Call to Action: Mobilizing Community Discussion to Improve Information-Sharing About Vulnerabilities in Industrial Control Systems and Critical Infrastructure

2019 11th International Conference on Cyber Conflict (CyCon) Pub Date : 2019-05-28 DOI:10.23919/CYCON.2019.8756895

Daniel Kapellmann, Rhyner Washburn

{"title":"Call to Action: Mobilizing Community Discussion to Improve Information-Sharing About Vulnerabilities in Industrial Control Systems and Critical Infrastructure","authors":"Daniel Kapellmann, Rhyner Washburn","doi":"10.23919/CYCON.2019.8756895","DOIUrl":null,"url":null,"abstract":"Vulnerability management remains a significant challenge for organizations that handle critical infrastructure worldwide. Hallmark cyber-physical incidents with disruptive and destructive capabilities like Stuxnet (2010) and Triton (2017) have exploited known vulnerabilities in information technology (IT) and operational technology (OT) assets throughout the attack lifecycle. However, the global critical infrastructure security community is still nascent in the field of industrial control systems (ICS) vulnerability management, especially in information-sharing. While their counterparts in IT security have spent years elaborating multiple resources to track and disseminate information about known vulnerabilities, the ICS community lacks specialized mechanisms for knowledge-sharing. Multiple challenges exist when addressing this issue: a general lack of awareness about ICS cybersecurity, the need to consider multiple industry sectors and unique network architectures, and the need to find a balance between protecting and releasing sensitive information regarding critical infrastructure organizations or proprietary vendor knowledge. Through a multiphase research initiative based on the user-centered design process, we intend to test and evaluate the feasibility and effectiveness of various information-sharing platform designs for streamlining the discussion of ICS vulnerabilities. In the first phase of this research, we surveyed ICS and critical infrastructure security stakeholders to gain insight into the range of cogent, shared, and divergent views of the community relating to the need for specialized resources to share information about ICS vulnerabilities. We then evaluated what these different perspectives imply for the adoption and success of certain information-sharing platform frameworks. Finally, utilizing these insights, we demonstrated possible alternative paths forward for addressing the challenge of sharing information about ICS vulnerabilities to keep critical infrastructure safe.","PeriodicalId":114193,"journal":{"name":"2019 11th International Conference on Cyber Conflict (CyCon)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-05-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 11th International Conference on Cyber Conflict (CyCon)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/CYCON.2019.8756895","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

Vulnerability management remains a significant challenge for organizations that handle critical infrastructure worldwide. Hallmark cyber-physical incidents with disruptive and destructive capabilities like Stuxnet (2010) and Triton (2017) have exploited known vulnerabilities in information technology (IT) and operational technology (OT) assets throughout the attack lifecycle. However, the global critical infrastructure security community is still nascent in the field of industrial control systems (ICS) vulnerability management, especially in information-sharing. While their counterparts in IT security have spent years elaborating multiple resources to track and disseminate information about known vulnerabilities, the ICS community lacks specialized mechanisms for knowledge-sharing. Multiple challenges exist when addressing this issue: a general lack of awareness about ICS cybersecurity, the need to consider multiple industry sectors and unique network architectures, and the need to find a balance between protecting and releasing sensitive information regarding critical infrastructure organizations or proprietary vendor knowledge. Through a multiphase research initiative based on the user-centered design process, we intend to test and evaluate the feasibility and effectiveness of various information-sharing platform designs for streamlining the discussion of ICS vulnerabilities. In the first phase of this research, we surveyed ICS and critical infrastructure security stakeholders to gain insight into the range of cogent, shared, and divergent views of the community relating to the need for specialized resources to share information about ICS vulnerabilities. We then evaluated what these different perspectives imply for the adoption and success of certain information-sharing platform frameworks. Finally, utilizing these insights, we demonstrated possible alternative paths forward for addressing the challenge of sharing information about ICS vulnerabilities to keep critical infrastructure safe.

查看原文本刊更多论文

行动呼吁:动员社区讨论以改善有关工业控制系统和关键基础设施漏洞的信息共享

对于处理全球关键基础设施的组织来说，漏洞管理仍然是一个重大挑战。具有破坏性和破坏性的标志性网络物理事件，如Stuxnet(2010年)和Triton(2017年)，在整个攻击生命周期中利用了信息技术(IT)和运营技术(OT)资产中的已知漏洞。然而，全球关键基础设施安全社区在工业控制系统(ICS)漏洞管理领域，特别是在信息共享方面仍处于萌芽阶段。虽然他们在IT安全领域的同行花了数年时间精心设计多种资源来跟踪和传播有关已知漏洞的信息，但ICS社区缺乏专门的知识共享机制。在解决这一问题时存在多种挑战:普遍缺乏对ICS网络安全的认识，需要考虑多个行业部门和独特的网络架构，需要在保护和发布有关关键基础设施组织或专有供应商知识的敏感信息之间找到平衡。通过基于以用户为中心的设计过程的多阶段研究计划，我们打算测试和评估各种信息共享平台设计的可行性和有效性，以简化对ICS漏洞的讨论。在本研究的第一阶段，我们调查了ICS和关键基础设施安全利益相关者，以深入了解社区对专用资源共享ICS漏洞信息的需求的令人信服的、共享的和不同的观点。然后，我们评估了这些不同的观点对某些信息共享平台框架的采用和成功意味着什么。最后，利用这些见解，我们展示了解决ICS漏洞信息共享挑战的可能替代路径，以保持关键基础设施的安全。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2019 11th International Conference on Cyber Conflict (CyCon)

自引率

0.00%

发文量