{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,23]],"date-time":"2026-01-23T13:47:17Z","timestamp":1769176037355,"version":"3.49.0"},"reference-count":31,"publisher":"IGI Global","issue":"2","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018,4]]},"abstract":"<jats:p>As cyberattacks are becoming the prevalent types of attacks on critical infrastructures, due protection and effective response are crucial in CBRN facilities. This article explores comprehensive cyber security vulnerability management related to CBRN Control Systems and Industrial Control Systems (ICS) and provides recommendations that will increase CBRN operational cyber security and ensure further platform for the research in the field of operational vulnerability detection and remediation. The article reviews several key issues related to ICS vulnerability management cycle, vulnerability sharing with security developers, patch and network management, cyber offensive threats and threat actors and related cyber security challenges. It covers such specific issues as ICS connectivity to private\/public networks, critical ICS accessibility via Web Access, Wi-Fi and\/or unauthorised software inside corporate networks. The proposed solutions refer to some areas of vulnerability management for the awareness and development of countermeasures.<\/jats:p>","DOI":"10.4018\/ijiscram.2018040103","type":"journal-article","created":{"date-parts":[[2019,1,30]],"date-time":"2019-01-30T19:27:43Z","timestamp":1548876463000},"page":"49-78","source":"Crossref","is-referenced-by-count":1,"title":["Cyber Security Vulnerability Management in CBRN Industrial Control Systems (ICS)"],"prefix":"10.4018","volume":"10","author":[{"given":"Roberto","family":"Mugavero","sequence":"first","affiliation":[{"name":"Department of Electronic Engineering \u2013 University of Rome \u201cTor Vergata\u201d, Rome, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Stanislav","family":"Abaimov","sequence":"additional","affiliation":[{"name":"National Inter-Universitary Consortium for Telecommunications, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Federico","family":"Benolli","sequence":"additional","affiliation":[{"name":"OSDIFE - Observatory on Security and CBRNe Defence, Rome, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Valentina","family":"Sabato","sequence":"additional","affiliation":[{"name":"OSDIFE - Observatory on Security and CBRNe Deefence, Rome, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"2432","reference":[{"key":"IJISCRAM.2018040103-0","author":"S.Abaimov","year":"2015","journal-title":"Advanced Persistent Threat: Stealth of Presence and Big Data Exfiltration. Royal Holloway"},{"key":"IJISCRAM.2018040103-1","author":"D.Albright","year":"2010","journal-title":"ISIS Report: Did Stuxnet Take Out 1,000 Centrifuges at the Natanz Enrichment Plant?"},{"key":"IJISCRAM.2018040103-2","unstructured":"Apa, L., & Penagos, C. M. (2013). Compromising industrial facilities from 40 miles away (Technical White Paper). IOActive."},{"key":"IJISCRAM.2018040103-3","author":"C.Baylon","year":"2015","journal-title":"Cyber security at civil nuclear facilities: Understanding the risks"},{"key":"IJISCRAM.2018040103-4","unstructured":"Brown, I. P. S. (2011). Reducing Systemic Cybersecurity Risk. Oxford Internet Institute, Oxford University."},{"key":"IJISCRAM.2018040103-5","unstructured":"Control Engineering. (2015). Cyber Security Report."},{"key":"IJISCRAM.2018040103-6","unstructured":"Oxford Economics, Center for the Protection of National Infrastructure. (2014). Cyber-attacks: Effects on UK Companies."},{"key":"IJISCRAM.2018040103-7","author":"N.Falliere","year":"2011","journal-title":"32 Stuxnet Dossier, Symantec Security Response"},{"key":"IJISCRAM.2018040103-8","unstructured":"Federal Bureau of Investigation. (2012). The Cyber Threat."