TY - GEN
T1 - Cyber-incident Response in Industrial Control Systems
T2 - 4th International Workshop on Engineering and Cybersecurity of Critical Systems and 2024 IEEE/ACM 2nd International Workshop on Software Vulnerability, EnCyCriS/SVM 2024, held in conjunction with the 46th IEEE/ACM International Conference on Software Engineering, ICSE 2024
AU - Gnanasekaran, Vahiny
AU - Bartnes, Maria
AU - Grotan, Tor Olav
AU - Heegaard, Poul Einar
N1 - Publisher Copyright:
© 2024 is held by the owner/author(s).
PY - 2024/4/15
Y1 - 2024/4/15
N2 - The number of significant cyberattacks targeted by national state actors is growing in critical infrastructure. Companies rely on detecting and responding appropriately to such attacks by practicing and developing procedures for the cyber-incident response. This paper presents the findings from seven semi-structured interviews to identify distinct practices, challenges, and roles regarding cyber-incident response in the petroleum industry. The literature has previously addressed specific IT, security, or Operational Technology (OT) teams only, but has not considered the holistic view of cyber-incident response in industrial control systems between internal roles, and external actors, such as Security Operations Centers, Computer Security Incident Response Teams, emergency response teams, and on-site personnel. To address this, a novel framework for empirical inquiry consisting of document analysis, and workshops as preparation for interviews, were conducted. The stakeholder diagram displays the most relevant incident response roles and a list of current challenges extracted from the interviews. Future research should consider extending the sample, and include other, organizational and procedural factors.
AB - The number of significant cyberattacks targeted by national state actors is growing in critical infrastructure. Companies rely on detecting and responding appropriately to such attacks by practicing and developing procedures for the cyber-incident response. This paper presents the findings from seven semi-structured interviews to identify distinct practices, challenges, and roles regarding cyber-incident response in the petroleum industry. The literature has previously addressed specific IT, security, or Operational Technology (OT) teams only, but has not considered the holistic view of cyber-incident response in industrial control systems between internal roles, and external actors, such as Security Operations Centers, Computer Security Incident Response Teams, emergency response teams, and on-site personnel. To address this, a novel framework for empirical inquiry consisting of document analysis, and workshops as preparation for interviews, were conducted. The stakeholder diagram displays the most relevant incident response roles and a list of current challenges extracted from the interviews. Future research should consider extending the sample, and include other, organizational and procedural factors.
KW - critical infrastructure
KW - cyber-incident
KW - cybersecurity
KW - incident response
KW - operational technology
UR - http://www.scopus.com/inward/record.url?scp=85203868805&partnerID=8YFLogxK
U2 - 10.1145/3643662.3643958
DO - 10.1145/3643662.3643958
M3 - Conference contribution
AN - SCOPUS:85203868805
T3 - Proceedings - 2024 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems and 2024 IEEE/ACM 2nd International Workshop on Software Vulnerability, EnCyCriS/SVM 2024
SP - 53
EP - 60
BT - Proceedings - 2024 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems and 2024 IEEE/ACM 2nd International Workshop on Software Vulnerability, EnCyCriS/SVM 2024
PB - Association for Computing Machinery, Inc
Y2 - 15 April 2024
ER -