"I have found Journal of Airport Management to be an incredibly professional and leading-edge journal which finds and addresses the key areas of interest and importance to the aviation industry in general and the airport operator specifically. The themes, cases studies and areas investigated and researched by the journal's writers are of a high quality and professionalism allowing me as an industry participant to continually learn and improve. I strongly support and recommend the journal to anyone within or interested in the aviation industry as an essential tool in assisting you to improve your own knowledge and performance."
Consider the consequences: A powerful approach for reducing ICS cyber risk
Click the button below to download the full text of the article.
Abstract: Securing industrial control systems (ICS) or, for that matter, information technology (IT) systems is a never-ending battle. Cybersecurity subject matter experts (SMEs) secure their systems with the latest technology and threat actors develop new techniques to bypass these controls in a constant arms race of attack and defend, attack and defend. This paper explores the relationship between cyber and physical systems by introducing a reference model that explains the cascading nature of impacts. While a cyberattack on an ICS originates in the cyber domain the most serious impacts occur in the physical domain. By understanding this concept, cybersecurity SMEs can make more targeted defensive measures in the cyber domain and add protections in the physical domain to significantly reduce ICS cyber risk.
Keywords: ICS cybersecurity, cyberattacks, cyber/physical impacts, ICS Cyber Kill Chain, protection layers, risk analysis
Richard Wyman is a senior control systems engineer at Idaho National Laboratory (INL). During the last eight years, he has supported the United States Department of Homeland Security (DHS) Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) assessment and training programmes. As one of the original members of the ICS-CERT assessment team, Richard has evaluated over 100 control systems. Before his INL career, he worked as a project manager and technical lead for a northern California water utility, where he was responsible for the design and installation of a large distributed supervisory control and data acquisition (SCADA) system.