Architectures for cyber security incident reporting in safety critical systems

Latest revision as of 16:28, 21 January 2021

Abstract

Cyber-attacks can have a devastating impact on safety-critical systems. The increasing reliance on mass market Commercial Off-The Shelf (COTS) infrastructures, including Linux and the IP stack, have created vulnerabilities in applications ranging from Air Traffic Management through to Railway signalling and Maritime surveillance. Once a system has been attacked, it is impossible to demonstrate that malware has been completely eradicated from a safety-related network. For instance, recent generations of malware use zero day exploits and process injection with command and control server architectures to circumvent existing firewalls and monitoring software. This creates enormous problems for regulators who must determine whether or not it is acceptably safe to resume operations. It is, therefore, important that we learn as much as possible from previous cyber-attacks without disclosing information that might encourage future attacks. This chapter describes different architectures for encouraging the exchange of lessons learned from security incidents in safety-critical applications.

Original document

The different versions of the original document can be found in:

http://www.dcs.gla.ac.uk/~johnson/papers/ISSC2013/cyberincident.pdf

http://link.springer.com/content/pdf/10.1007/978-3-319-08819-8_7,

http://dx.doi.org/10.1007/978-3-319-08819-8_7

https://link.springer.com/chapter/10.1007/978-3-319-08819-8_7,

https://link.springer.com/chapter/10.1007/978-3-319-08819-8_7/fulltext.html,

https://academic.microsoft.com/#/detail/2182899594

@@ Line 3: / Line 3: @@
 Cyber-attacks can have a devastating impact on safety-critical systems. The increasing reliance on mass market Commercial Off-The Shelf (COTS) infrastructures, including Linux and the IP stack, have created vulnerabilities in applications ranging from Air Traffic Management through to Railway signalling and Maritime surveillance. Once a system has been attacked, it is impossible to demonstrate that malware has been completely eradicated from a safety-related network. For instance, recent generations of malware use zero day exploits and process injection with command and control server architectures to circumvent existing firewalls and monitoring software. This creates enormous problems for regulators who must determine whether or not it is acceptably safe to resume operations. It is, therefore, important that we learn as much as possible from previous cyber-attacks without disclosing information that might encourage future attacks. This chapter describes different architectures for encouraging the exchange of lessons learned from security incidents in safety-critical applications.
-Document type: Part of book or chapter of book
-== Full document ==
-<pdf>Media:Draft_Content_358535639-beopen731-4500-document.pdf</pdf>
@@ Line 15: / Line 10: @@
 * [http://www.dcs.gla.ac.uk/~johnson/papers/ISSC2013/cyberincident.pdf http://www.dcs.gla.ac.uk/~johnson/papers/ISSC2013/cyberincident.pdf]
+* [http://link.springer.com/content/pdf/10.1007/978-3-319-08819-8_7 http://link.springer.com/content/pdf/10.1007/978-3-319-08819-8_7],
+: [http://dx.doi.org/10.1007/978-3-319-08819-8_7 http://dx.doi.org/10.1007/978-3-319-08819-8_7]
+* [https://link.springer.com/chapter/10.1007/978-3-319-08819-8_7 https://link.springer.com/chapter/10.1007/978-3-319-08819-8_7],
+: [https://link.springer.com/chapter/10.1007/978-3-319-08819-8_7/fulltext.html https://link.springer.com/chapter/10.1007/978-3-319-08819-8_7/fulltext.html],
+: [https://academic.microsoft.com/#/detail/2182899594 https://academic.microsoft.com/#/detail/2182899594]

Latest revision as of 16:28, 21 January 2021

Abstract

Original document

Document information

Document Score

Share this document

Keywords

claim authorship