A Review of Cyber Security Controls from An ICS Perspective

As cyber attacks on national critical infrastructure have increased, researches are actively conducted to protect industrial control systems(ICS). Compared with existing IT systems, research on special attributes of ICS has been performed mainly, and based on this, many security requirements for ICSs have been derived. However, there is insufficient research on security control to understand and improve the security status of target ICS. To the best of our knowledge, only a comprehensive guide to applying existing security controls to ICSs is being presented. Therefore, this study suggests implications for the current security control items from the ICS point of view. For this purpose, each viewpoint for categorizing and analyzing information security control items was established and based on this, an integrated matrix of ICS security control was derived. Through the ICS security control matrix, the information security control items currently being guided are analyzed from the viewpoint of the ICS, and the present status and implications are derived. The findings can be used as an indicator to effectively apply appropriate controls to appropriate locations where security is required. It is also expected to be a useful reference for improving and supplementing security control items currently being used and used.