EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

The enhanced security control model for critical infrastructures with the blocking prioritization process to cyber threats in power system

Choong-Hee Han, Soon-Tai Park and Sang-Joon Lee

International Journal of Critical Infrastructure Protection, 2019, vol. 26, issue C

Abstract: There have been a lot of efforts and studies to improve the safety of critical infrastructures. As one of efforts, there have been numerous constructions of security operation center (SOC) to protect against cyber-attacks. Unfortunately, it is too difficult to protect from cyber-attacks, because there are too many security events to analyse and respond. Reducing security events are very essential to improve the efficiency of incidents response. In this paper, we studied four years cyber threats against a Korean electric power organization by analysing IPS and FW raw data. As a result of this analysis, we found that 95% of all cyber-attacks were from foreign nations. If an IT system is not related with foreign business, we should think about blocking unnecessary foreign IP ranges. So, we propose the Enhanced Security Control (ESC) model with Blocking Prioritization (BP) process for critical infrastructures to improve daily incidents response activities. This ESC model has a BP process with six factors to consider when deciding which IT systems to be blocked from foreign IP ranges: foreign relation, real login, blocking complexity, stop tolerance, outer relation and stop impact. By considering these six factors, the ESC model can make it possible to prioritize Blocking Impact Degree (BID) of IT systems and help making decision to block from unnecessary foreign IP ranges. This ESC model will reduce security events and make a better condition for concentration on the remaining unblocked and crucial IT systems.

Keywords: Incident response; Security operation center; Cyber-attacks; Cyber threat intelligence; Critical infrastructure Protection (search for similar items in EconPapers)
Date: 2019
References: View references in EconPapers View complete reference list from CitEc
Citations:

Downloads: (external link)
http://www.sciencedirect.com/science/article/pii/S1874548219300460
Full text for ScienceDirect subscribers only

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:eee:ijocip:v:26:y:2019:i:c:s1874548219300460

DOI: 10.1016/j.ijcip.2019.100312

Access Statistics for this article

International Journal of Critical Infrastructure Protection is currently edited by Leon Strous

More articles in International Journal of Critical Infrastructure Protection from Elsevier
Bibliographic data for series maintained by Catherine Liu ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:eee:ijocip:v:26:y:2019:i:c:s1874548219300460