at the Natanz Enrichment Plant? [Online] Institute for Science and International Security (ISIS) Available at: HYPERLINK “file:///C:\\Users\\zachd1\\Dropbox\\DoD_MRL\\NAMRC%2044\\isis-online.org\\isis-reports\\detail\\did-stuxnet-take-out-1000-centrifuges-at-the-natanz-enrichment-plant\\” isis-online.org/isis-reports/detail/did-stuxnet-take-out-1000-centrifuges-at-the-natanz-enrichment-plant/[Accessed 14 December 2014].
2. [2] Anthem, Inc., 2015. How to Access & Sign Up For Identity Theft Repair & Credit Monitoring Services. [Online] Available at: HYPERLINK “file:///C:\\Users\\zachd1\\Dropbox\\DoD_MRL\\NAMRC%2044\\www.anthemfacts.com” www.anthemfacts.com [Accessed 28 October 2015].
3. [3] Baker, G.H., 2005. A Vulnerability Assessment Methodology for Critical Infrastructure Sites. In DHS Symposium. Boston, Massachusetts, 2005. Department of Homeland Security.
4. [4] Bergvall, J. & Svensson, L., 2012. Risk Analysis Review. Master's Thesis. Linköping, Sweden: Linköpings University.
5. [5] Caralli, R.A., Stevens, J.F., Young, L.R. & Wilson, W.R., 2007. The OCTAVE Allegro Guidebook, v1.0. Software Engineering Institute.
6. [6] CCAM, 2015. Commonwealth Center For Advanced Manufacturing - About Us. [Online] Available at: HYPERLINK “file:///C:\\Users\\zachd1\\Dropbox\\DoD_MRL\\NAMRC%2044\\www.ccam-va.com\\about-us\\” www.ccam-va.com/about-us/[Accessed 24 November 2015].
7. [7] Cerullo, M.J. & Cerullo, V., 1994. EDP Risk Analysis. Computer Audit Update, pp.9-30.
8. [8] Cherry, S., 2011. Sons of Stuxnet. [Online] Available at: HYPERLINK “file:///C:\\Users\\zachd1\\Dropbox\\DoD_MRL\\NAMRC%2044\\spectrum.ieee.org\\podcast\\telecom\\security\\sons-of-stuxnet” spectrum.ieee.org/podcast/telecom/security/sons-of-stuxnet [Accessed 15 December 2014].
9. [9] Deloitte, 2014. Global Cyber Executive Briefing - Manufacturing. [Online] Available at: HYPERLINK “file:///C:\\Users\\zachd1\\Dropbox\\DoD_MRL\\NAMRC%2044\\www2.deloitte.com\\global\\en\\pages\\risk\\articles\\Manufacturing.html” www2.deloitte.com/global/en/pages/risk/articles/Manufacturing.html# [Accessed 16 August 2015].
10. [10] Evans, D., 2011. The Internet of Things: How the Next Evolution of the Internet is Changing Everything. White Paper. Cisco Internet Business Solutions Group (IBSG).
11. [11] FFIEC, 2015. FFIEC Cybersecurity Assessment Tool Overview. Federal Financial Institutions Examination Countil.
12. [12] Fray, I.E., 2012. A Comparative Study of Risk Assessment Methods, MEHARI & CRAMM with a New Formal Model of Risk Assessment (FoMRA) in Information Systems. In Proceedings of the 11th IFIP TC 8 international conference on Computer Information Systems and Industrial Management. Venice, Italy, 2012. Springer-Verlag.
13. [13] Hutchins, M.J. et al., 2015. Framework for Identifying Cybersecurity Risks in Manufacturing. Procedia Manufacturing, 1, pp.47-63.
14. [14] ICS-CERT, 2015. ICS-CERT Monitor Newsletters: November-December 2015. [Online] Department of Homeland Security Available at: HYPERLINK “file:///C:\\Users\\zachd1\\Dropbox\\DoD_MRL\\NAMRC%2044\\ics-cert.us-cert.gov\\sites\\default\\files\\Monitors\\ICS-CERT%20Monitor_Nov-Dec2015_S508C.pdf” ics-cert.us-cert.gov/sites/default/files/Monitors/ICS-CERT%20Monitor_Nov-Dec2015_S508C.pdf [Accessed 26 January 2016].
