Jianghai Li,Xiaojin Huang

DOI: https://doi.org/10.1299/jsmeicone.2019.27.1813

2019-01-01

The Proceedings of the International Conference on Nuclear Engineering (ICONE)

Abstract:The cyber security problem is posing new challenges to the current safety analysis of nuclear power plants. Historically, analogue control systems in the absence of interactive communications are immune to cyber-attacks; however, digital control systems with extensive interconnection of reprogrammable components are intensely vulnerable to cyber-attacks which shed light on the significance and urgency of the cyber security. The current cyber security approaches, which merely focus on information networks, have not given multi-faceted considerations to instrumentation and control (I&C) systems. The cyber-attack on I&C systems may lead to more severe consequences, including the abnormal change of parameters, the malfunction of equipment, and even the accident condition. The existing cyber security approaches for information networks, such as firewalls, encryption, can enhance the cyber security of I&C systems, but are often insufficient in addressing challenges associate with the I&C systems which link cyber space and physical systems. The defense approach based on physical information should be developed to meet the emerging challenges. In this paper, we propose the cyber-physical security (CPS) approach based on the physical process data for the cyber defense. This approach does not intend to replace current cyber defense mechanisms. It could be served as the last barrier for security defense. The goal of the CPS defense approach is to detect attacks at the beginning of the occurrence of physical process anomalies cause by cyber-attacks. A practical implementation of the CPS approach is proposed and its influence on the existing infrastructure is discussed. The statistical analysis techniques are utilized on physical process data for attack detection. The method of dynamic principal component analysis (dynamic PCA) is employed to characterize the correlation of multiple variables in the normal operational condition. In the abnormal operational occurrence, the chi-square detector is able to distinguish adversarial cyber-attacks from ordinary random failures.

WUGuoyang,SONGXinli,JUPing,LIN Junjie,LYUJun,SUYi

DOI: https://doi.org/10.7500/AEPS20130419006

2014-01-01

Abstract:In light of the most widely used pressurized water reactor (PWR) nuclear power units (NPUs) in China,the interaction and mutual influence between grid-related generator protection of nuclear power plants and automatic security devices of power grids are analyzed,and the coordination and control principle between them is proposed.Based on the existing models for PWR NPUs in PSD-FDS,the dynamic performance of NPUs and power grids due to voltage and frequency disturbance are studied.Then the action performance of grid-related generator protection (such as the over-speed protection, over-excitation limitation and protection,abnormal frequency protection,and primary pump protection)and automatic security devices (such as generator tripping at a high frequency and load shedding at a low frequency) are analyzed,as well as the mutual influence and coordination between them.Finally,the coordination principle is validated with case studies based on an actual power grid.The principle can be used as a reference for the study of coordination control and parameter optimization for nuclear power plants and the power grid connected.

Ruiwen He,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ei250167.2020.9346835

2020-01-01

Abstract:With the development of information technology and Power Internet of Things, the increasing number of networked terminals presents new network security threats. Industrial control equipment and systems have vulnerabilities in hardware, software and firmware, and advanced persistent threat against ICS has become more complex and diverse. However, most of the research are aimed at the detection of single vulnerability, and lack attack mechanism analysis and threat assessment for attack chain. We proposed a threat assessment method based on vulnerability descriptive text and described the attributes of attack samples according to the classification results in attack targets, methods and consequences. We constructed attack graphs based on attack sample attributes and cyber-physical topology to quantitatively evaluate the feasibility and benefits of each attack path from vulnerability capabilities and the impact of devices in the physical world. Finally, we took the substation device status monitoring system as an example to verify the feasibility of this method.

Fan Zhang,Kevin Kelly

DOI: https://doi.org/10.1080/00295450.2022.2092356

IF: 1.667

2022-09-04

Nuclear Technology

Abstract:Digital instrumentation and control (I&C) systems are being deployed in nuclear power plants (NPPs) for both existing and advanced reactor designs. As I&C systems become more digitized to allow features like near autonomous control and remote operation, they introduce greater cyber risk to NPPs. Cyberattacks targeting industrial control systems (ICSs) are growing in both qualities and capabilities, which indicates that cybersecurity needs to be an integral part of risk assessment in the industry. Although there are some risk assessment methods in traditional information technology (IT) cybersecurity, the differences between IT and ICS cybersecurity make it infeasible to apply these risk assessment methods directly to ICSs. Some research has focused on risk assessment methods for ICSs, but few studies focus on applications to NPPs. Ideal risk frameworks for the nuclear industry are dynamic and account for system dependencies; this survey review focuses on such risk assessment methods both in and outside the nuclear field. The major challenges in cybersecurity risk assessment research are pointed out, and further research suggestions and considerations for cyber risk assessment in I&C systems are identified.

