LOADING

A Cyber Incident Response and Recovery Framework to Support Operators of Industrial Control Systems

Staves, Alex and Anderson, Tom and Balderstone, Harry and Green, Benjamin and Gouglidis, Antonios and Hutchison, David (2022) A Cyber Incident Response and Recovery Framework to Support Operators of Industrial Control Systems. International Journal of Critical Infrastructure Protection, 37: 100505. ISSN 1874-5482

[thumbnail of A_Cyber_Incident_Response_and_Recovery_Framework_to_SupportOperators_of_ICS_and_Critical_National_Infrastructure]
Text (A_Cyber_Incident_Response_and_Recovery_Framework_to_SupportOperators_of_ICS_and_Critical_National_Infrastructure)
A_Cyber_Incident_Response_and_Recovery_Framework_to_SupportOperators_of_ICS_and_Critical_National_Infrastructure.pdf - Accepted Version
Available under License Creative Commons Attribution-NonCommercial-NoDerivs.
Download (659kB)

Abstract

Over the last decade, we have seen a shift in the focus of cyber attacks, moving from traditional IT systems to include more specialised Industrial Control Systems (ICS), often found within Critical National Infrastructure (CNI). Despite a push from governments to introduce appropriate legislation and guidance for such systems, operators of ICS and CNI still face multiple challenges in their cyber incident response and recovery capabilities, a theme that is often viewed as a last line of defence in minimising the impact of cyber attacks. This paper provides the following contributions: Firstly, we analyse existing standards and guidelines within cyber incident response and recovery. This analysis provides a structure on key response and recovery phases, a foundational understanding of associated requirements for these, and identifies challenges that could affect the quality of in-practice response and recovery capabilities. Using this analysis as a baseline, we examine how response and recovery processes are currently undertaken in practice through engagement with UK-based CNI operators and regulators. Secondly, as a starting point towards improving identified challenges in existing standards and guidelines and their use in practice, we propose a framework, built using the outputs identified from the document analysis and the stakeholder engagement, for use by operators to support them in assessing and improving their response and recovery capabilities.

Item Type:
Journal Article
Journal or Publication Title:
International Journal of Critical Infrastructure Protection
Additional Information:
This is the author’s version of a work that was accepted for publication in International Journal of Critical Infrastructure Protection. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms may not be reflected in this document. Changes may have been made to this work since it was submitted for publication. A definitive version was subsequently published in International Journal of Critical Infrastructure Protection, 37, 2022 DOI: 10.1016/j.ijcip.2021.100505
Uncontrolled Keywords:
/dk/atira/pure/subjectarea/asjc/1700
Subjects:
?? icscniotcyber securitycyber incidentresponse and recoverycomputer science(all)modelling and simulationinformation systems and managementcomputer science applicationssafety, risk, reliability and quality ??
Departments:
Faculty of Science and Technology > School of Computing & Communications
ID Code:
164344
Deposited By:
ep_importer_pure
Deposited On:
07 Jan 2022 14:25
Refereed?:
Yes
Published?:
Published
Last Modified:
15 Apr 2024 00:13
URI:
https://eprints.lancs.ac.uk/id/eprint/164344