skip to main content
10.1145/2602087.2602103acmotherconferencesArticle/Chapter ViewAbstractPublication PagescisrcConference Proceedingsconference-collections
research-article

Quantifying availability in SCADA environments using the cyber security metric MFC

Published: 08 April 2014 Publication History

Abstract

Supervisory Control and Data Acquisition (SCADA) systems are distributed networks dispersed over large geographic areas that aim to monitor and control industrial processes from remote areas and/or a centralized location. They are used in the management of critical infrastructures such as electric power generation, transmission and distribution, water and sewage, manufacturing/industrial manufacturing as well as oil and gas production. The availability of SCADA systems is tantamount to assuring safety, security and profitability. SCADA systems are the backbone of the national cyber-physical critical infrastructure. Herein, we explore the definition and quantification of an econometric measure of availability, as it applies to SCADA systems; our metric is a specialization of the generic measure of mean failure cost.

References

[1]
Miller, B. and Rowe, D. 2012. A survey SCADA of and critical infrastructure incidents. In Proceedings of the Proceedings of the 1st Annual Conference on Research in Information Technology (RITI'12) (Calgary, Alberta, Canada, October 11-13, 2012). ACM, New York, NY, 51--56. DOI=http://dx.doi.org/10.1145/2380790.2380805.
[2]
Igure, V. M., Laughter, S. A. and Williams, R. D. 2006. Security issues in SCADA networks. Computers & Security, 25, 7 (October 2006), 498--506.
[3]
Hentea, M. 2008. Improving Security for SCADA Control Systems. Interdisciplinary Journal of Information, Knowledge, and Management, 3, 73--86.
[4]
Cherdantseva, Y. and Hilton, J. A Reference Model of Information Assurance & Security. In Proceedings of the Proceedings of the 2013 International Conference on Availability, Reliability and Security (ARES) (Regensburg, Sept. 2-6, 2013). IEEE Computer Society, Wash., D.C., 546--555. DOI=http://dx.doi.org/10.1109/ares.2013.72.
[5]
Sheldon, F. T., Abercrombie, R. K. and Mili, A. 2008. Evaluating security controls based on key performance indicators and stakeholder mission. In Proceedings of the Proceedings of the 4th annual workshop on Cyber security and information intelligence research (CSIIRW'08) (Oak Ridge, Tennessee, 2008). ACM, New York, NY, 11 pp. DOI=http://doi.acm.org/10.1145/1413140.1413188.
[6]
Aissa, A. B., Abercrombie, R. K., Sheldon, F. T. and Mili, A. 2010. Quantifying Security Threats and Their Potential Impacts: A Case Study. Innovations in Systems and Software Engineering, 6, 4 (December 2010), 269--281.
[7]
Jouini, M., Aissa, A. B., Rabai, L. B. A. and Mili, A. 2012. Towards Quantitative Measures of Information Security: A Cloud Computing Case Study. International Journal of Cyber-Security and Digital Forensics (IJCSDF), Vol. 1, Issue 3 (2012), 248--262.
[8]
Rabai, L. B. A., Jouini, M., Aissa, A. B. and Mili, A. 2013. A cybersecurity model in cloud computing environments. Journal of King Saud University - Computer and Information Sciences, 25, 1 (January 2013), 63--75.
[9]
Berg, M. and Stamp, J. 2005. A Reference Model for Control and Automation Systems in Electric Power. Report SAND2005-1000C, Sandia National Laboratories, Albuquerque, NM.
[10]
Alcaraz, C. and Zeadally, S. 2013. Critical Control System Protection in the 21st Century. Computer, 46, 10 (October 2013), 74--83.
[11]
Cárdenas, A. A., Amin, S., Lin, Z.-S., Huang, Y.-L., Huang, C.-Y. and Sastry, S. 2011. Attacks against process control systems: risk assessment, detection, and response. In Proceedings of the Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (Hong Kong, China, March 22-24, 2011). ACM, New York, NY, 355--366. DOI=http://dx.doi.org/10.1145/1966913.1966959.

Cited By

View all
  • (2014)Quantifying the impact of unavailability in cyber-physical environments2014 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)10.1109/CICYBS.2014.7013364(1-8)Online publication date: Dec-2014

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
CISR '14: Proceedings of the 9th Annual Cyber and Information Security Research Conference
April 2014
134 pages
ISBN:9781450328128
DOI:10.1145/2602087
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Sponsors

  • Los Alamos National Labs: Los Alamos National Labs
  • CEDS: DOE Cybersecurity for Energy Delivery Systems
  • Sandia National Labs: Sandia National Laboratories
  • DOE: Department of Energy
  • Oak Ridge National Laboratory
  • Lawrence Livermore National Lab.: Lawrence Livermore National Laboratory
  • BERKELEYLAB: Lawrence National Berkeley Laboratory
  • CSL: DOE Cyber Sciences Laboratory
  • Argonne Natl Lab: Argonne National Lab
  • Pacific Northwest National Laboratory
  • TTP: DHS Transition to Practice
  • Nevada National Security Site: Nevada National Security Site

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 April 2014

Check for updates

Author Tags

  1. MFC
  2. SCADA
  3. availability
  4. dependability
  5. security measures
  6. security requirements
  7. threats

Qualifiers

  • Research-article

Conference

CISR' '14
Sponsor:
  • Los Alamos National Labs
  • CEDS
  • Sandia National Labs
  • DOE
  • Lawrence Livermore National Lab.
  • BERKELEYLAB
  • CSL
  • Argonne Natl Lab
  • TTP
  • Nevada National Security Site

Acceptance Rates

CISR '14 Paper Acceptance Rate 32 of 50 submissions, 64%;
Overall Acceptance Rate 69 of 136 submissions, 51%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)4
  • Downloads (Last 6 weeks)0
Reflects downloads up to 20 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2014)Quantifying the impact of unavailability in cyber-physical environments2014 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)10.1109/CICYBS.2014.7013364(1-8)Online publication date: Dec-2014

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media