nuclear science & technology

Genghong Lu,Dongqin Feng

DOI: https://doi.org/10.23919/icif.2018.8455208

2018-01-01

Abstract:Due to the wide implementation of communication networks, industrial control systems are vulnerable to malicious attacks, which could cause potentially devastating results. Adversaries launch integrity attacks by injecting false data into systems to create fake events or cover up the plan of damaging the systems. In addition, the complexity and nonlinearity of control systems make it more difficult to detect attacks and defense it. Therefore, a novel security situation awareness framework based on particle filtering, which has good ability in estimating state for nonlinear systems, is proposed to provide an accuracy understanding of system situation. First, a system state estimation based on particle filtering is presented to estimate nodes state. Then, a voting scheme is introduced into hazard situation detection to identify the malicious nodes and a local estimator is constructed to estimate the actual system state by removing the identified malicious nodes. Finally, based on the estimated actual state, the actual measurements of the compromised nodes are predicted by using the situation prediction algorithm. At the end of this paper, a simulation of a continuous stirred tank is conducted to verify the efficiency of the proposed framework and algorithms.

Yan-Fu Li,Shou-Zhou Liu

2018-01-01

Abstract:In recent years, human society has observed a world-widely increasing number of cyberattacks, with increasing complexities, applied onto different information, telecommunication and control (ITC) systems including those in the nuclear power plants (NPPs). The target of those attacks against NPPs can be various subsystems of instrumental and control (I&C) systems, e.g. reactor protection systems, engineering workstations, etc. In response to the rising threats from the cyber space, regulations and technologies have been and are being developed to protect and enhance the cyber-security of I&C systems. Recently, a number of regulations and standards have been made for the prevention and mitigation of cyber threats. Meanwhile, an increasing number of research works have been published with the focuses on cyber-security assessment and protection To understand what are the cyber-attacks, how are they implemented, what are their consequences, how to analyze, assess and predict the cyber threats as well as what are the protection mechanisms, what are the optimal ways of deploy them, are beneficial to both researchers and practitioners. In this paper, we will deliver a state-of-the-art overview on various aspects of the cyber-security of NPP.

Fan Zhang,Jamie B. Coble

DOI: https://doi.org/10.1016/j.pnucene.2020.103446

IF: 2.461

2020-10-01

Progress in Nuclear Energy

Abstract:Most nuclear power plants (NPPs) are looking deploying digital instrumentation and control (I&C) systems, which allow for more precise control and more economical operation. However, both the quantity and capability of industrial control system (ICS)-targeted cyber-attacks have grown dramatically over recent years. Therefore, one of the most significant challenges that digital I&C systems bring is the issue of cybersecurity, which should be enhanced before their deployment.Several different types of cyber-attacks can be introduced to NPPs; a false data injection attack on key equipment is the focus of this research due to the potential severe consequences associated with such an attack. In false data injection, the attackers may alter the reading of control sensors or commands to change the operation of an NPP. Current cybersecurity efforts focus on intrusion prevention by firewalls or data-flow direction control and use commercial intrusion detection systems, which usually focus on monitoring Internet Protocol (IP) addresses, ports, and payload length. However, attention should be given to conditions where these approaches can fail, such as an insider attack. Previous research based on process data shows the potential of a last defenseâ, line using online monitoring of the process data in concern with cyber data analysis. However, existing models involve different subsystems across the whole NPP, which has a wide attack surface and may require high computing cost. This holistic approach may not meet the time-sensitive requirements imposed upon I&C systems. This paper proposes a localized kit for key equipment in a process as a complementary detection method to improve the robustness of key equipment under cyber-attacks. Compared to existing models, this reduces the number of variables used in the model and significantly improves the computational speed. It also reduces the attack surface by limiting the data acquisition locally. This localized kit includes a cyber-attack detection model to detect anomalies within key components, such as the control system actuator, and an inference model to potentially reconstruct a compromised signal to allow the safe shut down.To develop and demonstrate the localized cybersecurity kit, a hardware-in-the-loop (HIL) testbed was built with a pressurized water reactor (PWR) simulator and a programmable logical controller (PLC). The PLC was programmed to control the steam generator (SG) water level at a specified set point, and the PWR simulator was utilized to simulate the nuclear system and response for parameters outside of the SG. Three false data injection attacks were conducted towards the testbed to generate the data needed for the localized kit development and evaluation. The results show the cyber-attack detection model is effective under false data injection scenarios and the inference model is promising as a signal reconstruction method.

