The 4th International Symposium for Industrial Control System & SCADA Cyber Security Research (ICS-CSR) brings together researchers with an interest in the security of industrial control systems in light of their increasing exposure to cyber-space. The papers in this proceedings range from defence-in-depth concepts for ICS and ICS security scanners, runtime monitoring and firewall performance for industrial applications.
Defense-in-depth vs. critical component defense for industrial control
systems 1
SimaticScan: Towards A Specialised Vulnerability Scanner for Industrial
Control Systems 11
Towards a Resilience Metric Framework for Cyber-Physical Systems 19
A practical flow white list approach for SCADA systems 23
Ontology and life cycle of knowledge for ICS security assessments 32
Performance of Firewalls for Industrial Applications 42
Threat Analysis of BlackEnergy Malware for Synchrophasor based Real-time
Control and Monitoring in Smart Grid 53
Adaptive Modelling for Security Analysis of Networked Control Systems 64
Data Integrity Attacks in Smart Grid Wide Area Monitoring 74
Using Gamification to Raise Awareness of Cyber Threats to Critical National
Infrastructure 84
Characterising Disruptive Events to Model Cascade Failures in Critical
Infrastructures 95
Measuring the Risk of Cyber Attack in Industrial Control Systems 103
Improving SCADA security of a local process with a power grid model 114
Towards A Stateful Analysis Framework for Smart Grid Network Intrusion
Detection 124
Towards a Distributed Runtime Monitor for ICS/SCADA Systems 132
Forensic Readiness for SCADA/ICS Incident Response 142
Author Index 151
Dr Helge Janicke is a Reader in Computer Science at De Montfort University, Leicester (UK). He is heading the Software Technology Research Laboratory and is leading research on cyber security. His research interests are in particular the cyber security of industrial control systems, access control and policy-based system management. He is chairing the International Symposium on ICS and SCADA Cyber Security Research and has published widely in this area of research.
Dr Kevin Jones is the Research Team Lead for Airbus Group Innovations Cyber Operations. He is active in the cyber security research community and holds a number of patents within the domain. He has many years experience in consultancy to aid organisations in achieving accreditation to ISO27001 Standard on Information Security Management and lecturing in cyber security. Kevin joined Airbus Group in 2011 where he has worked on risk assessments, security architectures, and cyber operations in ICS/SCADA systems and critical national infrastructure (CNI). He is a Member of BCS, IEEE and ISC2 and is accredited as a Certified Information Systems Security Professional (CISSP) and ISO27001 Lead Auditor.
Prof Thomas Brandstetter is lecturing at the University of Applied Sciences St. Poelten, Austria, where he teaches classes such as industrial security, penetration testing, botnets and honeypots as well as CERTs and incident response. Besides his academic work, he is co-founder and GM of Limes Security, a cyber security consulting company specialising in industrial security. He is also a community instructor for the SANS Institute. His noteworthy former positions include Head of Siemens ProductCERT, Program manager of the Siemens Hack-Proof Products Program and he was also the official incident handler for the Stuxnet malware at Siemens. He is a CISSP, GICSP and holds academic degrees in IT security and business administrations.
