Cybersecurity incidents are stressful, complex in nature, and are frequently not systematically considered in daily tasks. When correctly managed, operational readiness procedures ensure the availability of data required to successfully and quickly recover from a security incident, while lessening the adverse effect. Therefore, protective measures, such as implementation of data diodes, are playing an essential role in defending instrumentation and control (I&C) systems. In addition, applicability of the newest forensic and digital evidence-related standards to the nuclear domain is being evaluated. Results of such evaluation are being considered in the three-dimensional and two-dimensional modeling of cybersecurity relevant assets. The development of the new IEC 63096, downstream standard of IEC 62645, will also support the proposed evaluation and modeling. However, IEC 63096 covers not only forensic and incident management-related security controls but also a broad range of cybersecurity controls. This paper will further explore the security degree-specific selection and overall assignment of forensic-related security controls for the nuclear domain. Results from ongoing prototype developments will be used to demonstrate possible alternative selections and assignments, along with their contribution to different security metrics.

References

References
1.
ISO/IEC
,
2011
, “
Information Technology — Security Techniques — Information Security Risk Management
,”
International Organization for Standardization/International Electrotechnical Commission
,
Geneva, Switzerland
, Standard No.
ISO/IEC 27005
.https://www.iso.org/standard/75281.html
2.
IEC
,
2016
, “
Nuclear Power Plants—Instrumentation and Control Systems—Security Controls
,”
International Electrotechnical Commission
,
Geneva, Switzerland
, Standard No.
IEC 63096
.http://npic-hmit2017.org/wp-content/data/pdfs/158-20165.pdf
3.
IEC
,
2014
, “
Nuclear Power Plants—I&C Systems—Requirements for Security Programmes for Computer-Based Systems
,”
International Electrotechnical Commission
,
Geneva, Switzerland
, Standard No.
IEC 62645
.https://webstore.iec.ch/publication/7311
4.
Bajramovic
,
E.
,
2016
, “
Survey of Digital Forensic Readiness in Critical Infrastructure
,” Department of Computer Science, Friedrich-Alexander University Erlangen-Nuremberg, Erlangen, Germany.
5.
Scott
,
A.
,
2015
,
Tactical Data Diodes in Industrial Control Automation Systems. SysAdmin, Audit, Network and Security
,
(SANS) Institute InfoSec Reading Room
, Global Region, US.
6.
Li
,
J.
,
Bajramovic
,
E.
,
Gao
,
Y.
, and
Parekh
,
M.
,
2016
, “
Graded Security Forensics Readiness for SCADA Systems
,”
Informatik 2016
,
H. C.
Mayr
, and
M.
Pinzger
, eds., Lecture Notes in Informatics,
Bonn
,
Germany
, pp.
581
592
.
7.
IEC
,
2013
, “
Industrial Communication Networks—Network and System Security—Part 3-3: System Security Requirements and Security Levels
,”
International Electrotechnical Commission
,
Geneva, Switzerland
, Standard No.
IEC 62443-3-3
.https://webstore.iec.ch/publication/7033
8.
Waedt
,
K.
,
Lillo
,
E.
, and
Zavarsky
,
P.
,
2015
, “
Identification of the Critical Components of an ICS and Options to Protect Them
,” World Institute for Nuclear Security (WINS) Workshop on Effective Integration of Physical Protection and Cyber Security
, Vienna, Austria.
9.
Knapp
,
E.
, and
Langill
,
J.
,
2014
, “
Security Monitoring of Industrial Control Systems
,”
Industrial Network Security
,
2nd ed.
,
Syngress Publishing
,
Waltham, MA
.
10.
Bajramovic
,
E.
,
Waedt
,
K.
,
Gao
,
Y.
, and
Parekh
,
M.
,
2016
, “
Cybersecurity Aspects in the I&C Design of Nuclear Power Plants
,” Third International Nuclear Power Plants Summit, Istanbul, Turkey, Mar. 8.
11.
Waedt
,
K.
, and
Ding
,
Y.
, 2013, “
Safety and Cybersecurity Aspects in the Safety I&C Design for NPPs
,” Third China (International) Conference on Nuclear Power I&C Technology
, Shanghai, China.
12.
ISO/IEC
,
2015
, “
Information Technology — Security Techniques — Guidelines for the Analysis and Interpretation of Digital Evidence
,”
International Organization for Standardization/International Electrotechnical Commission
,
Geneva, Switzerland
, Standard No.
ISO/IEC 27042
.https://www.iso.org/standard/44406.html
13.
ISO/IEC
,
2015
, “
Information Technology—Security Techniques—Incident Investigation Principles and Processes
,”
International Organization for Standardization/ International Electrotechnical Commission
,
Geneva, Switzerland
, Standard No.
ISO/IEC 27043
.https://www.iso.org/standard/44407.html
14.
Bochtler
,
J.
,
Quinn
,
E. L.
, and
Bajramovic
,
E.
,
2017
, “
Development of a New International Electrotechnical Commission Standard on Cybersecurity Controls for Nuclear Power Plants
,”
Nuclear Plant Instrumentation, Control & Human Machine Interface Technologies
,
San Francisco, CA
, June 11–15.
15.
Homeland Security
,
2008
,
Recommended Practice: Creating Cyber Forensics Plans for I&C Systems
,
Homeland Security
,
Washington, DC
.
16.
Kent
,
K.
,
Chevalier
,
S.
,
Grance
,
T.
, and
Dang
,
H.
,
2006
, “
Guide to Integrating Forensic Techniques Into Incident Response
,”
National Institute of Standards and Technology
,
Gaithersburg, MD
, Report No.
NIST SP 800-86
.https://www.nist.gov/publications/guide-integrating-forensic-techniques-incident-response
17.
UcedaVelez
,
T.
, and
Morana
,
M.
,
2015
, “
Threat Modelling and Risk Management
,”
Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis
,
Wiley
,
Hoboken, NJ
.
18.
Tu
,
M.
,
Xu
,
D.
,
Butler
,
E.
, and
Schwartz
,
A.
,
2012
, “
Forensic Evidence Identification and Modeling for Attacks Against a Simulated Online Business
,”
J. Digital Forensics, Security Law
,
7
(
4
), p. 4.http://ojs.jdfsl.org/index.php/jdfsl/article/view/48
19.
Lee
,
R.
,
2015
, “
Active Cyber Defense Cycle: Asset Identification and Network Security Monitoring, Control Engineering
,” Control Engineering, Downers Grove, IL, accessed Oct. 15, 2016, https://www.controleng.com/single-article/active-cyber-defense-cycle-asset-identification-and-network-security-monitoring/dcd2a7ac2b4f7cfd98e292dfd1e5c88a.html
20.
ISO/IEC
,
2011
, “
Information Technology—Security Techniques—Application Security—Part 1: Overview and Concepts
,”
International Organization for Standardization/ International Electrotechnical Commission
,
Geneva, Switzerland
, Standard No.
ISO/IEC 27034-1
.https://www.iso.org/standard/44378.html
You do not currently have access to this content.