nuclear science & technology

Yukun Tian,Jianghai Li,Xiaojin Huang

DOI: https://doi.org/10.1115/icone29-93395

2022-01-01

Abstract:Abstract Cyber security risk analysis can identify and assess factors that may damage to the system such as digital instrumentation and control system of nuclear power plants. Performing cyber security risk analysis is important for instrumentation and control system of nuclear power plants because it could assess overall impacts of risks and help to identify vulnerabilities to determine next steps to address security risks. With the integration of information system and physical system, cyber security of information system and functional safety of physical system interact with each other, resulting in a type of new comprehensive security problem and introducing serious security risks. Most of the existing cyber security risk analysis methods pay more attention to cyberattacks like attack tree analysis method, Petri net method, and Bayesian network method. STPA-SafeSec is a top-down security risk analysis method focusing on the system itself based on system theory, which starts from unacceptable losses of the system and pays attention to the causal factors that produce unsafe control. In this paper, STPA-SafeSec is applied to the primary circuit pressure control system of high temperature gas-cold reactors in order to perform the hazard analysis of integrated risk assessment for both functional safety and cyber security. The application details are given and a part of the hazardous scenarios tree is obtained for the formulation of mitigation strategies.

Shi Guilian,Huang Xiaojin,Zhao Xiaopeng,Wang Lei

DOI: https://doi.org/10.1115/icone29-89229

2022-01-01

Abstract:Abstract In view of the problems of poor maintenance timeliness of nuclear power digital instrument and control system (I&C system) and the inability to evaluate the health condition of the I&C system in real time, a remote intelligent operation and maintenance strategy based on virtual DCS and Prognostic and Health Management (PHM) technology framework was proposed. The key technical information of virtual DCS and PHM is introduced. Combining with the technical characteristics of digital I&C system of nuclear power plant (NPP), the remote intelligent operation and maintenance framework combining virtual and actual object is constructed. With respect to the actual I&C system, virtual DCS was established to realize condition based maintenance for its flexibility and predictive characteristics. At the same time, the actual system data can be collected and stored through the I&C system data center, which will be the data basis for the remote monitoring of the site. Then, five functions of remote monitoring, fault diagnosis, condition prediction, intelligent maintenance and resource allocation and management are described. The key technologies and data resources needed to realize the scheme are analyzed. Finally, according to the strategy, a prototype with remote intelligent operation and maintenance function is built on the basis of a nuclear power platform, which realizes the strategy and provides feasibility guarantee for remote intelligent maintenance of I&C equipment.

Hua Liu,Xiao-Hua Yang,Zhao-hui Liu,Meng Li,Zhi Chen,Zhigang Feng,Qing Zhao

DOI: https://doi.org/10.1115/icone26-81486

2018-01-01

Abstract:From the general industrial control system to the nuclear power plant control platform, the threat of information security has its own particularity more than continuity.The original dedicated system in general industrial area is gradually replaced by many common protocol, software and equipment. As a result, the security vulnerabilities are more likely to be used illegally. For a specific nuclear power plant digital control platform-NASPIC, the vulnerability analysis of platform is performed. Mainly two aspects of technology and management are to be carried out. For technical aspects, four categories problems-unauthorized execution, unauthorized write, unauthorized reading and reject service-are analyzed. Management is mainly about the lack of management strategy and strategy vulnerability. By analyzing the fragility of the instrument control platform, the key equipments, key channels and key modules are proposed. The qualitative and quantitative rules are deduced for evaluation of NASPIC information security.

