Visible to the public Understanding Security Requirements for Industrial Control System Supply Chains

TitleUnderstanding Security Requirements for Industrial Control System Supply Chains
Publication TypeConference Paper
Year of Publication2019
AuthorsHou, Ye, Such, Jose, Rashid, Awais
Conference Name2019 IEEE/ACM 5th International Workshop on Software Engineering for Smart Cyber-Physical Systems (SEsCPS)
Date Publishedmay
ISBN Number978-1-7281-2282-3
KeywordsComputer crime, control engineering computing, control system security, cyber-physical infrastructures, Cyber-physical systems, decision making, human issues, industrial control, industrial control systems, Industrial Control Systems Anomaly Detection, integrated circuits, Iran, Malware, Natanz city, nuclear facility, organisational aspects, organizational aspects, Organizations, pubcrawl, resilience, Resiliency, risk assessment, risk decision-making, risk management, Scalability, security industrial control system supply chains, security requirements, Standards organizations, stuxnet attack, supply chain management, supply chain risk assessment, supply chain security, Supply chains

We address the need for security requirements to take into account risks arising from complex supply chains underpinning cyber-physical infrastructures such as industrial control systems (ICS). We present SEISMiC (SEcurity Industrial control SysteM supply Chains), a framework that takes into account the whole spectrum of security risks - from technical aspects through to human and organizational issues - across an ICS supply chain. We demonstrate the effectiveness of SEISMiC through a supply chain risk assessment of Natanz, Iran's nuclear facility that was the subject of the Stuxnet attack.

Citation Keyhou_understanding_2019