Open Access

Management of Schemes and Threat Prevention in ICS Partner Companies Security

Sangdo Lee1, Jun-Ho Huh2,*
1 Cyber Security Center, Korea Midland Power Co., Ltd., Boryeong, Korea
2 Department of Data Informatics, (National) Korea Maritime and Ocean University, Busan, Korea
* Corresponding Author: Jun-Ho Huh. Email:
(This article belongs to this Special Issue: Management of Security, Privacy and Trust of Multimedia Data in Mobile devices communication)

Computers, Materials & Continua 2021, 69(3), 3659-3684. https://doi.org/10.32604/cmc.2021.015632

Received 30 November 2020; Accepted 28 April 2021; Issue published 24 August 2021

Abstract

An analysis of the recent major security incidents related to industrial control systems, revealed that most had been caused by company employees. Therefore, enterprise security management systems have been developed to focus on companies’ personnel. Nonetheless, several hacking incidents, involving major companies and public/financial institutions, were actually attempted by the cooperative firms or the outsourced manpower undertaking maintenance work. Specifically, institutions that operate industrial control systems (ICSs) associated with critical national infrastructures, such as traffic or energy, have contracted several cooperative firms. Nonetheless, ICT's importance is gradually increasing, due to outsourcing, and is the most vulnerable factor in security. This paper proposes a virtualized security management scheme for the resident cooperative firms in the industrial control infrastructure. Since such companies often cannot afford adequate investment in security, the scheme is to let an ICS company provide the virtualized system. One of its merits is the convenience of controlling a VDI server at the center. The cooperative firms were classified, based on their respective security levels, and statistics were collected throughout a four-year period for the results. This paper analyzes the policies and virtualization systems that have been applied to the security of the partner companies, which engaged in ICS security. A suitable model for ICS security was then proposed by analyzing their effects on the system efficiencies, based on the comparisons of the security inspection results obtained before and after virtualization. The proposed system is expected to contribute to industrial safety.

Keywords

Nuclear power plant; nuclear power plant security; {virtual} machine; SCADA; ICS; ISO27001; VDI based security; software {engineering}

Cite This Article

S. Lee and J. Huh, "Management of schemes and threat prevention in ics partner companies security," Computers, Materials & Continua, vol. 69, no.3, pp. 3659–3684, 2021.



This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • 1029

    View

  • 835

    Download

  • 0

    Like

Share Link

WeChat scan