Zhanjun Li,Bo Hu,Tianqi Lu,Yuxi Wei,Qingqi Zhao,Zhiyuan Duan

DOI: https://doi.org/10.1088/1755-1315/675/1/012156

2021-02-01

IOP Conference Series: Earth and Environmental Science

Abstract:Abstract In this paper, an information-physical risk prevention and control framework based on intrusion tolerance technology is proposed, which is a multi-stage in-depth defense system for the risk interaction mechanism and evolution process in the power information-physical fusion system, the aim of this paper is to improve the survivability of the system under attack and minimize the loss caused by the risk through multi-phase defense strategy. At the same time, according to the phase characteristics of risk propagation in CPS, a safe operation state transition model considering intrusion tolerance is established. In order to contain the critical failure events in the risk evolution process of the information-physics fusion system, according to the risk development characteristics of the information-physics system under attack, this paper presents a self-organized critical state identification method, which integrates the characteristics of physical network power flow and information network traffic flow, in order to identify the critical nides that make CPS system enter the self-organized critical state under network attack. Finally, according to the characteristics of CPS dependent network structure and the self-organized critical characteristics of risk evolution, the protection strategies of strengthening the protection of key nodes, adjusting the coupling state of dependent edges and adding autonomous nodes are formulated, by considering the decision-making model of risk prevention and control strategy in the game of attack and defense, the current defense resources are reasonably allocated.

LI Jiang-hai,HUANG Xiao-jin

2012-01-01

Abstract:The digitalization and networking of control systems in nuclear power plants has brought significant improvements in system control,operation and maintenance.However,the highly digitalized control system also introduces additional security vulnerabilities.Moreover,the replacement of conventional proprietary systems with common protocols,software and devices makes these vulnerabilities easy to be exploited.Through the interaction between control systems and the physical world,security issues in control systems impose high risks on health,safety and environment.These security issues may even cause damages of critical infrastructures and threaten national security.The importance of control system security by reviewing several control system security incidents that happened in nuclear power plants was showed in recent years.Several key difficulties in addressing these security issues were described.Finally,existing researches on control system security and propose several promising research directions were reviewed.

Chunjie Zhou,Bowen Hu,Yang Shi,Yu-Chu Tian,Xuan Li,Yue Zhao

DOI: https://doi.org/10.1109/jproc.2020.3034595

IF: 20.6

2021-04-01

Proceedings of the IEEE

Abstract:With the rapid development of functional requirements in the emerging Industry 4.0 era, modern industrial control systems (ICSs) are no longer isolated islands, making them more vulnerable to various cyberattack threats. Cyberattacks on ICSs may have disruptive consequences, such as significant social and economic losses. To proactively address the security issue of ICSs, this article presents a unified architectural approach from the perspectives of cyberthreats on ICSs, security-related ICS technologies, and methods for ICSs. It incorporates secure networks, secure control systems, secure physical processes, and their interactions seamlessly into a unified framework. To increase the resistance of ICSs against intrusions, the network security in our architectural approach is to secure the data in motion through the integration of secure network architecture, secure industrial network protocols, and secure end-to-end communications. The protection of control systems in our architectural approach is risk-based and hierarchical and encompasses prevention- and tolerance-centric defenses. It provides a layer-by-layer defense so that an acceptable level of cybersecurity risk is achieved and maintained. Aiming to maintain the stable operation of physical ICS processes, the secure control in our architectural approach implements a security process against process-aware attacks through a resilient safety control scheme. The global and systematic architectural approach presented in this article for the ICS cybersecurity will help facilitate the design and implementation of cyberattack-resilient ICSs in the networked world. For further development of ICS security technologies, emerging challenges are identified and discussed to motivate future research efforts.

engineering, electrical & electronic

Chao Guo,Jianghai Li,Zhe Dong,Xiaojin Huang

2017-01-01

Abstract:Digital Instrumentation and control (I&C) system serves as the “senses and nervous system” of a nuclear power plant (NPP). It plays an important role in the safe and economic operation in the NPPs. Digital I&C system has a series of advantages compared with analogue ones, but the introduction of the operation system platform, the application software, and the network communication structure are causing security risk to the power plant. Different kinds of procedures have already been adopted against these risks such as the communication isolation, but the security attacks still occur from time to time in the industrial fields around the world. This paper presents two computer security methods based on the thought of software verification and validation with step-by-step operation identification. First, three scenarios of security attack are proposed according to the structure of a distributed control system (DCS). Then a method with two network bypasses and a security computer are adopted to obtain the operation commands, the actuation signal, and the operation feedback in case of the first two scenarios by identifying the consistency of the obtained data. Furthermore, the method is optimized by combining the operation procedure and the camera shot to identify the anomaly of the information flow, thus to improve the effectiveness against the computer security issues. In the end, the influence and feasibility of this method is discussed.

