A Cyber Resilience Analysis Case Study of an Industrial Operational Technology Environment

Kirsty Perrett, Ian Wilson*

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

Abstract

Cyber resilience is an active research area offering a novel approach to Cyber Security. The term appeared due to the concerning number of cyber-attacks on critical infrastructure. The National Institute of Standards and Technology (NIST) developed a framework to assist organisations with techniques and approaches to improving cyber resilience. However, there is a sparsity of case studies that speak to the adoption or measurement of these novel approaches within a complex industrial control environment. This paper presents a case study analysis of a manufacturing plant assessment drawing on key themes from the NIST literature.

The paper presents how well NIST constructs can be adopted to find cyber resilient enhancement opportunities and to decide if an evaluation of the results could supply a quantitative baseline measure of an organisation’s overall resilience. Conclusions drawn show that although the framework did partially aid with the analysis process, the frameworks ease of adoption assumes an organisation has a conventional cyber security foundation; NIST should make this clear within their guidance. Furthermore, the accompanying evaluation process was not sufficient to quantitatively measure the overall cyber resilience maturity for this case study.
Original languageEnglish
Article number09895
Number of pages15
JournalEnvironment Systems and Decisions
Volume00
Issue number00
Early online date31 Jan 2023
DOIs
Publication statusE-pub ahead of print - 31 Jan 2023

Keywords

  • Cyber Resilience
  • NIST
  • Case Study
  • industrial control system (ICS)
  • Operational Technology
  • Critical Infrastructure

Fingerprint

Dive into the research topics of 'A Cyber Resilience Analysis Case Study of an Industrial Operational Technology Environment'. Together they form a unique fingerprint.

Cite this