AIR4ICS: Agile Incident Response For Industrial Control Systems

Summary

The aim of this research is to establish and evaluate how agile methods and techniques will be integrated into traditional incident response processes to yield a value-focused and dynamic approach that embeds incident response in the overall business. The research will take into account changing risks and impacts during the course of an attack and maximise business utility by deriving value directly from the business processes the ICS is supporting. The objectives of this research are to:

Deliver an Agile Incident Response framework (AIR4ICS) that is tailored to the particular challenges of Industrial Control Systems to address the cyber physical nature and impacts of IR.
Apply and adapt agile management methods to the context of incident response to bring the benefits of a cross-functional team together with a continuously adaptive and value driven approach to incident response.
Evaluate AIR4ICS using an experiential learning platform to conduct three war-gaming exercises, bringing together RITICS partners, industry and CNI operators with direct value to beneficiaries.
Provide exposure and integration for RITICS and aligned industry research through the coordinated integration of research outputs in the war-gaming exercises.

Project members

Helge Janicke, Professor of Computer Science at De Montfort University

Dr. Janicke obtained his first degree in “practical informatics” from the University of Applied Sciences, Emden (Germany). He was awarded his PhD in 2007 from De Montfort University (DMU) and subsequently worked for the DIF-DTC consortium as a Research Fellow, funded jointly by QinetiQ and the Ministry of Defence. In 2008, Janicke worked for the University of Leicester as a Teaching Fellow leading several modules on software engineering, quality assurance and measurement theory. In January 2009, Janicke returned to DMU to lead the Computer Security and Trust research theme in the Software Technology Research Laboratory (STRL).

Janicke is mainly involved in research supervision and post-graduate teaching in Computer Security and Computer Forensic related subject areas. Janicke is principal investigator on a number of funding bids and is coordinating the CSC’s collaboration with E-Centre, an EU-funded training network for forensic investigators.

Dr Richard Smith, Research Lecturer in the School of Computer Science and Informatics at De Montfort University

Richard’s main activities currently focus on the exploitation of Satellite Radar Altimetry over land. Of particular interest, and the core of his PhD, are the benefits obtained by fusing the high vertical accuracy of the altimeter with high frequency content from other remote sensing techniques to produce new, improved Digital Elevation Models. He now works in the Cyber Technology Institute at De Montfort University, with an affiliation with the Cyber Security Centre.

Dr Ying He, Senior Lecturer of Computer Science in the School of Computer Science and Informatics at De Montfort University

Ying He obtained her PhD in Computer Science from Glasgow University, UK in 2015, under the supervision of Prof. Chris Johnson.

Ying’s research focuses on cyber threat intelligence, security incident response framework management, security risk management, security decision-making, business analytics in security and human’s aspects of security. She also looks at how security management frameworks and security mechanism can be applied in industry such as healthcare organisations.