Xiangyu Jiang,Yixiong Feng,Zhiwu Li,Zhaoxi Hong,Hengyuan Si,Jianrong Tan

DOI: https://doi.org/10.1109/tase.2023.3321049

IF: 6.636

2024-01-01

IEEE Transactions on Automation Science and Engineering

Abstract:Human-cyber-physical system has emerged as a pivotal tool for intelligent production throughout the whole lifecycle. In this paper, a health state assessment approach based on hierarchical data fusion is proposed under human-cyber-physical system architecture. The human-cyber-physical system emphasizes the flexibility of dynamic operating states and the evolvability of the enabling models. First of all, a multiple hierarchy consisting of equipment, systems and function is established as a physical basis for human-cyber-physical system. Regarding the equipment-level assessment characterized by extensive input parameters, a dynamic weighting method is exploited to highlight the abnormal parameters. Thus, the degraded device can be significantly reflected in the system-level assessment by fusing equipment parameters. To evaluate the operation function of a plant, a Nearest Class Mean classifiers-based Random Forests algorithm is explored considering the small-scale and imbalanced instances in different health levels. However, the conventional fixed and changeable models threaten the accuracy and rationality of the human-cyber-physical system. We introduce incremental learning to reform Random Forests that can update promptly with new data and knowledge. Finally, the proposed scheme and technologies are applied in a nuclear power plant to demonstrate their effectiveness. Note to Practitioners —The modern production desires to be further intelligent for improvement of economic benefits but with the consistent requirements of high safety and reliability. The trades-off between efficiency and safety bring the greater challenges to the operation and maintenance for production. This paper proposes an evolvable human-cyber-physical system scheme that not only integrates more intelligent elements but also attaches some solution to the abovementioned problem. The scheme is implemented on the multi-hierarchy health states assessment which is the core in production maintenance against lagging. This equipment-system-function fusion and assessment provide a unified platform for multi-departments to collaborate and self-manage. The novel weighting method abandons the conventional subjective evaluation criteria with high time consumption. Computers are convenient to possess sensing data efficiently and highlight the anomaly obviously. In particular, it is mentioned that the intelligent models in human-cyber-physical systems are always fixed and unable to alter with the physical system changes. Incremental learning, a promising branch of machine learning, is introduced to reform the assessment model to be stainable developed with new data adding. The scheme takes a nuclear plant as example because it is more corresponding to these issues. The future studies can extend the scheme to other scenarios.

Yen-Neng Chiang,Yi-Wei Ma,Jiann-Liang Chen,Yi-Hao Tu,Chia-Wei Tsou

DOI: https://doi.org/10.70003/160792642024072504005

2024-07-31

Abstract:The utilization of network technology in Industrial Control Systems (ICS) is becoming increasingly prevalent due to advancements in the Fifth Generation Networks (5G), the Internet of Things (IoT), cloud computing, and big data. These technologies have significantly enhanced intelligent mobile device data transmission speed and interaction levels. The connection of ICS devices to a network gives rise to supplementary security considerations. Hence, this paper must analyze and synthesize pertinent scholarly works on cyber security and safety within the ICS sector. This paper further categorizes the security risks that ICS may encounter into six distinct areas: attack, detect, risk estimation, incident response, protect, and incident prevention. Extensive literature evaluations and rigorous research were conducted to examine the subject matter thoroughly. Based on the findings, comprehensive suggestions and strategic approaches were produced for each specific area. This paper proposed the ICS-based Purdue Enterprise Reference Architecture (PERA) to evaluate the threat and solution for enhancing ICS security and safety.

Engineering,Computer Science

Nabin Chowdhury

DOI: https://doi.org/10.3390/signals2040046

2021-11-04

Signals

Abstract:As digital instrumentation in Nuclear Power Plants (NPPs) is becoming increasingly complex, both attack vectors and defensive strategies are evolving based on new technologies and vulnerabilities. Continued efforts have been made to develop a variety of measures for the cyber defense of these infrastructures, which often consist in adapting security measures previously developed for other critical infrastructure sectors according to the requirements of NPPs. That being said, due to the very recent development of these solutions, there is a lack of agreement or standardization when it comes to their adoption at an industrial level. To better understand the state of the art in NPP Cyber-Security (CS) measures, in this work, we conduct a Systematic Literature Review (SLR) to identify scientific papers discussing CS frameworks, standards, guidelines, best practices, and any additional CS protection measures for NPPs. From our literature analysis, it was evidenced that protecting the digital space in NPPs involves three main steps: (i) identification of critical digital assets; (ii) risk assessment and threat analysis; (iii) establishment of measures for NPP protection based on the defense-in-depth model. To ensure the CS protection of these infrastructures, a holistic defense-in-depth approach is suggested in order to avoid excessive granularity and lack of compatibility between different layers of protection. Additional research is needed to ensure that such a model is developed effectively and that it is based on the interdependencies of all security requirements of NPPs.

