On the use of open-source firewalls in ICS/SCADA systems

Nivethan, Jeyasingam; Papa, Mauricio

doi:10.1080/19393555.2016.1172283

Cited by 13 publications

(7 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This approach is not validated and to some extent duplicates the work of Human Machine Interfaces (HMIs) in SCADA. Moreover, the authors in Nivethan and Papa (2016b) analyze the use of open source firewalls in SCADA/ICS and propose to use iptables}for filtering SCADA traffic. Using string matching they detect, e.g., unauthorized write commands and test this approach on Modbus/TCP traffic.…”

Section: Process-aware Monitoringmentioning

confidence: 99%

“…Related work in the field of process-aware IDS techniques distinguishes between learning-(e.g., (Caselli et al 2015;Hadžiosmanović et al 2014)) and specification-based (e.g., (Lin et al 2016;Urbina et al 2016;Koutsandria et al 2014;Nivethan and Papa 2016b;Bao et al 2016;Mashima et al 2016)) approaches. The latter then either uses static (e.g., (Nivethan and Papa 2016b)) or dynamic (e.g., (Lin et al 2016;Urbina et al 2016)) rules for detecting and/or preventing malicious commands. The specificationbased approaches are closely related to the approach presented in this paper.…”

Section: Introductionmentioning

confidence: 99%

“…The specificationbased approaches are closely related to the approach presented in this paper. However, they can either not be used in the field stations (Lin et al 2016), are able to detect but not prevent malicious commands (Urbina et al 2016;Nivethan and Papa 2016b), or do not implement a dynamic policy depending on the system state (Koutsandria et al 2014). Simulation testbeds mainly differ in the power equation solvers.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

An integrated testbed for locally monitoring SCADA systems in smart grids

2018

View full text Add to dashboard Cite

A testbed for evaluating if and how process-aware monitoring may increase the security of decentralized SCADA networks in power grids is presented. The testbed builds on the co-simulation framework Mosaik, and co-simulates in an integrated way, the power distribution network on different voltage levels, as well as the control network (Modbus/TCP). The existing simulators were extended to allow topology changes, and a controller (RTU) simulator connected to a SCADA server enabling remote control was implemented. Using the developed testbed, a recently proposed local monitoring approach was investigated. The results show that for so-called interlocks the proposed monitoring approach prevents the execution of 33.3% of the commands, that would result in an unsafe state of the power distribution grid. Furthermore, it is shown that unsafe transformer tap positions can also be avoided. To illustrate the relevance and importance of the proposed testbed, a detailed comparison of related work on process-aware intrusion detection approaches and testbeds combining (parts of) the control network and the power grid is provided.

show abstract

Section: Process-aware Monitoringmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

An integrated testbed for locally monitoring SCADA systems in smart grids

2018

View full text Add to dashboard Cite

show abstract

“…One of the first recommendation is to segment the SCADA network from the enterprise one using suitable firewalls to protect PLCs/RTUs from unauthorized requests that originate from outside the field. [12] In time-critical systems, firewalls must be carefully introduced for reducing additional packet latency. Filtering unwanted traffic by means of a firewall can increase the network performances.…”

Section: Related Workmentioning

confidence: 99%

Smart Behavioural Filter for Industrial Internet of Things

Corbò¹,

Foglietta²,

Palazzo³

et al. 2017

Mobile Netw Appl

View full text Add to dashboard Cite

We are currently experiencing the fourth industrial revolution. This is what the German government initiative, first, has identified with 'Industry 4.0'. The manufacturing future will be marked and will go through the new automation technologies that are being introduced with Industrial Internet of Things (I2oT). Industrial Control Systems (ICSs) are exploiting I2oT for reducing costs and improving efficiency. However, ICSs are already jeopardized by an increasingly large set of threat vectors. Those threats are used by malicious actors to misuse physical Critical Infrastructures that usually are vital services for well-being. I2oT implementation increases the threat surface, generating new possible vulnerabilities.Information Technology (IT) classical approaches to cyber attacks cannot be applied to ICS due to their extreme differences from main priorities to resource constrains. Therefore, innovative approaches and equipment must be developed to suit with ICS world. In this paper, a Smart Behavioural Filter (SBF) for the PLCs (Programmable Logic Controllers) is proposed aiming to secure the PLC itself against logic attacks, that are stealth for other more classical security approaches. An example of the considered logic attacks is many open and close commands towards a valve in a short time. Those logic attacks are usually a sequence of well-formed packets in which the content

show abstract

“…One of the first recommendation is to segment the SCADA network from the enterprise one using suitable firewalls in order to protect PLCs/RTUs from unauthorized requests that originate from outside the field. [7] In time-critical systems, firewalls must be carefully introduced for reducing additional packet latency. Filtering unwanted traffic by means of a firewall can increase the network performances.…”

Section: Related Workmentioning

confidence: 99%

Smart Behavioural Filter for SCADA Network

Corbò

Foglietta

Palazzo

et al. 2017

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

View full text Add to dashboard Cite

Industrial Control Systems (ICS) are jeopardized from a large set of threat vectors, which exploit their vulnerabilities in order to impact the physical Critical Infrastructures they control. The Information Technology (IT) classical approach to cyber attacks can not be applied to ICS due to their extreme differences from main priorities to resource constrains. Therefore, innovative approaches and equipment must be developed in order to suit with ICS world. In this paper, a Smart Behavioural Filter (SBF) for the PLCs/RTUs is proposed aiming to secure the PLC/RTU itself against logic attacks, that are stealth for other more classical security approaches. Those logic attacks are usually anomaly behaviours, for instance a large number of open/close commands towards a valve. This smart field equipment can communicate with other equipment like itself in order to react in short time to cyber attacks and increase the resilience of the physical system. It can also generate alarms for the local Intrusion Detection System (IDS) The proposed equipment has been developed and validated in a real test-bed within the FP7 CockpitCI project. The results are promising.

show abstract

On the use of open-source firewalls in ICS/SCADA systems

Cited by 13 publications

References 8 publications

An integrated testbed for locally monitoring SCADA systems in smart grids

An integrated testbed for locally monitoring SCADA systems in smart grids

Smart Behavioural Filter for Industrial Internet of Things

Smart Behavioural Filter for SCADA Network

Contact Info

Product

Resources

About