Abstract
Cyber resilience is an active research area offering a novel approach to Cyber Security. The term appeared due to the concerning number of cyber-attacks on critical infrastructure. The National Institute of Standards and Technology (NIST) developed a framework to assist organisations with techniques and approaches to improving cyber resilience. However, there is a sparsity of case studies that speak to the adoption or measurement of these novel approaches within a complex industrial control environment. This paper presents a case study analysis of a manufacturing plant assessment drawing on key themes from the NIST literature.
The paper presents how well NIST constructs can be adopted to find cyber resilient enhancement opportunities and to decide if an evaluation of the results could supply a quantitative baseline measure of an organisation’s overall resilience. Conclusions drawn show that although the framework did partially aid with the analysis process, the frameworks ease of adoption assumes an organisation has a conventional cyber security foundation; NIST should make this clear within their guidance. Furthermore, the accompanying evaluation process was not sufficient to quantitatively measure the overall cyber resilience maturity for this case study.
The paper presents how well NIST constructs can be adopted to find cyber resilient enhancement opportunities and to decide if an evaluation of the results could supply a quantitative baseline measure of an organisation’s overall resilience. Conclusions drawn show that although the framework did partially aid with the analysis process, the frameworks ease of adoption assumes an organisation has a conventional cyber security foundation; NIST should make this clear within their guidance. Furthermore, the accompanying evaluation process was not sufficient to quantitatively measure the overall cyber resilience maturity for this case study.
Original language | English |
---|---|
Article number | 09895 |
Pages (from-to) | 178-190 |
Number of pages | 13 |
Journal | Environment Systems and Decisions |
Volume | 43 |
Issue number | 2 |
Early online date | 31 Jan 2023 |
DOIs | |
Publication status | Published - Jun 2023 |
Keywords
- Cyber Resilience
- NIST
- Case Study
- industrial control system (ICS)
- Operational Technology
- Critical Infrastructure