• Corpus ID: 26590480

The State of Security in Control Systems Today

  title={The State of Security in Control Systems Today},
  author={Derek Harp and Extra Slides},

Incentivizing Cyber Security Investment in the Power Sector Using An Extended Cyber Insurance Framework

Results show that the model can successfully discriminate between individual power companies as well as geographic regions on the basis of risk and can recommend cyber riskmanagement strategies tailored to individual risk profiles, and is validated by applying power industry performance data from 2013-2015.

Exploring Industry Cybersecurity Strategy in Protecting Critical Infrastructure

Key strategies that may help improve cybersecurity strategies used by IT and compliance professionals, which can mitigate successful attacks against critical infrastructure are revealed.

The Good, the Bad and the Ugly: A Study of Security Decisions in a Cyber-Physical Systems Game

Surprisingly, security experts were not ipso facto better players—in some cases, they made very questionable decisions—yet they showed a higher level of confidence in themselves, and classified players’ decision-making processes, i.e., procedure-, experience-, scenario- or intuition-driven.

The 2017 Power Industry Division ( POWID ) Symposium is Coming Soon !

The decentralization and the associated future structure of demand management at grid level raises new challenges for operators. Sustainable and economic operation management requires seamless access

Test Strategy to detect Industrial Control Systems' common Cyber Weaknesses and Vulnerabilities

The proposed research will have applicability to defense of complex systems more broadly than cybersecurity of ICSs, since it illustrates a structured technique for dealing with the very high numbers of test permutations that arise when considering complex system architectures exposed to a myriad of possible malicious intent.

An Expanded Cyber Insurance Framework to Mitigate Cyber Induced Economic Losses of the U.S. Power Industry

Cyber incidents are increasing in the United States and critical infrastructure is no exception. Aging operational technology is reliable, but much of it was not conceived in this century and lacks

Gamifying ICS Security Training and Research: Design, Implementation, and Results of S3

This work developed ICS-specific challenges involving both theoretical and applied ICS security concepts and developed a scoring system based on multiple factors, including realistic ICS attacker models and effectiveness of the detection mechanisms of the defenders.

Advantages of Anomaly Detection Between the Controlling Unit and the Process Devices of an Industrial Control System

An Intrusion Detection System (IDS) which monitors independent, raw and integer data and is implemented on a relatively cheap Raspberry Pi 3, which can be a positive addition to the currently available security solutions.

Gamifying Education and Research on ICS Security: Design, Implementation and Results of S3

This work tested the proposed ICS security gamification idea in the context of the first Capture-The-Flag (CTF) event targeted to I CS security called SWaT Security Showdown (S3), where six teams acted as attackers in a security competition leveraging an ICS testbed.

An Internet-wide view of ICS devices

This work implements five common SCADA protocols in ZMap and conducts a survey of the public IPv4 address space finding more than 60K publicly accessible systems and uses a large network telescope and high-interaction honeypots to find and profile actors searching for devices.