Business continuity management framework for Industry 4.0 companies regarding dependability and security of ICT and ICS/SCADA system

• Autorzy: Kosmowski Kazimierz T.

Identyfikatory

DOI

10.26408/srsp-2021-13

• Konferencja: 15th Summer Safety & Reliability Seminars - SSARS 2021, 5-12 September 2021, Ciechocinek, Poland
• Języki publikacji: EN

Abstrakty

EN

This chapter addresses a business continuity management (BCM) framework for the Industry 4.0 companies including the organizational and technical solutions, regarding the dependability and security of the information and telecommunication technology (ICT), and the industrial control system (ICS)/supervisory control and data acquisition (SCADA) system. These technologies and systems play nowadays important roles in modern advanced manufacturing systems and process plants due to their openness to external systems and networks using various communication channels. It gives on the one hand, some advantages in effective realization of technological and business processes, logistics and distribution of goods, but, on the other hand, makes the company assets and resources potentially vulnerable to some threats with relevant risks. The chapter outlines some ideas related to designing a business continuity management system (BCMS) based on defined processes and procedures. Such system includes planning of changes in organization/industrial company, nonconformity issues, and planning corrective actions. In a final part of this chapter the leadership importance, and staff awareness and responsibility are emphasized to create a robust and healthy corporate culture based on accepted values, properly spread among the employees. It is beneficial for shaping good organizational culture, and then safety and security culture. The BCM approach outlined in this chapter distinguishes both preventive and recovery activities regarding suggestions in selected international standards and domain publications.

Słowa kluczowe

EN

business continuity management; Industry 4.0; information technology; operational technology; industrial control system; dependability; functional safety; cyber security; organisational culture

• Wydawca: Gdynia Maritime University ; Polskie Towarzystwo Bezpieczeństwa i Niezawodności
• Czasopismo: Safety and Reliability of Systems and Processes
• Rocznik: 2021
• Tom: Summer Safety and Reliability Seminar 2021
• Strony: 249--270
• Opis fizyczny: Bibliogr. 38 poz., rys., tab.

Twórcy

autor

Kosmowski Kazimierz T.

