支持工业控制系统安全设计的本体框架

IF 9.9 1区计算机科学 Q1 AUTOMATION & CONTROL SYSTEMS

IEEE Transactions on Industrial Informatics Pub Date : 2025-06-17 DOI:10.1109/TII.2025.3574694

Ali M. Hosseini;Wolfgang Kastner;Thilo Sauter

{"title":"支持工业控制系统安全设计的本体框架","authors":"Ali M. Hosseini;Wolfgang Kastner;Thilo Sauter","doi":"10.1109/TII.2025.3574694","DOIUrl":null,"url":null,"abstract":"Ensuring cybersecurity in Industrial Control Systems (ICSs) is essential, as cyber-attacks can lead to substantial economic losses and serious safety hazards. Addressing security early in the product and system life cycle is crucial to preventing expensive fixes and severe consequences later. Since requirements engineering and system architecture design are early activities in system development and are interconnected in nature, it is essential to begin integrating security into these activities. IEC 62443 is a widely used ICS cybersecurity standard that provides security requirements and architectural guidance; however, it relies heavily on human experts and manual effort, making the implementation of the standard costly and time-consuming. This article proposes an ontological framework that supports the integrated engineering of security requirements and system architectures, aiming to achieve security by design and conformance with IEC 62443 with reduced reliance on human experts. To evaluate the quality and usability of the proposed ontology, we examine a use case for requirements elicitation and validation scenarios. The findings highlight the potential of ontological approaches in improving ICS cybersecurity, particularly in terms of standard compliance.","PeriodicalId":13301,"journal":{"name":"IEEE Transactions on Industrial Informatics","volume":"21 9","pages":"7188-7197"},"PeriodicalIF":9.9000,"publicationDate":"2025-06-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=11039061","citationCount":"0","resultStr":"{\"title\":\"Ontology Framework Supporting Security-By-Design of Industrial Control Systems\",\"authors\":\"Ali M. Hosseini;Wolfgang Kastner;Thilo Sauter\",\"doi\":\"10.1109/TII.2025.3574694\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Ensuring cybersecurity in Industrial Control Systems (ICSs) is essential, as cyber-attacks can lead to substantial economic losses and serious safety hazards. Addressing security early in the product and system life cycle is crucial to preventing expensive fixes and severe consequences later. Since requirements engineering and system architecture design are early activities in system development and are interconnected in nature, it is essential to begin integrating security into these activities. IEC 62443 is a widely used ICS cybersecurity standard that provides security requirements and architectural guidance; however, it relies heavily on human experts and manual effort, making the implementation of the standard costly and time-consuming. This article proposes an ontological framework that supports the integrated engineering of security requirements and system architectures, aiming to achieve security by design and conformance with IEC 62443 with reduced reliance on human experts. To evaluate the quality and usability of the proposed ontology, we examine a use case for requirements elicitation and validation scenarios. The findings highlight the potential of ontological approaches in improving ICS cybersecurity, particularly in terms of standard compliance.\",\"PeriodicalId\":13301,\"journal\":{\"name\":\"IEEE Transactions on Industrial Informatics\",\"volume\":\"21 9\",\"pages\":\"7188-7197\"},\"PeriodicalIF\":9.9000,\"publicationDate\":\"2025-06-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=11039061\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Industrial Informatics\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/11039061/\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"AUTOMATION & CONTROL SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Industrial Informatics","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/11039061/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"AUTOMATION & CONTROL SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

确保工业控制系统（ics）的网络安全至关重要，因为网络攻击可能导致巨大的经济损失和严重的安全隐患。在产品和系统生命周期的早期处理安全性对于防止昂贵的修复和以后的严重后果至关重要。由于需求工程和系统架构设计是系统开发中的早期活动，并且在本质上是相互关联的，因此开始将安全性集成到这些活动中是必要的。IEC 62443是广泛使用的ICS网络安全标准，提供安全要求和架构指导；然而，它在很大程度上依赖于人类专家和人工工作，使得标准的实现既昂贵又耗时。本文提出了一个本体框架，该框架支持安全需求和系统架构的集成工程，旨在通过设计和符合IEC 62443来实现安全性，同时减少对人类专家的依赖。为了评估提出的本体的质量和可用性，我们检查了需求引出和验证场景的用例。研究结果强调了本体论方法在改善ICS网络安全方面的潜力，特别是在标准合规性方面。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Ontology Framework Supporting Security-By-Design of Industrial Control Systems

Ensuring cybersecurity in Industrial Control Systems (ICSs) is essential, as cyber-attacks can lead to substantial economic losses and serious safety hazards. Addressing security early in the product and system life cycle is crucial to preventing expensive fixes and severe consequences later. Since requirements engineering and system architecture design are early activities in system development and are interconnected in nature, it is essential to begin integrating security into these activities. IEC 62443 is a widely used ICS cybersecurity standard that provides security requirements and architectural guidance; however, it relies heavily on human experts and manual effort, making the implementation of the standard costly and time-consuming. This article proposes an ontological framework that supports the integrated engineering of security requirements and system architectures, aiming to achieve security by design and conformance with IEC 62443 with reduced reliance on human experts. To evaluate the quality and usability of the proposed ontology, we examine a use case for requirements elicitation and validation scenarios. The findings highlight the potential of ontological approaches in improving ICS cybersecurity, particularly in terms of standard compliance.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Transactions on Industrial Informatics 工程技术-工程：工业

CiteScore

24.10

自引率

8.90%

发文量

1202

审稿时长

5.1 months

期刊介绍： The IEEE Transactions on Industrial Informatics is a multidisciplinary journal dedicated to publishing technical papers that connect theory with practical applications of informatics in industrial settings. It focuses on the utilization of information in intelligent, distributed, and agile industrial automation and control systems. The scope includes topics such as knowledge-based and AI-enhanced automation, intelligent computer control systems, flexible and collaborative manufacturing, industrial informatics in software-defined vehicles and robotics, computer vision, industrial cyber-physical and industrial IoT systems, real-time and networked embedded systems, security in industrial processes, industrial communications, systems interoperability, and human-machine interaction.