References

  1. Abdo, H., Kaouk, M., Flaus, J.-M., and Masse, F. (2018). A safety/security risk analysis approach of Industrial Control Systems: A cyber bowtie – combining new version of attack tree with bowtie analysis. Computer Security, 72, 175–195.
  2. Abshier, J. (2004). Securing your control system [Online]. Available at: https://www.controlglobal.com/articles/2004/238 [Accessed July 15, 2018].
  3. ANSSI (2010). Expression des besoins et identification des objectifs de sécurité EBIOS [Online]. Report, Agence nationale de la sécurité des systèmes d’information, Paris.
  4. ANSSI (2012a). Maîtriser la SSI pour les systèmes industriels [Online]. Report, Agence nationale de la sécurité des systèmes d’information, Paris. https://www.ssi.gouv.fr/uploads/2014/01/Managing_Cybe_for_ICS_EN.pdf.
  5. ANSSI (2012b). Recommandations de sécurité relatives aux mots de passe [Online]. Report, Agence nationale de la sécurité des systèmes d’information, Paris. Available at: https://www.ssi.gouv.fr/uploads/IMG/pdf/NP_MDP_NoteTech.pdf.
  6. ANSSI (2013a). Cybersécurité pour les systèmes industriels: Mesures détaillées [Online]. Report, Agence nationale de la sécurité des systèmes d’information, Paris. Available at: https://www.ssi.gouv.fr/uploads/2014/01/industrial_security_WG_detailed_measures.pdf.
  7. ANSSI (2013b). Cybersécurité pour les systèmes industriels: Classification et mesures principales [Online]. Report, Agence nationale de la sécurité des systèmes d’information, Paris. Available at: https://www.ssi.gouv.fr/uploads/2014/01/industrial_security_WG_Classification_Method.pdf.
  8. ANSSI (2014a). Méthode de classification et mesures principales [Online]. Report, Agence nationale de la sécurité des systèmes d’information, Paris. Available at: https://www.ssi.gouv.fr/uploads/2014/01/industrial_security_WG_Classification_Method.pdf.
  9. ANSSI (2014b). Mesures détaillées [Online]. Report, Agence nationale de la sécurité des systèmes d’information, Paris. Available at: https://www.ssi.gouv.fr/uploads/2014/01/industrial_security_WG_detailed_measures.pdf.
  10. ANSSI (2014c). Politique de sécurité des systèmes d’information de l’État [Online]. Report, Agence nationale de la sécurité des systèmes d’information, Paris. Available at: https://www.ssi.gouv.fr/uploads/IMG/pdf/pssie_anssi.pdf
  11. ANSSI (2018). EBIOS Risk manager [Online]. Report, Agence nationale de la sécurité des systèmes d’information, Paris. Available at: https://www.ssi.gouv.fr/guide/la-methode-ebios-risk-manager-le-guide/ [Accessed October 2018].
  12. ANSSI (n.d.). Certification CSPN [Online]. Agence nationale de la sécurité des systèmes d’information, Paris.
  13. Armstrong, R. and Hunkar, P. (2010). The OPC UA security model for administrators [Online]. OPC Foundation, Scottsdale, AZ 85260-1868 USA.
  14. Bar-El, H. (2010). Introduction to side channel attacks. [Online]. Discretix Technologies. Available at: http://gauss.ececs.uc.edu/Courses/c653/lectures/SideC/intro.pdf.
  15. Basnight, Z., Butts, J., Lopez, J., and Dube, T. (2013). Firmware modification attacks on programmable logic controllers. International Journal of Critical Infrastructure Protection, 6, 76–84.
  16. Braband, J. (2017). Towards an IT security risk assessment framework for railway automation. arXiv.
  17. Byres, E.J., Franz, M., and Miller, D. (2004). The Use of Attack Trees in Assessing Vulnerabilities in SCADA Systems. International Infrastructure Survivability Workshop, Lisbon, Portugal.
  18. Cárdenas, A.A., Amin, S., Lin, Z.-S., Huang, Y.-L., Huang, C.-Y., and Sastry, S. (2011). Attacks against process control systems: Risk assessment, detection, and response. ASIACCS, 11, 355–366.
  19. CMMI (2010). CMMI for Services, Version 1.3. Report. Software Engineering Institute, Pittsburg.
  20. Cole, E. (2017). Defending against the wrong enemy: 2017 SANS insider threat survey. Report, SANS Institute, Swansea.
