Identificación de elementos de seguridad basados en el modelo C2M2 para la industria manufacturera del sector textil
Palabras clave:
TIC, Desarrollo urbano, Planeación territorial, Gobierno local, Sistemas de información
Resumen
En este trabajo se presenta un estudio de identificación de los elementos de seguridad que afectan a la industria textil –que utiliza sistemas SCADA– los riesgos de fuga, indisponibilidad o alteración no permitida de la información en los ambientes comunes en que operan las tecnologías de la información (TI) y las tecnologías de operación (TO). Para llevar a cabo lo anterior se utilizaron los elementos identificados en la guía de seguridad para los sistemas de control industrial NIST 800-82 y el modelo de madurez en ciberseguridad C2M2. Como resultado se obtuvieron los elementos de seguridad que se ven involucrados en los diferentes procesos, tendencias tecnológicas de la industria analizada; de otra parte, se realizó un comparativo del modelo C2M2 y la NIST 800-82.
Referencias bibliográficas
Ani, U. P. D., He, H. (Mary), & Tiwari, A. (2017). Review of cybersecurity issues in industrial critical infrastructure: manufacturing in perspective. Journal of Cyber Security Technology, 1(1), 32–74. https://doi.org/10.1080/23742917.2016.1252211
Assante, D., Romano, E., Flamini, M., Castro, M., Martin, S., Lavirotte, S., & Spatafora, M. (2018). Internet of Things education: Labor market training needs and national policies. In 2018 IEEE Global Engineering Education Conference (EDUCON) (pp. 1846–1853). IEEE. https://doi.org/10.1109/EDUCON.2018.8363459
Bernieri, G., Etchevés Miciolino, E., Pascucci, F., & Setola, R. (2017). Monitoring system reaction in cyber-physical testbed under cyber-attacks. Computers & Electrical Engineering, 59, 86–98. https://doi.org/10.1016/j.compeleceng.2017.02.010
Candell, R., Anand, D., & Stouffer, K. (2014). A cybersecurity testbed for industrial control systems. In Proceedings of the 2014 Process Control and Safety Symposium (pp. 1–16). Retrieved from https://ws680.nist.gov/publication/get_pdf.cfm?pub_id=915876
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K. (2016). A review of cyber security risk assessment methods for SCADA systems. Computers & Security, 56, 1–27. https://doi.org/10.1016/j.cose.2015.09.009
CIDETEXCO. (2011). Tendencias tecnológicas ciclo de vida de producto. industria fibra textil confección R2-2011-CIDETEXCO.
Curtis, P. D., & Mehravari, N. (2015). Evaluating and improving cybersecurity capabilities of the energy critical infrastructure. In 2015 IEEE International Symposium on Technologies for Homeland Security (HST) (pp. 1–6). IEEE. https://doi.org/10.1109/THS.2015.7225323.
Cybersecurity and Infrastructure Security Agency. (2018). ICS Alert (ICS-ALERT-12-195-01). Retrieved May 30, 2019, from https://www.us-cert.gov/ics/alerts/ICS-ALERT-12-195-01.
Hernández Cevallos, M. I., & Ledesma Marcalla, D. A. (2010). Desarrollo de un sistema SCADA para la medición de voltajes con sistemas embebidos para el laboratorio de mecatrónica de la facultad de mecánica. Retrieved from http://dspace.espoch.edu.ec/bitstream/123456789/1137/1/25T00140.pdf.
Johnson, C. (2012). CyberSafety: CyberSecurity and Safety-Critical Software Engineering. In Achieving Systems Safety (pp. 85–95). London: Springer London. https://doi.org/10.1007/978-1-4471-2494-8_8.
Knapp, E. D., & Langill, J. T. (2015). Industrial Network Security (Second). Elsevier. https://doi.org/10.1016/C2013-0-06836-3.
Kornecki, A. J., & Zalewski, J. (2010). Safety and security in industrial control. In Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research - CSIIRW ’10 (p. 1). New York, New York, USA: ACM Press. https://doi.org/10.1145/1852666.1852754.
Kriz, D. (2011). Cybersecurity principles for industry and government: A useful framework for efforts globally to improve cybersecurity. In 2011 Second Worldwide Cybersecurity Summit (WCS). London, UK: IEEE. Retrieved from https://ieeexplore.ieee.org/abstract/document/5978798.
McGurk, S. P. (2008). Industrial Control Systems Security. Retrieved from https://csrc.nist.gov/csrc/media/events/ispab-december-2008-meeting/documents/icssecurity_ispab-dec2008_spmcgurk.pdf.
Proença, D., & Borbinha, J. (2016). Maturity Models for Information Systems - A State of the Art. Procedia Computer Science, 100, 1042–1049. https://doi.org/10.1016/j.procs.2016.09.279.
