Eine Plattform für die Wissenschaft: Bauingenieurwesen, Architektur und Urbanistik
Eine Plattform für die Wissenschaft: Bauingenieurwesen, Architektur und Urbanistik
The enhanced security control model for critical infrastructures with the blocking prioritization process to cyber threats in power system
Abstract There have been a lot of efforts and studies to improve the safety of critical infrastructures. As one of efforts, there have been numerous constructions of security operation center (SOC) to protect against cyber-attacks. Unfortunately, it is too difficult to protect from cyber-attacks, because there are too many security events to analyse and respond. Reducing security events are very essential to improve the efficiency of incidents response. In this paper, we studied four years cyber threats against a Korean electric power organization by analysing IPS and FW raw data. As a result of this analysis, we found that 95% of all cyber-attacks were from foreign nations. If an IT system is not related with foreign business, we should think about blocking unnecessary foreign IP ranges. So, we propose the Enhanced Security Control (ESC) model with Blocking Prioritization (BP) process for critical infrastructures to improve daily incidents response activities. This ESC model has a BP process with six factors to consider when deciding which IT systems to be blocked from foreign IP ranges: foreign relation, real login, blocking complexity, stop tolerance, outer relation and stop impact. By considering these six factors, the ESC model can make it possible to prioritize Blocking Impact Degree (BID) of IT systems and help making decision to block from unnecessary foreign IP ranges. This ESC model will reduce security events and make a better condition for concentration on the remaining unblocked and crucial IT systems.
The enhanced security control model for critical infrastructures with the blocking prioritization process to cyber threats in power system
Abstract There have been a lot of efforts and studies to improve the safety of critical infrastructures. As one of efforts, there have been numerous constructions of security operation center (SOC) to protect against cyber-attacks. Unfortunately, it is too difficult to protect from cyber-attacks, because there are too many security events to analyse and respond. Reducing security events are very essential to improve the efficiency of incidents response. In this paper, we studied four years cyber threats against a Korean electric power organization by analysing IPS and FW raw data. As a result of this analysis, we found that 95% of all cyber-attacks were from foreign nations. If an IT system is not related with foreign business, we should think about blocking unnecessary foreign IP ranges. So, we propose the Enhanced Security Control (ESC) model with Blocking Prioritization (BP) process for critical infrastructures to improve daily incidents response activities. This ESC model has a BP process with six factors to consider when deciding which IT systems to be blocked from foreign IP ranges: foreign relation, real login, blocking complexity, stop tolerance, outer relation and stop impact. By considering these six factors, the ESC model can make it possible to prioritize Blocking Impact Degree (BID) of IT systems and help making decision to block from unnecessary foreign IP ranges. This ESC model will reduce security events and make a better condition for concentration on the remaining unblocked and crucial IT systems.
The enhanced security control model for critical infrastructures with the blocking prioritization process to cyber threats in power system
Han, Choong-Hee (Autor:in) / Park, Soon-Tai (Autor:in) / Lee, Sang-Joon (Autor:in)
25.07.2019
Aufsatz (Zeitschrift)
Elektronische Ressource
Englisch
Data Governance to Counter Hybrid Threats against Critical Infrastructures
| DOAJ | 2024
Cyber attacks on critical infrastructures and satellite communications
| Elsevier | 2024