Biblio
Industrial control systems are moving from monolithic to distributed and cloud-connected architectures, which increases system complexity and vulnerability, thus complicates security analysis. When exhaustive verification accounts for this complexity the state space being sought grows drastically as the system model evolves and more details are considered. Eventually this may lead to state space explosion, which makes exhaustive verification infeasible. To address this, we use VDM-SL's combinatorial testing feature to generate security attacks that are executed against the model to verify whether the system has the desired security properties. We demonstrate our approach using a cloud-connected industrial control system that is responsible for performing safety-critical tasks and handling client requests sent to the control network. Although the approach is not exhaustive it enables verification of mitigation strategies for a large number of attacks and complex systems within reasonable time.
We address the need for security requirements to take into account risks arising from complex supply chains underpinning cyber-physical infrastructures such as industrial control systems (ICS). We present SEISMiC (SEcurity Industrial control SysteM supply Chains), a framework that takes into account the whole spectrum of security risks - from technical aspects through to human and organizational issues - across an ICS supply chain. We demonstrate the effectiveness of SEISMiC through a supply chain risk assessment of Natanz, Iran's nuclear facility that was the subject of the Stuxnet attack.
Nowadays, the industrial control systems (ICS) face many challenges, where security is becoming one of the most crucial. This fact is caused by new connected environment, which brings among new possibilities also new vulnerabilities, threats, or possible attacks. The criminal acts in the ICS area increased over the past years exponentially, which caused the loss of billions of dollars. This also caused classical Intrusion Detection Systems and Intrusion Prevention Systems to evolve in order to protect among IT also ICS networks. However, these systems need sufficient data such as traffic logs, protocol information, attack patterns, anomaly behavior marks and many others. To provide such data, the requirements for the test environment are summarized in this paper. Moreover, we also introduce more than twenty common vulnerabilities across the ICS together with information about possible risk, attack vector (point), possible detection methods and communication layer occurrence. Therefore, the paper might be used as a base-ground for building sufficient data generator for machine learning and artificial intelligence algorithms often used in ICS/IDS systems.
Integrating Industrial Control Systems (ICS) with Corporate System (IT) is one of the most important industrial orientations. With recent cybersecurity attacks, the security of integrated ICS systems has become the priority of industrial world. Access control technologies such as firewalls are very important for Integrated ICS (IICS) systems to control communication across different networks to protect valuable resources. However, conventional firewalls are not always fully compatible with Industrial Control Systems. In fact, firewalls can introduce significant latency while ICS systems usually are very demanding in terms of timing requirements. Besides, most of existing firewalls do not support all industrial protocols. This paper proposes a new access control model for integrated ICS systems based on Domain and Type Enforcement (DTE). This new model allows to define and apply enforced access controls with respect of ICS timing requirements. Access controls definition is based on a high level language that can be used by ICS administrators with ease. This paper also proposes an initial generic ruleset based on the ISA95 functional model. This generic ruleset simplifies the deployment of DTE access controls and provides a good introduction to the DTE concepts for administrators.
With the latest development of hydroelectric power generation system, the industrial control network system of hydroelectric power generation has undergone the transformation from the dedicated network, using proprietary protocols to an increasingly open network, adopting standard protocols, and increasing integration with hydroelectric power generation system. It generally believed that with the improvement of the smart grid, the future hydroelectric power generation system will rely more on the powerful network system. The general application of standardized communication protocol and intelligent electronic equipment in industrial control network provides a technical guarantee for realizing the intellectualization of hydroelectric power generation system but also brings about the network security problems that cannot be ignored. In order to solve the vulnerability of the system, we analyze and quantitatively evaluate the industrial control network of hydropower generation as a whole, and propose a set of attack and defense strategies. The method of vulnerability assessment with high diversity score proposed by us avoids the indifference of different vulnerability score to the greatest extent. At the same time, we propose an optimal attack and defense decision algorithm, which generates the optimal attack and defense strategy. The work of this paper can distinguish the actual hazards of vulnerable points more effectively.
Industrial control systems (ICS) have been widely adopted in mission-critical infrastructures. However, the increasing prevalence of cyberattacks targeting them has been a critical security concern. On the other hand, the high real-time and availability requirements of ICS limits the applicability of certain available security solutions due to the performance overhead they introduce and the system unavailability they cause. Moreover, scientific metrics (mathematical models) are not available to evaluate the efficiency and resilience of security solutions in the ICS context. Hence, in this paper, we propose ICS-SEA to address the ICS design constraints of Security, Efficiency, and Availability (SEA). Our ICS-SEA formally models the real-time constraints and physical-state resiliency quantitatively based on a typical ICS. We then design two real-world ICS testbeds and evaluate the efficiency and resilience of a few selected security solutions using our defined models. The results show that our ICS-SEA is effective to evaluate security solutions against the SEA conflicting design constraints in ICS.
Industrial Control Systems (ICS) such as Supervisory Control And Data Acquisition (SCADA), Distributed Control Systems (DCS) and Distributed Automation Systems (DAS) control and monitor critical infrastructures. In recent years, proliferation of cyber-attacks to ICS revealed that a large number of security vulnerabilities exist in such systems. Excessive security solutions are proposed to remove the vulnerabilities and improve the security of ICS. However, to the best of our knowledge, none of them presented or developed a security test-bed which is vital to evaluate the security of ICS tools and products. In this paper, a test-bed is proposed for evaluating the security of industrial applications by providing different metrics for static testing, dynamic testing and network testing in industrial settings. Using these metrics and results of the three tests, industrial applications can be compared with each other from security point of view. Experimental results on several real world applications indicate that proposed test-bed can be successfully employed to evaluate and compare the security level of industrial applications.
The goal of this document is to provide knowledge of Security for Industrial Control Systems (ICS,) such as supervisory control and data acquisition (SCADA) which is implemented in power transmission network, power stations, power distribution grids and other big infrastructures that affect large number of persons and security of nations. A distinction between IT and ICS security is given to make a difference between the two disciplines. In order to avoid intrusion and destruction of industrials plants, some recommendations are given to preserve their security.
Industrial control systems are cyber-physical systems that are used to operate critical infrastructures such as smart grids, traffic systems, industrial facilities, and water distribution networks. The digitalization of these systems increases their efficiency and decreases their cost of operation, but also makes them more vulnerable to cyber-attacks. In order to protect industrial control systems from cyber-attacks, the installation of multiple layers of security measures is necessary. In this paper, we study how to allocate a large number of security measures under a limited budget, such as to minimize the total risk of cyber-attacks. The security measure allocation problem formulated in this way is a combinatorial optimization problem subject to a knapsack (budget) constraint. The formulated problem is NP-hard, therefore we propose a method to exploit submodularity of the objective function so that polynomial time algorithms can be applied to obtain solutions with guaranteed approximation bounds. The problem formulation requires a preprocessing step in which attack scenarios are selected, and impacts and likelihoods of these scenarios are estimated. We discuss how the proposed method can be applied in practice.