安全融合：IEC 62443-3-2的自动化

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-04-17 DOI:10.1016/j.cose.2025.104477

Mike Da Silva , Stéphane Mocanu , Maxime Puys , Pierre-Henri Thevenon

{"title":"安全融合：IEC 62443-3-2的自动化","authors":"Mike Da Silva , Stéphane Mocanu , Maxime Puys , Pierre-Henri Thevenon","doi":"10.1016/j.cose.2025.104477","DOIUrl":null,"url":null,"abstract":"<div><div>Industrial Control Systems (ICS) are designed to provide a service, such as power generation or water treatment, while protecting people, assets, and the environment against hazard. However, ICS now integrate Information Technology (IT) and are interconnected with the outside world such as the Internet, thereby exposing their infrastructures to cyberattacks. Cyberattacks have thus become new threats for industrial system operations and, more specifically, for their safety. To address the issue, this paper presents a comprehensive cybersecurity risk assessment for the safety of ICS. We apply our method to automate industrial cybersecurity risk assessment as specified in the recent (2020) IEC 62443-3-2 standard, which is widely used in the industrial cybersecurity domain. By automating parts of these risk assessment processes, we can reduce the error-prone manual efforts and increase the consistency of risk assessment. More specifically, the proposed risk assessment comprises three parts which, respectively: (1) identify the specific vulnerabilities of industrial control systems, (2) determine the attack scenarios that compromise the safety of the system and (3) assess whether the attack scenarios are tolerable by the organization’s policy. In the first part, we automated the entire threat modeling process of <em>Microsoft Threat Modeling Tool</em> by developing an automatable method for building the system model, in the form of a data flow diagram, from a standard XML file called PLCOpen. This automation of the Microsoft Threat Modeling Tool process enables us to automate vulnerability identification for industrial control systems. In the second part, we enhance a previous work that generates theoretical safety-compromising attack scenarios by building a complete attack scenario from system vulnerabilities to safety compromise. Finally, in the third part, we rank the attack scenarios using a specific risk matrix in order to determine which scenarios exceed the risk tolerable by the organization and therefore require additional controls.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"156 ","pages":"Article 104477"},"PeriodicalIF":4.8000,"publicationDate":"2025-04-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Safety-security convergence: Automation of IEC 62443-3-2\",\"authors\":\"Mike Da Silva , Stéphane Mocanu , Maxime Puys , Pierre-Henri Thevenon\",\"doi\":\"10.1016/j.cose.2025.104477\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Industrial Control Systems (ICS) are designed to provide a service, such as power generation or water treatment, while protecting people, assets, and the environment against hazard. However, ICS now integrate Information Technology (IT) and are interconnected with the outside world such as the Internet, thereby exposing their infrastructures to cyberattacks. Cyberattacks have thus become new threats for industrial system operations and, more specifically, for their safety. To address the issue, this paper presents a comprehensive cybersecurity risk assessment for the safety of ICS. We apply our method to automate industrial cybersecurity risk assessment as specified in the recent (2020) IEC 62443-3-2 standard, which is widely used in the industrial cybersecurity domain. By automating parts of these risk assessment processes, we can reduce the error-prone manual efforts and increase the consistency of risk assessment. More specifically, the proposed risk assessment comprises three parts which, respectively: (1) identify the specific vulnerabilities of industrial control systems, (2) determine the attack scenarios that compromise the safety of the system and (3) assess whether the attack scenarios are tolerable by the organization’s policy. In the first part, we automated the entire threat modeling process of <em>Microsoft Threat Modeling Tool</em> by developing an automatable method for building the system model, in the form of a data flow diagram, from a standard XML file called PLCOpen. This automation of the Microsoft Threat Modeling Tool process enables us to automate vulnerability identification for industrial control systems. In the second part, we enhance a previous work that generates theoretical safety-compromising attack scenarios by building a complete attack scenario from system vulnerabilities to safety compromise. Finally, in the third part, we rank the attack scenarios using a specific risk matrix in order to determine which scenarios exceed the risk tolerable by the organization and therefore require additional controls.</div></div>\",\"PeriodicalId\":51004,\"journal\":{\"name\":\"Computers & Security\",\"volume\":\"156 \",\"pages\":\"Article 104477\"},\"PeriodicalIF\":4.8000,\"publicationDate\":\"2025-04-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167404825001658\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825001658","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

工业控制系统（ICS）旨在提供发电或水处理等服务，同时保护人员、资产和环境免受危害。然而，ICS现在集成了信息技术（IT），并与Internet等外部世界相互连接，从而使其基础设施暴露于网络攻击之下。因此，网络攻击已成为工业系统运行的新威胁，更具体地说，是对工业系统安全的威胁。为了解决这一问题，本文提出了一种综合的ICS安全网络安全风险评估方法。我们将我们的方法应用于最近（2020）IEC 62443-3-2标准中规定的自动化工业网络安全风险评估，该标准广泛用于工业网络安全领域。通过自动化这些风险评估过程的部分，我们可以减少容易出错的手工工作，并增加风险评估的一致性。更具体地说，建议的风险评估包括三个部分，分别是：(1)识别工业控制系统的特定漏洞，(2)确定危及系统安全的攻击场景，(3)评估攻击场景是否被组织的政策所容忍。在第一部分中，我们通过开发一种可自动化的方法来构建系统模型，以数据流程图的形式，从一个名为PLCOpen的标准XML文件中构建系统模型，从而自动化了Microsoft威胁建模工具的整个威胁建模过程。微软威胁建模工具过程的自动化使我们能够自动识别工业控制系统的漏洞。在第二部分中，我们通过构建从系统漏洞到安全妥协的完整攻击场景来增强先前的工作，该工作生成了理论上的安全妥协攻击场景。最后，在第三部分中，我们使用特定的风险矩阵对攻击场景进行排序，以确定哪些场景超出了组织可承受的风险，因此需要额外的控制。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Safety-security convergence: Automation of IEC 62443-3-2

Industrial Control Systems (ICS) are designed to provide a service, such as power generation or water treatment, while protecting people, assets, and the environment against hazard. However, ICS now integrate Information Technology (IT) and are interconnected with the outside world such as the Internet, thereby exposing their infrastructures to cyberattacks. Cyberattacks have thus become new threats for industrial system operations and, more specifically, for their safety. To address the issue, this paper presents a comprehensive cybersecurity risk assessment for the safety of ICS. We apply our method to automate industrial cybersecurity risk assessment as specified in the recent (2020) IEC 62443-3-2 standard, which is widely used in the industrial cybersecurity domain. By automating parts of these risk assessment processes, we can reduce the error-prone manual efforts and increase the consistency of risk assessment. More specifically, the proposed risk assessment comprises three parts which, respectively: (1) identify the specific vulnerabilities of industrial control systems, (2) determine the attack scenarios that compromise the safety of the system and (3) assess whether the attack scenarios are tolerable by the organization’s policy. In the first part, we automated the entire threat modeling process of Microsoft Threat Modeling Tool by developing an automatable method for building the system model, in the form of a data flow diagram, from a standard XML file called PLCOpen. This automation of the Microsoft Threat Modeling Tool process enables us to automate vulnerability identification for industrial control systems. In the second part, we enhance a previous work that generates theoretical safety-compromising attack scenarios by building a complete attack scenario from system vulnerabilities to safety compromise. Finally, in the third part, we rank the attack scenarios using a specific risk matrix in order to determine which scenarios exceed the risk tolerable by the organization and therefore require additional controls.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.