Challenges and opportunities in securing industrial control systems

Hadžiosmanović, Dina; Bolzoni, Damiano; Etalle, Sandro; Hartel, Pieter H.

doi:10.1109/compeng.2012.6242970

Cited by 28 publications

(21 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…1) [8,20]. More generally, Layer 1 is the basic control layer, and it consists of physical field devices (drivers, sensors, actuators, et al) and programmable embedded electronic devices (PLCs, RTUs, DCS controllers, et al).…”

Section: Basic Layer Architecturementioning

confidence: 99%

“…Especially, the Stuxnet virus attacking Irans nuclear facilities sounds an alarm all over the world [7]. As described by Hadziosmanovic [8], one critical reason is due to the fact that these systems are not built with security in mind. Although there are various kinds of security methods in the regular IT system, the information security in the networked control system is essentially different from that in the IT system, and the traditional security methods cannot be applied directly.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Content-based deep communication control for networked control system

et al. 2016

View full text Add to dashboard Cite

In smart cities, the networked control system plays a significant role in transportation systems, power stations or other critical infrastructures, and it is facing many security issues. From this point, this paper proposes a content-based deep communication control approach to guarantee its security. Based on the layer architecture, this approach analyzes the interactive content in depth according to different industrial communication protocols, and implements the access control between two distinct enclaves. For OPC Classic, we acquire the dynamic port provided by OPC server, and open a new connection belonging to this port; for Modbus/TCP, we not only analyze the ordinary function codes and addresses, but also check the register or coil values by using the multi-bit Trie-tree matching algorithm. Besides, the white-listing strategy is introduced to satisfy the special requirements of industrial communication. Our experiment results show that, on the one hand the proposed approach pro- vides OPC and Modbus/TCP defenses in depth; on the other hand it has less than 1 ms forwarding latency and 0 packet loss rate when the rule number reaches 200, and all these meet the availability requirements in the networked control system. In particular, this approach has been successfully applied in several real-world petrochemical control systems.

show abstract

Section: Basic Layer Architecturementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Content-based deep communication control for networked control system

et al. 2016

View full text Add to dashboard Cite

show abstract

Section: Introductionmentioning

confidence: 99%

“…Traditional industrial technology networks rarely have regular network traffic due to their high variability (e.g., web users downloading different kinds of content from the Internet or interacting among themselves). However, even if an industrial control network maintains the same topology (i.e., a device always communicates with the same devices) [6], no checks are performed -nor is evidence is maintained -that the same sequences of messages are present in the inter-device communications.Another problem is that traditional network intrusion detection systems generally search for unusual messages and rarely focus on message sequences, causing sequence attacks to go unnoticed. Specification-based intrusion detection systems can deal with sequence attacks based on the misuse of communications protocols.…”

mentioning

confidence: 99%

Modeling Message Sequences for Intrusion Detection in Industrial Control Systems

Caselli

Zambon

Petit

et al. 2015

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Compared with standard information technology systems, industrial control systems show more consistent and regular communications patterns. This characteristic contributes to the stability of controlled processes in critical infrastructures such as power plants, electric grids and water treatment facilities. However, Stuxnet has demonstrated that skilled attackers can strike critical infrastructures by leveraging knowledge about these processes. Sequence attacks subvert infrastructure operations by sending misplaced industrial control system messages. This chapter discusses four main sequence attack scenarios against industrial control systems. Real Modbus, Manufacturing Message Specification and IEC 60870-5-104 traffic samples were used to test sequencing and modeling techniques for describing industrial control system communications. The models were then evaluated to verify the feasibility of identifying sequence attacks. The results create the foundation for developing "sequence-aware" intrusion detection systems.Keywords: Industrial control systems, sequence attacks, intrusion detection IntroductionCritical infrastructure assets such as power plants, electric grids and water treatment facilities have used control systems for many decades; however, until the turn of the century, they were primarily standalone systems. The Internet and network convergence have brought about many changes to critical infrastructure assets, the most important being their transformation from standalone systems to highly interconnected systems. This transformation has introduced advantages and disadvantages. On one hand, it facilitates the remote monitoring and management of industrial processes. On the other hand, traditional information technology attacks can be launched from afar, includ-50 CRITICAL INFRASTRUCTURE PROTECTION IX ing over the Internet, to compromise industrial control systems and the critical infrastructure assets they manage. This is the case of denial-of-service and distributed denial-of-service attacks. These attacks can target a specific device in an industrial control network and flood it with a massive number of packets until it is no longer able to operate normally. This can reduce or eliminate operator situational awareness and eventually impact the coordination and control of infrastructure assets, potentially affecting the larger infrastructure and connected infrastructures, leading to serious consequences to industry, government and society.Another example involves semantic attacks. Unlike standard cyber attacks, semantic attacks exploit knowledge of specific control systems and physical processes to maximize damage. Stuxnet [4,16] is probably the most wellknown attack of this type. Meanwhile, numerous reports from the U.S. ICS-CERT have described exploits on industrial devices, such as programmable logic controllers and SCADA servers, that are triggered by carefully-crafted messages (see, e.g., [9]). Sequence attacks are a type of semantic attack. Instead of using modified message headers or pa...

show abstract

“…Finally, we discus promising approaches for detecting the identified threats. This work has appeared as a journal article [1] and a refereed workshop paper [6].…”

Section: Thesis Overviewmentioning

confidence: 99%

Process matters: cyber security in industrial control systems

Hadžiosmanović¹

Self Cite

View full text Add to dashboard Cite

Challenges and opportunities in securing industrial control systems

Cited by 28 publications

References 13 publications

Content-based deep communication control for networked control system

Content-based deep communication control for networked control system

Modeling Message Sequences for Intrusion Detection in Industrial Control Systems

Process matters: cyber security in industrial control systems

Contact Info

Product

Resources

About