Improving network security monitoring for industrial control systems

Cruz, Tiago; Barrigas, Jorge; Proença, Jorge; Graziano, A.; Panzieri, Stefano; Lev, L. L.; Simões, Paulo

doi:10.1109/inm.2015.7140399

Cited by 41 publications

(20 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The PIDS encompasses several kinds of detection agents, including existing components (such as the Snort NIDS [35] or the OSSEC HIDS [36], which are customized and integrated using coupling adaptors) as well as components specifically developed for this architecture, like the SCADA Honeypot [30] [37], the Shadow Security Unit (SSU) [38], Host Output Traffic Control, or the Exec, Vulnerability and Behaviour checker agents [28]. Among these agents, the first two constitute innovative concepts for domain-specific components that will be next discussed in more detail, from a research point of view.…”

Section: A Innovative Detection Agentsmentioning

confidence: 99%

From Detecting Cyber-Attacks to Mitigating Risk Within a Hybrid Environment

Foglietta

Masucci

Palazzo

et al. 2019

IEEE Systems Journal

Self Cite

View full text Add to dashboard Cite

Telecommunication networks based on commonplace technologies (such as Ethernet) often constitute a vulnerable attack vector against modern Critical Infrastructures (CIs), particularly for Supervisory Control and Data Acquisition (SCADA) systems, which rely on them for monitoring and controlling physical components. This article presents a unique platform that encompasses a range of capabilities, from cyber attack detection to mitigation strategies, through interdependency and risk evaluation. The platform is made of two main components: a cyber attack detection subsystem and a risk assessment framework. Both blocks are innovative from a research point of view and they have been developed and customized to fit the CIs' features, that are completely different from telecommunication networks. This platform has been tested on a hybrid environment testbed, made of virtual and real components, within the scope of the EU FP7 CockpitCI and EU H2020 ATENA projects. The case study corresponds to a medium voltage power grid controlled by a SCADA control center, where the platform has been validated with optimal results in terms of detection capabilities and time response. Index Terms-cyber attack detection risk assessment, decision support systems, cyber-physical systems, supervisory control and data acquisition (SCADA) I. INTRODUCTION T HE concept of Critical Infrastructure has been changing over the past years. This notion, which was mainly related to the public sector during the 1980s [1], was redefined as a matter of national security [2] during the 1990s, and particularly after 9/11. This comes as no surprise, as CIs are the key assets, systems or networks of our lives; their partial destruction would have a negative effect on security, economy and public health. With time, the definition of CI has been extended to include other services. The concept of "lifeline system" was developed to evaluate large and geographically distributed networks, such as electric power, gas and liquid fuels, telecommunications, transportation, waste disposal and water supply. Thinking about CIs through the subset of lifelines helps clarify common

show abstract

Section: A Innovative Detection Agentsmentioning

confidence: 99%

From Detecting Cyber-Attacks to Mitigating Risk Within a Hybrid Environment

Foglietta

Masucci

Palazzo

et al. 2019

IEEE Systems Journal

Self Cite

View full text Add to dashboard Cite

show abstract

“…The ATENA architecture is based on the outcomes of both the MICIE [9] and the CockpitCI [10] projects. The goal of the aforementioned projects is the development of a security platform for inter-dependent CIs.…”

Section: Related Work: the Logic Behind The Atena Projectmentioning

confidence: 99%

“…The PIDS agents are able to incapsulate customized third party modules (e.g., the Snort NIDS [12] or the OSSEC HIDS [13]), which are integrated using coupling modules), as well as components specifically developed for CockpitCI (e.g., the Shadow Security Unit (SSU) [10], the SCADA Honeypot [14] [15], Host Output Traffic Control, or the Vulnerability, Behaviour 6 and Exec checker agents [11]). The RP in CockpitCI represents an improvement with respect to the one developed in MICIE.…”

Section: Related Work: the Logic Behind The Atena Projectmentioning

confidence: 99%

Integrated protection of industrial control systems from cyber-attacks: the ATENA approach

Adamsky

Aubigny

Battisti

et al. 2018

International Journal of Critical Infrastructure Protection

View full text Add to dashboard Cite

Industrial and Automation Control systems traditionally achieved security thanks to the use of proprietary protocols and isolation from the telecommunication networks. Nowadays, the advent of the Industrial Internet of Things poses new security challenges. In this paper, we first highlight the main security challenges that advocate for new risk assessment and security strategies.To this end we propose a security framework and advanced tools to properly manage vulnerabilities, and to timely react to the threats. The proposed architecture fills the gap between computer science and control theoretic approaches. The physical layers connected to Industrial Control Systems are prone to disrupt when facing cyber-attacks. Considering the modules of the proposed architecture, we focus on the development of a practical framework to compare information about physical faults and cyber-attacks. This strat-egy is implemented in the ATENA architecture which has been designed as an innovative solution for the protection of critical assets.

show abstract

“…When an incident has occurred the additional hardware device could then be detached or SD card simply removed for data extraction and forensic analysis without the need to interact in any way with the PLC. To reduce the risk of interference with the wrapper or a network tap being placed between the field device and wrapper the additional hardware A similar concept, the SSU (Shadow Security Unit), has recently been put forth by T. Cruz (Cruz et al 2015), which implements a hardware device in parallel with SCADA field devices allowing for continuous assessment of their security and operational status. The SSU is a solution for improving the security within SCADA systems at the PLC level, whereas the forensic hardware wrapper proposed in this paper is more focused on the forensic recovery and increased data retention of field device artefacts post-incident.…”

Section: Implementation Of Scada Forensic Hardwarementioning

confidence: 99%

A Forensic Taxonomy of SCADA Systems and Approach to Incident Response

Eden

Blyth

Burnap

et al. 2015

Electronic Workshops in Computing

View full text Add to dashboard Cite

SCADA systems that monitor and control Critical National Infrastructure (CNI) are increasingly becoming the target of advanced cyber-attacks since their convergence with TCP/IP and other networks for efficient controlling. When a SCADA incident occurs the consequences can be catastrophic having an impact on the environment, economy and human life and therefore it is essential for a forensic investigation to take place. SCADA system forensics is an essential process within the cyber-security lifecycle that not only helps to identify the cause of an incident and those responsible but to help develop and design more secure systems of the future. This paper provides an overall forensic taxonomy of the SCADA system incident response model. It discusses the development of forensic readiness within SCADA system investigations, including the challenges faced by the SCADA forensic investigator and suggests ways in which the process may be improved.

show abstract

Improving network security monitoring for industrial control systems

Cited by 41 publications

References 6 publications

From Detecting Cyber-Attacks to Mitigating Risk Within a Hybrid Environment

From Detecting Cyber-Attacks to Mitigating Risk Within a Hybrid Environment

Integrated protection of industrial control systems from cyber-attacks: the ATENA approach

A Forensic Taxonomy of SCADA Systems and Approach to Incident Response

Contact Info

Product

Resources

About