Smart Behavioural Filter for Industrial Internet of Things
- 343 Downloads
We are currently experiencing the fourth industrial revolution. This is what the German government initiative, first, has identified with ‘Industry 4.0’. The manufacturing future will be marked and will go through the new automation technologies that are being introduced with Industrial Internet of Things (I2oT). Industrial Control Systems (ICSs) are exploiting I2oT for reducing costs and improving efficiency. However, ICSs are already jeopardized by an increasingly large set of threat vectors. Those threats are used by malicious actors to misuse physical Critical Infrastructures that usually are vital services for well-being. I2oT implementation increases the threat surface, generating new possible vulnerabilities. Information Technology (IT) classical approaches to cyber attacks cannot be applied to ICS due to their extreme differences from main priorities to resource constrains. Therefore, innovative approaches and equipment must be developed to suit with ICS world. In this paper, a Smart Behavioural Filter (SBF) for the PLCs (Programmable Logic Controllers) is proposed aiming to secure the PLC itself against logic attacks, that are stealth for other more classical security approaches. An example of the considered logic attacks is many open and close commands towards a valve in a short time. Those logic attacks are usually a sequence of well-formed packets in which the content represents an anomalous and unpredicted behaviour. This smart field equipment can react in short time to cyber attacks isolating the PLC, communicate with other equipment like itself and increasing in general the resilience of the physical system. It can also generate alarms for the local Intrusion Detection System (IDS). The proposed equipment has been developed and validated in a real test-bed within the FP7 CockpitCI project and H2020 ATENA project.
KeywordsIndustrial control system Security Logical filtering Industrial internet of things (I2oTs) Industry 4.0
The research paper is partially supported by the European Union’s Horizon 2020 research and innovation programme under Grant Agreement No. 700581 (ATENA - Advanced Tools to Assess and Mitigate the Criticality of ICT Components and Their Dependencies over Critical Infrastructures) www.atena-h2020.eu.
- 1.Modicon M340 - Schneider Electric. http://www.schneider-electric.com/en/product-range/1468-modicon-m340/
- 2.The Bro Network Security Monitor. https://www.bro.org/
- 4.Di Pietro A, Foglietta C, Palmieri S, Panzieri S (2013) Assessing the impact of Cyber attacks on interdependent physical systems. Springer, Berlin Heidelberg, pp 215–227. doi: 10.1007/978-3-642-45330-4_15. http://link.springer.com/10.1007/978-3-642-45330-4_15 Google Scholar
- 5.Feng Y, Foglietta C, Baiocco A, Panzieri S, Wolthusen SD (2013) Malicious false data injection in hierarchical electric power grid state estimation systems. In: Proceedings of the the fourth international conference on Future energy systems - e-Energy ’13. ACM Press, New York, p 183. doi: 10.1145/2487166.2487187. http://dl.acm.org/citation.cfm?doid=2487166.2487187 Google Scholar
- 6.Fung CJ, McCormick B (2015) VGuard: a distributed denial of service attack mitigation method using network function virtualization. In: 2015 11th International conference on network and service management (CNSM). IEEE, pp 64–70. doi: 10.1109/CNSM.2015.7367340. http://ieeexplore.ieee.org/document/7367340/
- 12.Nivethan J, Papa M (2016) On the use of open-source firewalls in ICS/SCADA systems. Inf Secur J Glob Perspect 25(1–3):83–93. doi: 10.1080/19393555.2016.1172283. http://www.tandfonline.com/doi/full/10.1080/19393555.2016.1172283 CrossRefGoogle Scholar
- 13.Piggin R. (2013) Development of industrial cyber security standards: IEC 62443 for scada and industrial control system security. In: IET Conference on control and automation 2013: uniting problems and solutions. Institution of Engineering and Technology, pp 11–11. doi: 10.1049/cp.2013.0001. http://digital-library.theiet.org/content/conferences/10.1049/cp.2013.0001