  21. Conseil européen (2017). Conclusions [Online]. Available at: http://www.consilium.europa.eu/media/21606/19-euco-final-conclusions-fr.pdf.
  22. Cyber-Physical Systems Public Working Group (2017). Framework for Cyber-Physical Systems: Volume 1, Overview. NIST Special Publication 1500-201.
  23. Daemen, J. and Rijmen, V. (1999). The Rijndael Block Cipher: AES Proposal. Explication du système de Rijndael [Online]. Available at: http://csrc.nist.gov/CryptoToolkit/aes/rijndael/Rijndael.pdf.
  24. Daemen, J. and Rijmen, V.(2002). The Design of Rijndael, AES – The Advanced Encryption Standard, Springer-Verlag, 238.
  25. DHS (2007). Recommended practice case study: cross-site scripting. Study, Homeland Security, National Cyber Security Division. Available at: https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/RP_CaseStudy_XSS_20071024_S508C.pdf.
  26. Diffie, W. and Hellman, M.E. (1976). New directions in cryptography. IEEE Transactions on Information Theory, 22, 644–654.
  27. Falliere, N., Murchu, L.O., and Chien, E. (2011). W32. Stuxnet Dossier. Symantec-security response, version 1. Report, Symantec. Available at: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf.
  28. Federal Office for Information Security (2016). Industrial control system security–Top 10 threats and countermeasures [Online]. Federal Office for Information Security. Available at: https://www.allianz-fuer-cybersicherheit.de/ACS/DE/_/downloads/BSI-CS_005E.pdf?__blob=publicationFile&v=3
  29. Fernandes, E., Jun, J., and Prakash, A. (2016). Security analysis of emerging smart home applications. 2016 EEE Symposium on Security and Privacy, 18–37.
  30. Flaus, J.-M. (1994). La régulation industrielle: régulateurs PID, prédictifs et flous. Hermès, Paris.
  31. Flaus, J.-M. (2013). Risk Analysis: Socio-Technical and Industrial Systems. ISTE Ltd, London, and Wiley, New York.
  32. Flaus, J.-M. and Georgakis, J. (2018a). Machine learning based intrusion detection approaches for industrial IoT control systems: A review. IoTsm Conference, London, UK.
  33. Flaus, J.-M. and Georgakis, J. (2018b). Revue des approches pour la détection d’intrusion à base de machine learning pour les systèmes de commande industriels. Journées C&ESAR 2018. Rennes, France.
  34. Fovino, I.N., Coletta, A., Carcano, A., and Masera, M. (2012). Critical state-based filtering system for securing SCADA network protocols. IEEE Transactions on Industrial Electronics, 59(10), 3943–3950.
  35. F-Secure (n.d.). Brain virus [Online]. Available at: https://www.f-secure.com/v-descs/brain.shtml [Accessed July 15, 2018].
  36. European Union (2012). Directive 2012/18/EU of the European Parliament and of the Council of 4 July 2012 on the control of major-accident hazards involving dangerous substances, amending and subsequently repealing Council Directive 96/82/EC with EEA relevance. Directive, European Union.
  37. European Union (2016a). Regulation (EU) 2016/679 of the European Parliament and of the Council 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance). Directive, European Union.
  38. European Union (2016b). Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union. Directive, European Union.
  39. Goble, W.M. and Cheddie, H. (2005). Safety Instrumented Systems Verification: Practical Probabilistic Calculations. ISA, Durham, NC.
  40. Govil, N., Agrawal, A., and Tippenhauer, N.O. (2018). On ladder logic bombs in industrial control systems. In Computer Security, Katsikas S. et al. (eds). Springer.
  41. Hadziosmanovic, D., Sommer, R., Zambon, E., and Hartel, P.H. (2013). Through the eye of the PLC: Towards semantic security monitoring for industrial control systems. ACSAC 14: Proceedings of the 30th Annual Computer Security Applications Conference, New Orleans, LA, 126–135.
  42. Hanna, S., Kumar, S., and Weber, D. (2018). IIC endpoint security best practices. Guide d’usage, Industrial Internet Consortium.