Jinping Liu,Wuxia Zhang,Tianyu Ma,Zhaohui Tang,Yongfang Xie,Weihua Gui,Jean Paul Niyoyita

DOI: https://doi.org/10.1016/j.eswa.2020.113578

IF: 8.5

2020-11-01

Expert Systems with Applications

Abstract:<p>Industrial Cyber-physical systems (ICPSs), integrating communication, computation and control of industrial processes are referred to as a core technology to approach the <em>Industry 4.0</em>. Ensuring the ICPS security is of paramount importance in smart manufacturing. Considering the characteristics of large-scale, geographically-dispersed and multi-dimensional heterogeneous, federated and life-critical natures of ICPSs, this paper investigates a hierarchically distributed intrusion detection scheme that seeks to achieve the all-round safety protection of ICPSs according to the system structure and attacking types of each ICPS layer. For physical system-relevant perceptual executive layer, potential and covert attacks are detected by the clustered sensory system state residual anomaly monitoring based on a process noise and measurement noise-adaptive Kalman filter (PNMN-AKF). PNMN-AKF can perform a joint recursive estimation of dynamic system states, time-varying process and measurement noise covariance matrices by the variational Bayes approximation framework. In cyberspace, potential cyber-attacks are detected by the anomaly monitoring of the statistical distribution of the network transmission characteristics of data transmission layer by introducing a forgetting factor-induced recursive Gaussian mixture model (FF-RGMM). In the application control layer, a regularized sparse deep belief network model is introduced to characterize the misuse behavior for detecting potential attacks. Extensive validation and comparative experiments have been conducted on a numerical simulation system and a comprehensive ICPS simulation platform by using OPNET and a commonly-used benchmark simplified Tennessee Eastman process (STEP) based on Matlab/Simulink. Experimental results demonstrate that the proposed hierarchically distributed intrusion detection method can efficiently recognize potential and covert cyber-attacks in each ICPSs link with low false alarm rate and missing detection rate, which lays a foundation for the overall security monitoring of ICPSs.</p>

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science

Fan Zhang,J. Wesley Hines,Jamie B. Coble

DOI: https://doi.org/10.1080/00295450.2019.1666599

IF: 1.667

2019-10-28

Nuclear Technology

Abstract:Most nuclear power plants (NPPs) under construction or under design are expected to deploy largely digital instrumentation and control (I&amp;C) systems. Current fleets are increasingly looking...

nuclear science & technology

Allan Cook,Helge Janicke,Richard Smith,Leandros Maglaras

DOI: https://doi.org/10.1016/j.cose.2017.07.009

2017-09-01

Abstract:The threat to Industrial Control Systems (ICS) from cyber attacks is widely acknowledged by governments and literature. Operators of ICS are looking to address these threats in an effective and cost-sensitive manner that does not expose their operations to additional risks through invasive testing. Whilst existing standards and guidelines offer comprehensive advice for reviewing the security of ICS infrastructure, resource and time limitations can lead to incomplete assessments or undesirably long countermeasure implementation schedules.In this paper we consider the problem of undertaking efficient cyber security risk assessments and implementing mitigations in large, established ICS operations for which a full security review cannot be implemented on a constrained timescale. The contribution is the Industrial Control System Cyber Defence Triage Process (ICS-CDTP). ICS-CDTP determines areas of priority where the impact of attacks is greatest, and where initial investment reduces the organisation&#x27;s overall exposure swiftly. ICS-CDTP is designed to be a precursor to a wider, holistic review across the operation following established security management approaches. ICS-CDTP is a novel combination of the Diamond Model of Intrusion Analysis, the Mandiant Attack Lifecycle, and the CARVER Matrix, allowing for an effective triage of attack vectors and likely targets for a capable antagonist. ICS-CDTP identifies and focuses on key ICS processes and their exposure to cyber threats with the view to maintain critical operations. The article defines ICS-CDTP and exemplifies its application using a fictitious water treatment facility, and explains its evaluation as part of a large-scale serious game exercise.

computer science, information systems