|
|
|
|
CWRAF Vignette Details - Domain chemical
The MITRE Corporation Copyright © 2013 http://cwe.mitre.org/cwraf/
|
|
CWRAF version: 0.8.3 |
Date: April 3, 2013 |
Project Coordinator:
Bob Martin (MITRE)
|
Document Editor:
Steve Christey (MITRE)
|
CWRAF Vignettes - chemical
CWRAF Vignettes - chemical
Within the Common Weakness Risk Analysis
Framework (CWRAF), a vignette
provides a shareable, formalized way to define a particular
environment, the role that software plays within that environment, and
an organization's priorities with respect to software security. It
identifies essential resources and capabilities, as well as their
importance relative to security principles such as confidentiality,
integrity, and availability. For example, in an e-commerce context,
99.999% uptime may be a strong business requirement that drives the
interpretation of the severity of discovered weaknesses.
Vignettes allow CWSS to
support diverse audiences who may have different requirements for how
to prioritize weaknesses. CWSS scoring can occur within the context of a vignette.
This page currently contains details for 1 vignettes within
the "chemical" domain. These are illustrative only; the CWRAF
community will help to refine these and develop others. Feedback is
welcome.
|
Vignette Summary
Vignette Summary
| Name | Description |
| Chemical Flow Control | A SCADA-based flow control system for a chemical plant. Underlying technology -
heavy C usage. Systems developed in pre-Internet era with management consoles
interfacing to them. |
Vignette Details
Vignette Details
Vignette Definition: Chemical Flow Control
| Name | Chemical Flow Control
| | ID | chem-flow
| | Maturity | stub
| | Domain | chemical
| | Desc | A SCADA-based flow control system for a chemical plant. Underlying technology -
heavy C usage. Systems developed in pre-Internet era with management consoles
interfacing to them.
| | Archetypes | Process Control Systems |
| Business Value Context (BVC) | Compromise could result in ecological disaster, explosions, poison. Availability
requirements are high in order to continually monitor and maintain a stable state.
Integrity can be very high because of the ability to control or modify physical
systems. Confidentiality is probably much less important.
| | Notes |
| | References | No references recorded.
|
Technical Impact Scorecard
| Impact | Layer | Subscore | Notes
| | Modify data | System | |
| | Modify data | Application | |
| | Modify data | Network | |
| | Modify data | Enterprise | |
| | Read data | System | |
| | Read data | Application | |
| | Read data | Network | |
| | Read data | Enterprise | |
| | DoS: unreliable execution | System | |
| | DoS: unreliable execution | Application | |
| | DoS: unreliable execution | Network | |
| | DoS: unreliable execution | Enterprise | |
| | DoS: resource consumption | System | |
| | DoS: resource consumption | Application | |
| | DoS: resource consumption | Network | |
| | DoS: resource consumption | Enterprise | |
| | Execute unauthorized code or commands | System | |
| | Execute unauthorized code or commands | Application | |
| | Execute unauthorized code or commands | Network | |
| | Execute unauthorized code or commands | Enterprise | |
| | Gain privileges / assume identity | System | |
| | Gain privileges / assume identity | Application | |
| | Gain privileges / assume identity | Network | |
| | Gain privileges / assume identity | Enterprise | |
| | Bypass protection mechanism | System | |
| | Bypass protection mechanism | Application | |
| | Bypass protection mechanism | Network | |
| | Bypass protection mechanism | Enterprise | |
| | Hide activities | System | |
| | Hide activities | Application | |
| | Hide activities | Network | |
| | Hide activities | Enterprise | |
|
More information is available — Please edit the custom filter or select a different filter.
|