  43. Hauet J.P. (2012). ISA99/IEC 62443: A solution to cybersecurity issues? ISA Automation Conference. Doha, Qatar.
  44. Hauet, J.P. (n.d.a). La norme ISA/IEC 62443 (ISA-99) et la cybersécurité des systèmes de contrôle. Course, ISA France.
  45. Hauet J.P. (n.d.b). L’Internet industriel des objets: Les futures architectures de systèmes d’automatisme et de contrôle. Course, ISA France.
  46. Hei, X., Du, X., Lin, S., and Lee, I. (2013). PIPAC: Patient infusion pattern based access control scheme for wireless insulin pump system. 2013 Proceedings IEEE INFPCOM. Turin, Italy.
  47. High-Tech Bridge Security Research (2016). 90% of SSL VPNs use insecure or outdated encryption, putting your data at risk [Online]. Available at: https://www.htbridge.com/blog/90-percent-of-ssl-vpns-use-insecure-or-outdated-encryption.html [Accessed November 16, 2018].
  48. Howard, M. and Leblanc, D.E. (2002). Writing Secure Code. Microsoft Press, Redmond.
  49. Hutchins, E.M., Cloppert, M.J., and Amin, R.M. (2011). Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. White paper, Lockheed Martin Corporation.
  50. Idaho National Laboratory (n.d.). Aurora generator test [Online]. Available at: https://www.youtube.com/watch?v=fJyWngDco3g [Accessed July 15, 2018].
  51. IEC (2010). Functional safety of electrical/electronic/programmable electronic safety-related systems. IEC 61508:2010.
  52. IEC (2011). Information technology–Security techniques–Information security risk management. ISO/IEC 27005:2011.
  53. IEC (2016). Functional safety–Safety instrumented systems for the process industry sector. IEC 61511:2016.
  54. IEC (n.d.). EDSA Certification [Online]. IEC 62443. Available at: https://www.isasecure.org/en-US/Certification/IEC-62443-EDSA-Certification. [Accessed November 16, 2018].
  55. IEEE (2013). IEEE Standard for intelligent electronic devices cyber security capabilities. IEEE Std 1686TM-2013. IEEE Power Energy Society.
  56. Illera, A.G. and Vidal, J.V. (2014). Lights Off! The Darkness of the Smart Meters. Black Hat Europe, Amsterdam, The Netherlands.
  57. International Atomic Energy Agency (2011). Computer security at nuclear facilities. Report, 17, IAEA Nuclear Security Series, International Atomic Energy Agency.
  58. International Atomic Energy Agency (2015). Computer security of instrumentation and control systems at nuclear facilities. Report, 33-T, IAEA Nuclear Security Series, International Atomic Energy Agency.
  59. International Atomic Energy Agency (2016). Conducting computer security assessments at nuclear facilities, Report, IAEA Nuclear Security Series, International Atomic Energy Agency.
  60. ISA (2018). The 62443 series of standards, industrial automation and control systems security. Collection of standards. ISA.
  61. ISO/IEC (2013). Information technology–Security techniques–Code of practice for information security management. Practical manual. ISO/IEC 27002:2013.
  62. Jenkins, G. (2014). Risk methodology. Information security framework programme. Risk Assessment Document, Cardiff University, Cardiff.
  63. Joint Task Force Transformation Initiative Interagency Working Group (2012). Guide for conducting risk assessments. NIST SP 800-30. Guide, National Institute of Standards and Technology, Gaithersburg.
  64. Joye, M. and Olivier, F. (2011). Side-channel analysis. Encyclopedia of Cryptography and Security. Springer, Basel.
  65. Kaspersky Lab ICS CERT (2018). Threat landscape for industrial automation systems in H2 2017 [Online]. Available at: https://ics-cert.kaspersky.com/reports/2018/03/26/threat-landscape-for-industrial-automation-systems-in-h2-2017/ [Accessed July 15, 2018].
  66. Knapp, E.D. and Thomas, J. (2015). Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems. Elsevier, Amsterdam.
  67. Kocher, P.C. (1996). Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Lecture Notes in Computer Science, Koblitz N. (ed.). 104–113, Springer.
  68. Kordy, B., Mauw, S., Radomirović, S., and Schweitzer, P. (2011). Foundations of attack– defense trees. In Formal Aspects of Security and Trust, Degano P., Etalle S., Guttman J. (eds). Springer, Berlin, 80–95.