• Gdańsk University of Technology, Gdańsk, Poland

• https://orcid.org/0000-0001-7341-6750

Bibliografia

• Belal, S.M. 2021. The Top 7 Operational technology patch management best practices. ISA Global Cybersecurity Alliance, https://gca.isa.org/blog/author/sayed-m-belal (accessed 7 May 2021).
• Boehmer, W. 2009. Survivability and business continuity management system according to BS 25999.Third International Conference on Emerging Security Information, Systems and Technologies 1, 142-147.
• BS 25999-1. 2006. Business Continuity Management - Part 1: Code of Practice. British Standard.
• CISA.2020. Assessments: Cyber Resilience Review, us-cert.gov/resources/assessments (accessed10 Feb 2020).
• ENISA.2016. Communication Network Dependencies for ICS/SCADA Systems. European Union Agency for Network and Information Security.
• Felser, M., Rentschler, M. & Kleinberg, O. 2019. Coexistence standardisation of operational technology and information technology. Proceedings of the IEEE 107(6).
• Gołębiewski, D. & Kosmowski, K.T. 2017. Towards process-based management system for oil port infrastructure in context of insurance. Journal of Polish Safety and Reliability Association 8(1), 23-37.
• Holstein, D.K. & Singer, B. 2010. Quantitative security measures for cyber & safety security assurance. ISA Safety & Security Symposium.
• HSE.2015. Cyber Security for Industrial Automation and Control Systems, Health and Safety Executive (HSE) Interpretation of Current Standards on Industrial Communication Network and System Security, and Functional Safety.
• IACS Security. 2020. Security of Industrial Automation and Control Systems, Quick Start Guide: An Overview of ISA/IEC 62443 Standards. June 2020, www.isa.org/ISAGCA (accessed 7 May 2021).
• IEC 61508. 2016. Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems, Parts 1-7. International Electrotechnical Commission, Geneva.
• IEC 61511. 2016. Functional Safety: Safety Instrumented Systems for the Process Industry Sector. Parts 1-3. International Electrotechnical Commission, Geneva.
• IEC 62061. 2005. Safety of machinery - Functional safety of safety-related electrical, electronic, and programmable electronic control systems. International Electrotechnical Commission, Geneva.
• IEC 63074. 2017. Security aspects related to functional safety of safety-related control systems. International Electrotechnical Commission, Geneva.
• IEC 62443. 2018. Security for industrial automation and control systems. Parts 1-14 (some parts in preparation). International Electrotechnical Commission, Geneva.
• IS.2019. Industrial Security. Siemens, siemens.com/industrial-security (accessed 7 May 2021).
• ISO/DIS 22301. 2019. Security and Resilience - Business Continuity Management Systems - Requirements.
• ISO 22400. 2014. Automation Systems and Integration - Key Performance Indicators (KPIs) for Manufacturing Operations Management, Parts 1 and 2.
• ISO/IEC 15408. 2009. Information Technology, Security Techniques - Evaluation Criteria for IT Security. Part 1-3. Geneva.
• ISO/IEC 24762. 2008. Information Technology - Security Techniques - Guidelines for Information and Communications Technology Disaster Recovery Services.
• ISO/IEC 27001. 2013. Information Technology - Security Techniques - Information Security Management Systems - Requirements. Geneva.
• ISO/IEC 27005. 2018. Information Technology - Security Techniques - Information Security Risk Management. Geneva.
• Kosmowski, K.T. 2018. Safety integrity verification issues of the control systems for industrial power plants. Advanced Solutions in Diagnostics and Fault Tolerant Control. Springer Int. Publishing AG, 420-433.
• Kosmowski, K.T. 2020. Systems engineering approach to functional safety and cyber security of industrial critical installations. K. Kołowrocki et al. (Eds.). Safety and Reliability of Systems and Processes, Summer Safety and Reliability Seminar 2020. Gdynia Maritime University, Gdynia135-151.
• Kosmowski, K.T. 2021. Functional safety and cybersecurity analysis and management in smart manufacturing systems. Handbook of Advanced Performability Engineering, Chapter 3.Springer Nature, Switzerland AG.
• Kosmowski, K.T. & Gołębiewski, D. 2019. Functional safety and cyber security analysis for life cycle management of industrial control systems in hazardous plants and oil port critical infrastructure including insurance. Journal of Polish Safety and Reliability Association, Summer Safety and Reliability Seminars10(1) 99-126.
• Kosmowski, K.T. & Śliwiński, M. 2016. Organizational culture as prerequisite of proactive safety and security management in critical infrastructure systems including hazardous plants and ports. Journal of Polish Safety and Reliability Association, Summer Safety and Reliability Seminars 7(1) 133-145.
• Kosmowski, K.T., Śliwiński, M. & Piesik, J. 2019. Integrated functional safety and cybersecurity analysis method for smart manufacturing systems. TASK Quarterly 23(2) 1-31.
• Leitão P., Colombo, A.W. & Karnouskos, S. 2016. Industrial automation based on cyber-physical systems technologies: Prototype implementations and challenges. Computers in Industry 81, 11-25.
• Li, S.W.,Murphy B., Clauer E., Loewen U., Neubert R. Bachmann G., Pai M. &HankelM. 2017. Architecture Alignment and Interoperability, An Industrial Internet Consortium and Platform Industry 4.0, IIC: WHT:IN3:V1.0:PB:20171205.
• MERgE. 2016. Recommendations for Security and Safety Co-engineering, Multi-Concerns Interactions System Engineering ITEA2 Project No. 11011.
• Misra, K.B. (Ed.) 2021. Handbook of Advanced Performability Engineering. Springer Nature Switzerland AG.
• NIST 7435. 2007. The common vulnerability scoring system (CVSS) and its applicability to federal agency systems. NIST Interagency Report.
• NIST SP 800-82r2. 2015. Guide to Industrial Control Systems (ICS) Security.
• Rogala, I. & Kosmowski, K.T. 2012. Audit document concerning organizational and technical aspects of the safety-related control system design and operation at a refinery (access restricted). Automatic Systems Engineering, Gdańsk and Gdańsk University of Technology.
• SE. 2001. Systems Engineering Fundamentals. Defense Acquisition University Press, Fort Belvoir, Virginia 22060-5565.
• SESAMO. 2014. Integrated Design and Evaluation Methodology. Security and Safety Modelling. Artemis JU Grant Agreement, No. 2295354.
• Zawiła-Niedźwiecki, J. 2013. Operational Risk Management in Assuring Organization Operational Continuity (in Polish), edu-Libri.

Uwagi

Opracowanie rekordu ze środków MEiN, umowa nr SONP/SP/546092/2022 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2022-2023).