Industrial Control Systems Security Checklist: A Guiding Document for Developing Secure Industrial Control Systems, V1.0

With a more connected world, where someone can attack digital industries in distant countries with low risk and cost, cyber security is becoming increasingly important on a nation-wide level. Several recent attacks illustrate this, for example towards the power grid in Ukraine in 2015 and 2016, a petrochemical plant in Saudi Arabia in 2017, the attack towards a cloud service provider to the train system in Denmark in 2022, and others. These attacks can, if successful, harm important industry and infrastructure such as hospitals, transportation, and industrial manufacturing. While traditional Industrial Control Systems (ICS) have been mostly isolated, they are increasingly getting connected to the internet, increasing the risks of cyberattacks. This guidance document intends to contribute to securing ICS and reduce the probability of successful cyberattacks and limit consequences affecting health, environment, and the economy. This guidance document is a deliverable from the project Ragnarok at SINTEF, and complements the Security Aspects of Industrial Control Systems document and the IoT checklist document, also a deliverable in this project. In this project we looked at both ICS and IoT security, both at the state of the art and within the context of industry 4.0 and the potential collapse of the SCADA pyramid.publishedVersio

Information Security Aspects of Industrial Control Systems: An Introduction for ICS Integrators and Asset Owners, V1.0

With a more connected world, where someone can attack digital industries in distant countries with low risk and cost, cyber security is becoming increasingly important on a nation-wide level. Several recent attacks illustrate this, for example towards the power grid in Ukraine in 2016, the petrochemical plant in Saudi Arabia in 2017, the attack towards a cloud service provider to the train system in Denmark in 2022, and others. These attacks can, if successful, harm important industry and infrastructure such as hospitals, transportation, and industrial manufacturing. While traditional Industrial Control Systems (ICS) have been mostly isolated, they are increasingly getting connected to the internet, increasing the risks of cyberattacks. This document intends to look at the state of the art within ICS security and serve as an introduction to ICS security forICS developers and asset owners, helping them make better choicesin their security. In addition, this document serves as background information for an ICS Guidance document, which aims to provide an easy-to-use security checklist for ICS developers and asset owners. This document is a deliverable for the project Ragnarok at SINTEF, and relates to the Security for Industrial Control Systems (a guiding document) document and the IoT checklist document, also a deliverable in this project. In the Ragnarok project we looked at the state of the art in ICS and IoT security, as well as in the future context of Industry 4.0 and the potential collapse of the SCADA pyramid.publishedVersio