  69. Kovacs, E. (2018). Severe flaws expose Moxa industrial routers to attacks [Online]. Available at: https://www.securityweek.com/severe-flaws-expose-moxa-industrial-routers-attacks [Accessed July 2018].
  70. Kriaa, S., Pietre-Cambacedes, L., Bouissou, M., and Halgand, Y. (2015). A survey of approaches combining safety and security for industrial control systems. Reliability Engineering System Safety, 139, 156–178.
  71. Legifrance (2016). Annexe. JORF. 0145.
  72. Legifrance (2018a). (201AD) Dispositions tendant à transposer la directive (UE) 2016/1148 du parlement européen et du conseil du 6 juillet 2016 concernant des mesures destinées à assurer un niveau élevé commun de sécurité des réseaux et des systèmes d’information dans l’union. Loi. 2018-133.
  73. Legifrance (2018b). Chapitre IV: Dispositions relatives à la protection des infrastructures vitales contre la cyber-menace. Dans Loi no. 2013-1168 du 18 décembre 2013 relative à la programmation militaire pour les années 2014 à 2019 et portant diverses dispositions concernant la défense et la sécurité nationale [Online]. Available at: https://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000028338825.
  74. Lévy-Bencheton, C., Marinos, L., Mattioli, R., King, T., and Christoph Dietzel, J.S. (2015). Threat landscape and good practice guide for Internet infrastructure. Study, European Union Agency for Network and Information Security.
  75. Li, X., Jiang, P., Chen, T., Luo, X., and Wen, Q. (2017). A survey on the security of blockchain systems. Future generation computer systems [Online]. Available at: https://doi.org/10.1016/j.future.2017.08.020.
  76. Lin, S.-W., Miller, B., Durand, J., Bleakley, G., Chigani, A., Martin, R., Murphy, B., and Crawford, M. (2017). The industrial Internet of Things volume G1: Reference architecture. Report, Industrial Internet Consortium.
  77. Linux-Foundation (2017). Blockchain technologies for business [Online]. Available at: https://www.hyperledger.org/.
  78. Liu, Y., Ning, P., and Reiter, M.K. (2011). False data injection attacks against state estimation in electric power grids CCS ‘09. Proceedings of the 16th ACM conference on computer and communications security, Chicago, USA.
  79. Louis, M., Adrian, B., and Evangelos, R. (2016). ENISA threat landscape 2015. Report, European Union Agency for Network and Information Security.
  80. Macaulay, T. and Singer, B. (2012). Cybersecurity for Industrial Control Systems. CRC Press, Boca Raton, FL.
  81. Mahnke, W., Leitner, S., and Damm, M. (2009). OPC Unified Architecture. Springer, Berlin.
  82. Manadhata, P.K. and Wing, J.M. (2011). An attack surface metric. IEEE Transactions on Software Engineering, 37(3), 371–386.
  83. Mangard, S., Oswald, E., and Popp, T. (2007). Power Analysis Attack. Springer, New York.
  84. Mathew, K., Tabassum, M., and Lu Ai Siok, M.V. (2014). A study of open ports as security vulnerabilities in common user computers. International Conference on Computational Science and Technology (ICCST), Kota Kinabalo, Malaysia.
  85. Mauw, S. and Oostdijk, M. (2006). Foundations of attack trees. In Information Security and Cryptology – ICISC 2005, Won, D.H., Kim, S. (eds). Springer, Berlin, 186–198.
  86. May, I., David, J., Cohen, F., and Marietta, M. (2018). One year after WannaCry: Assessing the aftermath. Network Security, 2018(5), 1–2.
  87. McQueen, M.A., Boyer, W.F., Flynn, M.A., and Beitel, G.A. (2005). Quantitative cyber risk reduction estimation for a SCADA control system. Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS’06), Kauia, USA.
  88. Meserve, J. (2007). Mouse click could plunge city into darkness [Online]. CNN. Available at: http://www.cnn.com/2007/US/09/27/power.at.risk/index.html [Accessed July15, 2018].
  89. Miller, C. and Valasek, C. (2015). Remote exploitation of an unaltered passenger vehicle. Research paper.
  90. Minerva, R., Biru, A., and Rotondi, D. (2015). Towards a definition of the Internet of Things. White paper, IEEE IoT Initiative.
  91. National Cyber Security Centre (2017). TRITON malware targeting safety controllers. Report, National Cyber Security Centre.
