Cyber security password policy for industrial control networks

Abstract

An enormous growing of Information Technology and its applications in diverse fields enables us to think for digital world wherein cyberspace is being emerged significantly. After land, sea, air and space, cyberspace is the fifth domain where cybercrime, espionage and cyber weapons are on rising day by day. As a result, cyber security is a multi-dimensional concept and a complex issue straddling many disciplines and fields. Development of Information Technology makes possible to automate the industrial control system (ICS) for its efficient and remote operations. The automation in turn makes the industrial control system vulnerable to cyber security threats. Keeping in mind cyber security as a multi-dimensional complex issue, in this paper we have proposed a password policy for industrial control networks (ICNs) to have highest level of security. Our proposed password policy provides a set of guidelines for all involved individuals and associated systems in ICN and ICS ((IC)2NS) with aim ensure security aspects such as authentication, authorization, confidentiality, integrity, availability, non-repudiation and cyber security best practices in (IC)2NS. The password policy covers password creation criteria, minimum required length of password and character sets for password composition. We have also discussed about the purpose, scope, policy exception, review and enforcement of the password policy in (IC)2NS.