Author(s)

HIDEKAZU HIRAI, TOMOMI AOYAMA, DAVAADORJ NYAMBAYAR, ICHIRO KOSHIJIMA

Abstract

In recent years, the possibility of cyberattacks against industrial control systems (ICSs) has increased; therefore, ICS owners need to ensure they have suitable cyberattack countermeasures. Even though there are many Internet Technology (IT) tools available to counter known threats to ICS operating systems and application software, behind-the-scenes attackers may still find system vulnerabilities through constant effort. In this paper, the following topics are examined: 1. Cyber incident response methods, 2. Departments/people responsible for cyber incident responses and 3. Cyber incident response training. Since cyber incidents threaten ICSs, concerned departments are generally familiar with safety responses, which are indispensable. However, since cyber incidents can be malicious, such safety responses may be insufficient. Therefore, additional security measures are also necessary. In this paper, the authors clarify the relationship between safety responses and security responses when faced with cyber incidents to ensure that appropriate responses are implemented at the appropriate time. As cyber incident IT response processes cannot generally be applied to ICS-specific cyber incidents, an ICS cyber incident response process and an associated training program were developed to: 1. Ensure trainees understood the framework, 2. Allow trainees to develop correspondence with the specific steps. The training program was conducted for Japanese companies in December 2016, from which the effectiveness of the cyber incident response framework and the training program were confirmed.

Keywords

ICS, security, safety, incident response, training