Enhancing Energy Sector Resilience: Integrating Security by Design Principles

• URL: http://arxiv.org/abs/2402.11543v1
• Date: Sun, 18 Feb 2024 11:04:22 GMT
• Title: Enhancing Energy Sector Resilience: Integrating Security by Design Principles
• Authors: Dov Shirtz, Inna Koberman, Aviad Elyashar, Rami Puzis, Yuval Elovici,
• Abstract summary: Security by design (Sbd) is a concept for developing and maintaining systems that are impervious to security attacks. This document presents the security requirements for the implementation of the SbD in industrial control systems.
• Score: 20.817229569050532
• License: http://creativecommons.org/licenses/by-nc-sa/4.0/
• Abstract: Security by design, Sbd is a concept for developing and maintaining systems that are, to the greatest extent possible, free from security vulnerabilities and impervious to security attacks. In addition to technical aspects, such as how to develop a robust industrial control systems hardware, software, communication product, etc., SbD includes also soft aspects, such as organizational managerial attitude and behavior, and employee awareness. Under the Sbd concept, systems, ICS in our context, will be considered more trustworthy by users. User's trust in the systems will be derived from the meticulous adherence to the SbD processes and policies. In accordance with the SbD concept, security is considered. Security measures are implemented, at every stage of the product and systems development life cycle, rather than afterwards. This document presents the security requirements for the implementation of the SbD in industrial control systems. The information presented does not negate any existing security and cyber security standards, etc. Instead, we strongly recommend that organizations should implement and comply with those standards and best practices. Security by design is not a one-time process. It starts at the very beginning of the products of the system design and continues through all its lifecycle. Due to the benefits of the SbD, higher level of security, and robustness to cyber attacks, all organizations associated with the energy sector should strive to establish an ecosystem. The requirements presented in this document may be perceived as burdensome by organizations. However, strict compliance with the requirements and existing security standards and best practices, including continuous monitoring, as specified in this document, is essential to realize an ecosystem driven and protected by the SbD

Related papers

• Cross-Modality Safety Alignment [73.8765529028288]
  We introduce a novel safety alignment challenge called Safe Inputs but Unsafe Output (SIUO) to evaluate cross-modality safety alignment. To empirically investigate this problem, we developed the SIUO, a cross-modality benchmark encompassing 9 critical safety domains, such as self-harm, illegal activities, and privacy violations. Our findings reveal substantial safety vulnerabilities in both closed- and open-source LVLMs, underscoring the inadequacy of current models to reliably interpret and respond to complex, real-world scenarios.
  arXiv  Detail & Related papers  (2024-06-21T16:14:15Z)
• Towards Guaranteed Safe AI: A Framework for Ensuring Robust and Reliable AI Systems [88.80306881112313]
  We will introduce and define a family of approaches to AI safety, which we will refer to as guaranteed safe (GS) AI. The core feature of these approaches is that they aim to produce AI systems which are equipped with high-assurance quantitative safety guarantees. We outline a number of approaches for creating each of these three core components, describe the main technical challenges, and suggest a number of potential solutions to them.
  arXiv  Detail & Related papers  (2024-05-10T17:38:32Z)
• Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
  We investigate the security implications of and software-based Open Radio Access Network (RAN) systems. We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
  arXiv  Detail & Related papers  (2024-05-03T07:18:45Z)
• Managing Security Evidence in Safety-Critical Organizations [10.905169282633256]
  This paper presents a study on the maturity of managing security evidence in safety-critical organizations. We find that the current maturity of managing security evidence is insufficient for the increasing requirements set by certification authorities and standardization bodies. One part of the reason are educational gaps, the other a lack of processes.
  arXiv  Detail & Related papers  (2024-04-26T11:30:34Z)
• DASICS: Enhancing Memory Protection with Dynamic Compartmentalization [7.802648283305372]
  We present the DASICS (Dynamic in-Address-Space Isolation by Code Segments) secure processor design. It offers dynamic and flexible security protection across multiple privilege levels, addressing data flow protection, control flow protection, and secure system calls. We have implemented hardware FPGA prototypes and software QEMU simulator prototypes based on DASICS, along with necessary modifications to system software for adaptability.
  arXiv  Detail & Related papers  (2023-10-10T09:05:29Z)
• Leveraging Traceability to Integrate Safety Analysis Artifacts into the Software Development Process [51.42800587382228]
  Safety assurance cases (SACs) can be challenging to maintain during system evolution. We propose a solution that leverages software traceability to connect relevant system artifacts to safety analysis models. We elicit design rationales for system changes to help safety stakeholders analyze the impact of system changes on safety.
  arXiv  Detail & Related papers  (2023-07-14T16:03:27Z)
• Sustainable Adaptive Security [11.574868434725117]
  We propose the notion of Sustainable Adaptive Security (SAS) which reflects enduring protection by augmenting adaptive security systems with the capability of mitigating newly discovered threats. We use a smart home example to showcase how we can engineer the activities of the MAPE (Monitor, Analysis, Planning, and Execution) loop of systems satisfying sustainable adaptive security.
  arXiv  Detail & Related papers  (2023-06-05T08:48:36Z)
• Recursively Feasible Probabilistic Safe Online Learning with Control Barrier Functions [60.26921219698514]
  We introduce a model-uncertainty-aware reformulation of CBF-based safety-critical controllers. We then present the pointwise feasibility conditions of the resulting safety controller. We use these conditions to devise an event-triggered online data collection strategy.
  arXiv  Detail & Related papers  (2022-08-23T05:02:09Z)
• The Opportunity to Regulate Cybersecurity in the EU (and the World): Recommendations for the Cybersecurity Resilience Act [1.2691047660244335]
  Safety is becoming cybersecurity under most circumstances. This should be reflected in the Cybersecurity Resilience Act when it is proposed and agreed upon in the European Union. It is based on what the cybersecurity research community for long have asked for, and on what constitutes clear hard legal rules instead of soft.
  arXiv  Detail & Related papers  (2022-05-26T07:20:44Z)
• Defining Security Requirements with the Common Criteria: Applications, Adoptions, and Challenges [17.700647389830774]
  The adoption of ICT products with security properties depends on consumers' confidence and markets' trust in the security functionalities. Common Criteria for Information Technology Security Evaluation (often referred to as Common Criteria or CC) is an international standard for cyber security certification. Best practices on developing Protection Profiles, recommendations, and future directions for trusted cybersecurity advancement are presented.
  arXiv  Detail & Related papers  (2022-01-19T05:05:33Z)
• Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
  Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance. We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems. We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
  arXiv  Detail & Related papers  (2020-10-19T13:09:31Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.