A Guide to Securing Industrial Control Networks: Integrating IT and OT Systems

Paes, Richard; Mazur, David C.; Ostrzenski, Jack

doi:10.1109/mias.2019.2943630

Cited by 28 publications

(19 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…e Automatic Control Network is connected to numbers of HMIs and PLCs in fields, which are responsible for logic and control computing tasks to manipulate and regulate sensors or actuators in the Physical Control Network. Among them, the IT networks are made up of the Enterprise Control Network and the Perimeter Network, and other subnets belong to the OT networks [1].…”

Section: Methodsmentioning

confidence: 99%

“…Since information technology (IT) was introduced into all walks of life, the threat from hackers and virus attacks have never been got rid of. However, it does not prevent industrial enterprises from adopting the commercial-off-the-shelf software and hardware and the general network connectivity into operational technology (OT) networks, such as industrial control networks [1]. e IT/OT convergence provides attackers more opportunities to launch targeted attacks whose consequences can be disastrous against the real physical world.…”

Section: Introductionmentioning

confidence: 99%

“…Nevertheless, when implementing into the IT and OT networks, the planning-based method also suffers from several problems mainly in three aspects: (1) Despite the advantage of the PDDL descriptions in the modeling, it loses some heterogeneous and scattered information with the abstraction of the attacking knowledge and the network topology, which is unconducive to make sense of attack paths. (2) Most attack graph generation methods are limited by the scalability with the increasing scale of the network topology.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

An Automatic Planning-Based Attack Path Discovery Approach from IT to OT Networks

Wang

Zhang

Liu

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

With the convergence of IT and OT networks, more opportunities can be found to destroy physical processes by cyberattacks. Discovering attack paths plays a vital role in describing possible sequences of exploitation. Automated planning that is an important branch of artificial intelligence (AI) is introduced into the attack graph modeling. However, while adopting the modeling method for large-scale IT and OT networks, it is difficult to meet urgent demands, such as scattered data management, scalability, and automation. To that end, an automatic planning-based attack path discovery approach is proposed in this paper. At first, information of the attacking knowledge and network topology is formally represented in a standardized planning domain definition language (PDDL), integrated into a graph data model. Subsequently, device reachability graph partitioning algorithm is introduced to obtain subgraphs that are small enough and of limited size, which facilitates the discovery of attack paths through the AI planner as soon as possible. In order to further cope with scalability problems, a multithreading manner is used to execute the attack path enumeration for each subgraph. Finally, an automatic workflow with the assistance of a graph database is provided for constructing the PDDL problem file for each subgraph and traversal query in an interactive way. A case study is presented to demonstrate effectiveness of attack path discovery and efficiency with the increase in number of devices.

show abstract

Section: Methodsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

An Automatic Planning-Based Attack Path Discovery Approach from IT to OT Networks

Wang

Zhang

Liu

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…However, it can be seen from the above comparative analysis that due to the late start of China's industrialization, the manufacturing capacity and internet utilization capacity in the industrial field are relatively weak compared with those of developed countries. Therefore, it is necessary to take into account the development of both soft services and hard links, attach importance to IT/OT integration [25] [26]. A more systematic and comprehensive reference architecture of IIP should be developed from the hardware and software aspects.…”

Section: ) Further Consideration Of Reference Architecture Of Iipmentioning

confidence: 99%

Study on the Reference Architecture and Assessment Framework of Industrial Internet Platform

Qiu

Zhou

et al. 2020

IEEE Access

View full text Add to dashboard Cite

With the continuous innovation of new-generation information technology and its accelerated integration with manufacturing industry, industrial internet platforms (IIPs) are rapidly emerging worldwide. Construction and application of IIP has become a new focus in international competition for leading enterprises, and also a new direction of industrial development for many countries worldwide. However, the development of IIP is still in the stage of exploration, and the industry sector still lacks unified understanding of the IIP. Therefore, this study firstly proposes a reference architecture of IIP to clarify its framework and core functions, so as to provide a general reference model for the industry to understand and jointly promote construction of IIP. Secondly, an assessment system is proposed to evaluate the usage of IIP. The assessment framework is composed from three domains namely the foundation, key capability, value and benefit. Finally, the practical value of the reference architecture and the assessment framework of IIP is verified by an industry practice.

show abstract

“…First, ICS was originally designed mainly for a proprietary and closed infrastructure without considering too much about security issues, as traditional critical infrastructures are sort of isolated and are not vulnerable to cyberattacks. With these infrastructures being connected to the Internet through IoTs, a wide range of cyberattacks, including distributed denial-ofservice (DDoS), malware, breach attack, Brute force attack, Man-in-the-middle attack, SQL injection, and phishing, are threatening the operation of ICS to provision normal support for services [11], [12], [13], [14]. In addition, ICS is in a position for data acquisition in critical infrastructures.…”

mentioning

confidence: 99%

Convergence of Blockchain and Edge Computing for Secure and Scalable IIoT Critical Infrastructures in Industry 4.0

Dai

Wang

2021

IEEE Internet Things J.

226

View full text Add to dashboard Cite

Critical infrastructure systems are vital to underpin the functioning of a society and economy. Due to ever-increasing number of Internet-connected Internet-of-Things (IoTs) / Industrial IoT (IIoT), and high volume of data generated and collected, security and scalability are becoming burning concerns for critical infrastructures in industry 4.0. The blockchain technology is essentially a distributed and secure ledger that records all the transactions into a hierarchically expanding chain of blocks. Edge computing brings the cloud capabilities closer to the computation tasks. The convergence of blockchain and edge computing paradigms can overcome the existing security and scalability issues. In this paper, we first introduce the IoT/IIoT critical infrastructure in industry 4.0, and then we briefly present the blockchain and edge computing paradigms. After that, we show how the convergence of these two paradigms can enable secure and scalable critical infrastructures. Then, we provide a survey on state-of-the-art for security and privacy, and scalability of IoT/IIoT critical infrastructures. A list of potential research challenges and open issues in this area is also provided, which can be used as useful resources to guide future research.

show abstract

A Guide to Securing Industrial Control Networks: Integrating IT and OT Systems

Cited by 28 publications

References 1 publication

An Automatic Planning-Based Attack Path Discovery Approach from IT to OT Networks

An Automatic Planning-Based Attack Path Discovery Approach from IT to OT Networks

Study on the Reference Architecture and Assessment Framework of Industrial Internet Platform

Convergence of Blockchain and Edge Computing for Secure and Scalable IIoT Critical Infrastructures in Industry 4.0

Contact Info

Product

Resources

About