  92. van Niekerk, J., von Solms, R. (2016). From information security to cyber security. Computers & Security, 38, 97–102.
  93. NIST (2014). Security and privacy controls for federal information systems and organizations. Report, 800-53Ar4, National Institute of Standards and Technology, Gaithersburg.
  94. NIST (2018). Framework for improving critical infrastructure cybersecurity [Online]. Report, National Institute of Standards and Technology. Available at: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf.
  95. NSA (2017). GRASSMARLIN user guide. Guide, National Security Agency.
  96. PA Consulting Group (2015). Manage industrial control systems lifecycle : A good practice guide. National Cyber Security Centre.
  97. Pettey, C. (2017). When IT and operational technology converge [Online]. Smarter with Gartner. Available at: https://www.gartner.com/smarterwithgartner/when-it-and-operational-technology-converge/ [Accessed July 15, 2018].
  98. Pollet, J. (2010). Electricity for free? The dirty underbelly of SCADA and smart meters. Proceedings of Black Hat USA, Las Vegas, USA.
  99. Raymond, D.R., Marchany, R.C., Brownfield, M.I., and Midkiff, S.F. (2009). Effects of denial-of-sleep attacks on wireless sensor network MAC protocols. IEEE Transactions on Vehicular Technology, 58(1), 367–380.
  100. Rivest, R.L., Shamir, A., and Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(1), 120– 126.
  101. Ronen, E., Shamir, A., Weingarten, A., and O’Flynn, C. (2017). IoT goes nuclear: Creating a Zigbee chain reaction. 2017 IEEE Symposium on Security and Privacy (SP), San Jose, USA.
  102. Schneier, B. (1999). Attack trees. Dr. Dobb’s Journal of Software Tools, 24(12), 21–29.
  103. Schuett, C., Butts, J., and Dunlap, S. (2014). An evaluation of modification attacks on programmable logic controllers. International Journal of Critical Infrastructure Protection, 7(1), 61–68.
  104. Security Now (2018). Schneider electric offers additional details on Triton malware [Online]. Available at: https://www.securitynow.com/author.asp?section_id=613&doc_id=739868 [Accessed July 15, 2018].
  105. Stouffer, K. et al. (2017). Cybersecurity framework manufacturing profile [Online]. Report, National Institute of Standards and Technology. Available at: https://nvlpubs.nist.gov/nistpubs/ir/2017/nist.ir.8183.pdf.
  106. Stouffer, K.A., Pillitteri, V.Y., Lightman, S., Abrams, M., and Hahn, A. (2015). Guide to industrial control systems (ICS). SP 800-82, Guide, National Institute of Standards and Technology.
  107. Symantec (2017). Ransom.Wannacry [Online]. Available at: https://www.symantec.com/security-center/writeup/2017-051310-3522-99 [Accessed July15, 2018].
  108. The-Bitcoin-Foundation (2014). How does bitcoin work? [Online]. Available at: https://bitcoin.org/en/how-it-works.
  109. The German Federal Office for Information Security (2011). Threats catalogue [Online].
  110. TÜV SÜD (n.d.). Certification acc. to IEC 62443 [Online]. Available at: https://www.tuev-sued.de/topics/information-technology-it/industrial-it-security/certification-acc.-to-iec-62443.
  111. Université Grenoble-Alpes (2018). Système de sécurisation de procédé cyber-physique. Brevet, FR18/53618.
  112. Voas, J. (2016). Networks of “Things”. SP.800-183. Special edition, National Institute of Standards and Technology.
  113. Ware, B. et al. (2017). Insider attacks industry survey. Study, Haystax Technology.
  114. Williams, T.J. (1994). The Purdue enterprise reference architecture. Computers in Industry, 24(2–3), 141–158.
  115. Wooldridge, S. (2005). SCADA/business network separation: Securing an integrated SCADA system [Online]. Electric Energy Online. Available at: http://www.electricenergyonline.com/energy/magazine/211/article/SCADA-Business.htm [Accessed 15 July, 2018].
  116. Yang, K., Hicks, M., Dong, Q., Austin, T., and Sylvester, D. (2016). A2: Analog malicious hardware. 37th IEEE Symposium on Security and Privacy, San Jose, USA.
  117. Zurawski, R. (2014). The Industrial Communication Technology Handbook. CRC Press, Boca Raton, FL.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.145.15.1