Schrecker, S. (2015). Industrial automation systems cybersecurity. Embedding end-to-end trust and security. Retrieved May 30, 2019, from https://www.isa.org/intech/20150401/.
U.S. Department of Energy. (2014). Cybersecurity Capability Maturity Model (C2M2). Retrieved May 30, 2019, from https://www.energy.gov/ceser/activities/cybersecurity-critical-energy-infrastructure/energy-sector-cybersecurity-0-0.
Assante, D., Romano, E., Flamini, M., Castro, M., Martin, S., Lavirotte, S., & Spatafora, M. (2018). Internet of Things education: Labor market training needs and national policies. In 2018 IEEE Global Engineering Education Conference (EDUCON) (pp. 1846–1853). IEEE. https://doi.org/10.1109/EDUCON.2018.8363459
Bernieri, G., Etchevés Miciolino, E., Pascucci, F., & Setola, R. (2017). Monitoring system reaction in cyber-physical testbed under cyber-attacks. Computers & Electrical Engineering, 59, 86–98. https://doi.org/10.1016/j.compeleceng.2017.02.010
Candell, R., Anand, D., & Stouffer, K. (2014). A cybersecurity testbed for industrial control systems. In Proceedings of the 2014 Process Control and Safety Symposium (pp. 1–16). Retrieved from https://ws680.nist.gov/publication/get_pdf.cfm?pub_id=915876
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K. (2016). A review of cyber security risk assessment methods for SCADA systems. Computers & Security, 56, 1–27. https://doi.org/10.1016/j.cose.2015.09.009
CIDETEXCO. (2011). Tendencias tecnológicas ciclo de vida de producto. industria fibra textil confección R2-2011-CIDETEXCO.
Curtis, P. D., & Mehravari, N. (2015). Evaluating and improving cybersecurity capabilities of the energy critical infrastructure. In 2015 IEEE International Symposium on Technologies for Homeland Security (HST) (pp. 1–6). IEEE. https://doi.org/10.1109/THS.2015.7225323.
Cybersecurity and Infrastructure Security Agency. (2018). ICS Alert (ICS-ALERT-12-195-01). Retrieved May 30, 2019, from https://www.us-cert.gov/ics/alerts/ICS-ALERT-12-195-01.
Hernández Cevallos, M. I., & Ledesma Marcalla, D. A. (2010). Desarrollo de un sistema SCADA para la medición de voltajes con sistemas embebidos para el laboratorio de mecatrónica de la facultad de mecánica. Retrieved from http://dspace.espoch.edu.ec/bitstream/123456789/1137/1/25T00140.pdf.
Johnson, C. (2012). CyberSafety: CyberSecurity and Safety-Critical Software Engineering. In Achieving Systems Safety (pp. 85–95). London: Springer London. https://doi.org/10.1007/978-1-4471-2494-8_8.
Knapp, E. D., & Langill, J. T. (2015). Industrial Network Security (Second). Elsevier. https://doi.org/10.1016/C2013-0-06836-3.
Kornecki, A. J., & Zalewski, J. (2010). Safety and security in industrial control. In Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research - CSIIRW ’10 (p. 1). New York, New York, USA: ACM Press. https://doi.org/10.1145/1852666.1852754.
Kriz, D. (2011). Cybersecurity principles for industry and government: A useful framework for efforts globally to improve cybersecurity. In 2011 Second Worldwide Cybersecurity Summit (WCS). London, UK: IEEE. Retrieved from https://ieeexplore.ieee.org/abstract/document/5978798.
McGurk, S. P. (2008). Industrial Control Systems Security. Retrieved from https://csrc.nist.gov/csrc/media/events/ispab-december-2008-meeting/documents/icssecurity_ispab-dec2008_spmcgurk.pdf.
Proença, D., & Borbinha, J. (2016). Maturity Models for Information Systems - A State of the Art. Procedia Computer Science, 100, 1042–1049. https://doi.org/10.1016/j.procs.2016.09.279.
Schrecker, S. (2015). Industrial automation systems cybersecurity. Embedding end-to-end trust and security. Retrieved May 30, 2019, from https://www.isa.org/intech/20150401/.
U.S. Department of Energy. (2014). Cybersecurity Capability Maturity Model (C2M2). Retrieved May 30, 2019, from https://www.energy.gov/ceser/activities/cybersecurity-critical-energy-infrastructure/energy-sector-cybersecurity-0-0.
Cómo citar
Aristizábal Correa, J. M., Marín Ramírez, L., & Álvarez Salazar, J. (2019). Identificación de elementos de seguridad basados en el modelo C2M2 para la industria manufacturera del sector textil . Revista Colombiana De Computación, 20(2), 56–67. Recuperado a partir de https://revistas.unab.edu.co/index.php/rcc/article/view/3722
Descargas
Los datos de descargas todavía no están disponibles.
Publicado
2019-12-01
Sección
Artículo de investigación científica y tecnológica