15. [15] Kaspersky, 2015. What is Spear Phishing? - Definition. [Online] Available at: HYPERLINK “file:///C:\\Users\\zachd1\\Dropbox\\DoD_MRL\\NAMRC%2044\\usa.kaspersky.com\\internet-security-center\\definitions\\spear-phishing” \l “.VlIcL3arQgs” usa.kaspersky.com/internet-security-center/definitions/spear-phishing#.VlIcL3arQgs [Accessed 22 November 2015].
16. [16] Lee, T.B., 2014. The Sony Hack: How it Happened, Who is Responsible, and What we've Learned. [Online] Available at: HYPERLINK “file:///C:\\Users\\zachd1\\Dropbox\\DoD_MRL\\NAMRC%2044\\www.vox.com\\2014\\12\\14\\7387945\\sony-hack-explained” www.vox.com/2014/12/14/7387945/sony-hack-explained [Accessed 15 December 2014].
17. [17] Mandiant, 2014. M-Trends 2015: A view from the front line. Threat Report. Mandiant, a FireEye Company.
18. [18] Mell, P., Scarfone, K. & Romanosky, S., 2006. Common Vulnerability Scoring System. Security & Privacy, IEEE, 4(6), pp.85-89.
19. [19] National Defense Industrial Association (NDIA), 2014. Cybersecurity for Advanced Manufacturing. White Paper. NDIA.
20. [20] NIST, 2014. Framework for Improving Critical Infrastructure Cybersecurity. National Institute of Standards and Technology.
21. [21] Obama, B., 2013. Improving Critical Infrastructure Cybersecurity. Executive Order. Federal Register.
22. [22] Rost, J. & Glass, R.L., 2011. The Dark Side of Software Engineering: Evil on Computing Projects. Wiley-IEEE Computer Society Press. Available at: HYPERLINK “http://www.wiley.com/WileyCDA/WileyTitle/productCd-0470597178.html” http://www.wiley.com/WileyCDA/WileyTitle/productCd-0470597178.html [accessed 14 December 2014].
23. [23] Sadowsky, G. et al., 2003. Information Technology Security Handbook. Washington, DC, United States of America: The World Bank.
24. [24] Strum, L.D. et al., 2014. Cyber-physical Vulnerabilities in Additive Manufacturing Systems. In Proceedings of the 25th Annual International Solid Freeform Fabrication Symposium. Austin, TX, 2014.
25. [25] Symantec, 2014. Internet Security Threat Report 2014, Volume 19. Annual Threat Report. Symantec Corporation.
26. [26] Symantec, 2015. Internet Security Threat Report 2015, Volume 20. Annual Threat Report. Symantec Corporation.
27. [27] Target, 2014. Data Breach FAQ. [Online] Available at: HYPERLINK “file:///C:\\Users\\zachd1\\Dropbox\\DoD_MRL\\NAMRC%2044\\corporate.target.com\\about\\shopping-experience\\payment-card-issue-faq” corporate.target.com/about/shopping-experience/payment-card-issue-faq [Accessed 28 October 2015].
28. [28] Ten, C.-W., Liu, C.-C. & Manimaran, G., 2008. Vulnerability Assessment of Cybersecurity for SCADA Systems. IEEE Transactions on Power Systems, 23, pp.1836-46.
29. [29] Vincent, H., Wells, L., Tarazaga, P. & Camelio, J., 2015. Trojan Detection and Side-channel Analyses for Cyber-security in Cyber-physical Manufacturing Systems. Procedia Manufacturing, 1, pp.77-85. Available at: HYPERLINK “http://www.sciencedirect.com/science/article/pii/S2351978915010653” http://www.sciencedirect.com/science/article/pii/S2351978915010653.
30. [30] Wells, L.J., Camelio, J.A., Wiliams, C.B. & White, J., 2014. Cyber-physical Security Challenges in Manufacturing Systems. Manufacturing Letters, 2(2), pp.74-77.