},{"key":"IJISCRAM.2018040103-9","author":"I.Fernandez","year":"2013","journal-title":"Cybersecurity for Industrial Automation & Control Environments: Protection and Prevention Strategies in the Face of the Growing Threats"},{"key":"IJISCRAM.2018040103-10","unstructured":"FireEye. (2016). Industry Intelligence Report. Cyber Attacks on the Ukrainian grid."},{"key":"IJISCRAM.2018040103-11","unstructured":"GE. (2012). Cyber Security for Industrial Controls."},{"key":"IJISCRAM.2018040103-12","unstructured":"Kaspersky Lab. (2015). Industrial Control Systems Vulnerabilities Statistics."},{"key":"IJISCRAM.2018040103-13","unstructured":"Krotofil, M., & Larsen, J. (2015). Rocking the pocket book: Hacking chemical plants for competition and extortion. DEF CON, 23."},{"key":"IJISCRAM.2018040103-14","unstructured":"Kaspersky Labs. (2014). Five Myths of Industrial Control Systems Security."},{"key":"IJISCRAM.2018040103-15","author":"R.Langner","year":"2013","journal-title":"To Kill a Centrifuge"},{"key":"IJISCRAM.2018040103-16","author":"G.Lucas","year":"2016","journal-title":"Ethics & Cyber Warfare. Law and Order for a Lawless Frontier"},{"key":"IJISCRAM.2018040103-17","author":"M.Martellini","year":"2013","journal-title":"Deterrence and IT Protection for Critical Infrastructures"},{"issue":"3","key":"IJISCRAM.2018040103-18","doi-asserted-by":"crossref","first-page":"138","DOI":"10.1080\/15536548.2014.952963","article-title":"Analysis and estimation of expected cyber-attack scenarios and consequences.","volume":"10","author":"R.Mugavero","year":"2014","journal-title":"Journal of Information Privacy and Security"},{"key":"IJISCRAM.2018040103-19","year":"2011","journal-title":"A national strategy for CBRNe standards"},{"key":"IJISCRAM.2018040103-20","first-page":"10","year":"2015","journal-title":"Top (Madrid)"},{"key":"IJISCRAM.2018040103-21","article-title":"Cyber Security of Industrial Control Systems","author":"E. L.Paske","year":"2015","journal-title":"Global Conference on Cyber Space"},{"key":"IJISCRAM.2018040103-22","author":"W.Polk","year":"2010","journal-title":"Industrial Cyber Security From the Perspective of the Power Sector"},{"key":"IJISCRAM.2018040103-23","unstructured":"SANS Institute. (2014). Creating a Threat Profile for Your Organization."},{"key":"IJISCRAM.2018040103-24","unstructured":"US Dept of Homeland Security. (2014). Industrial Control Systems Assessments FY 2014 Overview and Analysis. Industrial Control Systems Cyber Emergency Response Team."},{"key":"IJISCRAM.2018040103-25","unstructured":"Soullie, A. (2014). Industrial Control Systems: Pentesting PLCs 101. In Blackhat conference."},{"key":"IJISCRAM.2018040103-26","author":"F.Stahl","year":"2015","journal-title":"2015 Data Breach Investigation Report"},{"key":"IJISCRAM.2018040103-27","unstructured":"U.S. Department of Defense. (2006). Joint Publication 3-13: Information Operations."},{"key":"IJISCRAM.2018040103-28","author":"K.Wilhoit","year":"2013","journal-title":"Who\u2019s Really Attacking your ICS Equipment?"},{"key":"IJISCRAM.2018040103-29","unstructured":"Wilson, C. (2009). Cyberpower and National Security."},{"key":"IJISCRAM.2018040103-30","author":"C.Wilson","year":"2014","journal-title":"Cyberterrorism: Understanding, Assessment, and Response"}],"container-title":["International Journal of Information Systems for Crisis Response and Management"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=222739","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,5]],"date-time":"2022-05-05T21:59:11Z","timestamp":1651787951000},"score":1,"resource":{"primary":{"URL":"http:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/IJISCRAM.2018040103"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2018,4]]},"references-count":31,"journal-issue":{"issue":"2"},"URL":"https:\/\/doi.org\/10.4018\/ijiscram.2018040103","relation":{},"ISSN":["1937-9390","1937-9420"],"issn-type":[{"value":"1937-9390","type":"print"},{"value":"1937-9420","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,4]]}}}