Manage Open-Source Components via Secure Product Development Lifecycle in Industrial Control System
Nowadays, open-source components are becoming the essential components in industrial control systems and critical infrastructure. ICS uses more commercial off-the-shelf (COTS) software, and open-source projects implement hardware and more industrial protocols. Thus, it's a key challenge to keep high code quality in various open-source components to avoid an exploit or flaw, which may cause harm to the systems that have not been updated in time. However, availability is paramount for ICS, which means the vulnerability factor of open-source components should be considered and evaluated in the design phase to reduce the amount of the patch update in the maintenance phase. In this paper, SZ Lin will introduce how to manage open-source components via a secure product development lifecycle, such as selecting the secure sources of open-source components. Also, he will share his experiences in tracking vulnerabilities and patching open-source components to manage vulnerabilities of open-source components holistically in ICS.
SANS-manage-open-source-components-via-secure-product-development-lifecycle-industrial-control-system (PDF, 2.90MB)
14 Feb 2022Related Content
Cyber Guardian Exercise: A Case Study in Brazil to Address Challenges in Cybersecurity and Protect Critical Infrastructure
Research PaperDiscussions of cybersecurity, in particular those associated with critical infrastructure (CI),...
- 22 Feb 2022
ICS within the NIS Directive should be ATT&CK®ed
Research PaperIn August 2016, the European Parliament and the Council of the European Union implemented the first...
- 25 Aug 2021
ICS OT Systems Security Engineering Is Not Dead
Research PaperICS OT Systems Security Engineering Is Not Dead
- 23 Mar 2020
ICS Layered Threat Modeling
Research PaperThe ultimate goal of building cybersecurity architecture is to protect systems from potential...
- 22 Jan 2019
Passive Analysis of Process Control Networks
Research PaperIn recent years there has been an increased push to secure critical ICS infrastructures by...
- 1 Jun 2018
Incentivizing Cyber Security: A Case for Cyber Insurance
Research PaperIn the wake of recent events-Ukraine, Shamoon v2, WannaCry--providing cyber security continues to be...
- 27 Jun 2017
The Industrial Control System Cyber Kill Chain
Research PaperRead this paper to gain an understanding of an adversary's campaign against ICS. The first two parts...
- 5 Oct 2015
Tactical Data Diodes in Industrial Automation and Control Systems
Research PaperIn recent years, there has been an increased interest in the use of Data Diodes (also known as...
- 30 Jun 2015
The Perfect ICS Storm
Research PaperAs manufacturing Industrial Control System (ICS) architectural designs have evolved from isolated...
- 8 Jun 2015
An Abbreviated History of Automation and Industrial Controls System and Cybersecurity
Research PaperAn Abbreviated History of Automation and Industrial Controls System and Cybersecurity
- 23 Jan 2015
Automated Defense - Using Threat Intelligence to Augment
Research PaperAutomation and industrial controls systems - often referred to as ICS - have an interesting and...
- 19 Jan 2015
Rate my nuke: Bringing the nuclear power plant control room to iPad
Research PaperShibboleth is a free, open-source web single sign-on solution (SSO) for complex federated...
- 14 Nov 2014
Protect Critical Infrastructure Systems With Whitelisting
Research PaperSecurity professionals in federal, state and local agencies face many unique challenges in...
- 5 Aug 2014
Case Study in Developing Fault Tolerant and Highly Available Systems with Secure Zones of Protection
Research PaperProcess Control is the part of a company that controls the critical processes that company...
- 8 Aug 2003