Next Article in Journal
UIGuider: Detecting Implicit Design Guidelines Using a Domain Knowledge Graph Approach
Previous Article in Journal
Global Maximum Power Point Tracking of Photovoltaic Module Arrays Based on an Improved Intelligent Bat Algorithm
Previous Article in Special Issue
Dynamic Data Abstraction-Based Anomaly Detection for Industrial Control Systems
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Electronics
Volume 13
Issue 7
10.3390/electronics13071208
Review Report
electronics-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

A Systematic Analysis of Security Metrics for Industrial Cyber–Physical Systems

Electronics 2024, 13(7), 1208; https://doi.org/10.3390/electronics13071208
by Giacomo Gori, Lorenzo Rinieri, Andrea Melis, Amir Al Sadi, Franco Callegati and Marco Prandini *
Reviewer 1:
Andres Annuk
Reviewer 2:
Luis Pires
Electronics 2024, 13(7), 1208; https://doi.org/10.3390/electronics13071208
Submission received: 19 February 2024 / Revised: 18 March 2024 / Accepted: 20 March 2024 / Published: 25 March 2024
(This article belongs to the Special Issue Cybersecurity and Privacy Issues in Cyber-Physical Systems and Industrial Control Systems)

Round 1

Reviewer 1 Report

Comments and Suggestions for Authors

The strength of the article is the proper handling of security metrics of industrial cyber-physical systems. Cyber security is nowadays often an essential question in Industry. Positive, that in supplementary materials is presented calculation mode.

 

1.       In affiliataions, if have oneaffiliation and authors are on one department, not needed tos et the cross after all authored. Enough to mark the corresponding author.

2.       In introduction needs clearly express work aim and objectives.

3.       In row 16-17 keywords not needed capital letters in beginning on words and separate these by semicolon, not commas.

4.       Beginning of page 3. Not allowed underline citations in pages. It needs to organise to references.

5.       On page 6. What is Algorithm 1. Isi t figuure or table? It needs to decide,

6.       All tables.The heading of table isu p the table, not in down.

 

 

Author Response

We would like to thank Reviewer 1 for the valuable suggestions, and we would like to respond to the comments as follows.

COMMENT 1: “The strength of the article is the proper handling of security metrics of industrial cyber-physical systems. Cyber security is nowadays often an essential question in Industry. Positive, that in supplementary materials is presented calculation mode.

  1.       In affiliations, if have one affiliation and authors are in one department, no need to et the cross after all authored. Enough to mark the corresponding author.”

RESPONSE: We fixed the marks as suggested.

 

COMMENT 2: “In introduction needs clearly express work aim and objectives.”

RESPONSE: We slightly modified the introduction, which states the aim and objectives of our work; citing our submission: 

To better understand the effectiveness of a validated set of security metrics and show tangible preliminary results, we chose a real use case scenario, Industrial Cyber-Physical Systems (ICPS), in which to perform a systematic approach to collect, filter, and validate metrics that can be used in practice….For this reason, in this work, we analyze the current state of the art in the selection of security metrics and we propose a methodology to gather, filter, and validate security metrics. Then, we apply the procedure to the ICPS domain gathering 291 metrics from the literature, analyzing the domain to identify the properties useful to filter the metrics, and applying a validation framework to assess the validity of the filtered metrics, obtaining a final set capable of measuring security from different perspectives. This paper proceeds hereinafter with….

 

COMMENT 3: “In rows 16-17 keywords not needed capital letters in beginning on words and separate these by semicolon, not commas.”

RESPONSE: We fixed the keyword list as suggested.

 

COMMENT 4: “Beginning of page 3. Not allowed underline citations in pages. It needs to organize to references.”

RESPONSE: We do not understand what “underline citations” refers to. Does it refer to footnotes or to something else? Please, better clarify this if it is possible in order to correctly address this comment.

 

COMMENT 5: “On page 6. What is Algorithm 1. Is it figure or table? It needs to decide”

RESPONSE: We defined the algorithm in a clearer way, as a figure.

 

COMMENT 6: “All tables. The heading of table is up the table, not in down.”

RESPONSE: We moved the caption of Tables 1, 2, and 3 over the tables.

Reviewer 2 Report

Comments and Suggestions for Authors

The made some justifications:

Line 270: how you collect that metrics

Section 5: is not clear how the environment of CPS industrial impacts in the metrics of security

Based on your study how garantee that there ar low possibilities of Internet attack where we have a CPS controlled remotly

 

In abbreviations: alphabetic orde

Author Response

We would like to thank Reviewer 2 for the valuable suggestions, and we would like to respond to the comments as follows.

COMMENT 1: “The made some justifications:

Line 270: how you collect that metrics”

RESPONSE: We added lines 270-290 (of the diff file) to explain clearly the way we collect those metrics.

 

COMMENT 2: “Section 5: is not clear how the environment of CPS industrial impacts in the metrics of security. Based on your study how guarantee that there are low possibilities of Internet attack where we have a CPS controlled remotely”

RESPONSE: We modified lines 411-416 to explain better the impact of the ICPS environment. The metrics related to Internet attacks, as well as all the gathered metrics, are validated using the CSSM framework so they have to respect the “Reproducible'' property. This property states that the metric evaluation is independent from the environment in which it is performed. Therefore, the final set of metrics must be applicable both to normal CPS and to CPS controlled remotely. 

 

COMMENT 3: “In abbreviations: alphabetic order”

RESPONSE: We rewrote the abbreviation list in alphabetical order.



Back to TopTop