Advertisement

Towards Computer-Aided Security Life Cycle Management for Critical Industrial Control Systems

  • Florian Patzer
  • Ankush Meshram
  • Pascal Birnstill
  • Christian Haas
  • Jürgen Beyerer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11260)

Abstract

Critical infrastructure experienced a transformation from isolated towards highly (inter-)connected systems. This development introduced a variety of new cyber threats, causing high financial damage, threatening lives and affecting the society. Known examples are Stuxnet, WannaCry and the attacks on the Ukrainian power grid. To prevent such attacks, it is indispensable to properly design, assess and maintain countermeasures and security strategies throughout the whole life cycle of the critical systems. For this, security has to be considered and assessed for every system design and redesign. However, common assessment tools and methodologies are not executed on a detailed system knowledge and therefore they are enhanced with penetration tests. Unfortunately, performing only abstract assessments is inadequate and penetration tests endanger the availability of the tested systems. Therefore, the latter cannot be performed on live systems executing critical processes. In this paper, we address these issues for Industrial Control Systems and explain how new concepts for continuous security-by-design or model-based system monitoring and automated vulnerability assessments can resolve them by exploiting new Industry 4.0 developments.

Keywords

ICS security Critical infrastructure security Security-by-design Automated vulnerability assessment Security life cycle management Defense-in-depth Knowledge base 

References

  1. 1.
    PLCopen and OPC Foundation: OPC UA Information Model for IEC 61131–3. Standard, OPC Foundation, March 2010Google Scholar
  2. 2.
    Bjorklund, M.: YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF). RFC 6020, RFC Editor, October 2010. https://rfc-editor.org/rfc/rfc6020.txt
  3. 3.
    CPNI: Cyber security assessments of industrial control systems: A good practice guide, April 2011Google Scholar
  4. 4.
    Dürkop, L., Imtiaz, J., Trsek, H., Wisniewski, L., Jasperneite, J.: Using OPC-UA for the auto configuration of real-time ethernet systems. In: 2013 11th IEEE International Conference on Industrial Informatics (INDIN), pp. 248–253, July 2013.  https://doi.org/10.1109/INDIN.2013.6622890
  5. 5.
    Enns, R., Bjorklund, M., Schoenwaelder, J., Bierman, A.: Network Configuration Protocol (NETCONF). RFC 6241, RFC Editor, June 2011. https://tools.ietf.org/html/rfc6241
  6. 6.
    Holm, H., Sommestadt, T., Ekstedt, M., Nordström, L.: Cysemol: Atool for cyber security analysis of enterprises. In: 22nd International Conference and Exhibition on Electricity Distribution (CIRED 2013), p. 1109. IEEE, Piscataway (2013).  https://doi.org/10.1049/cp.2013.1077
  7. 7.
    OPC Unified Architecture - Part 1: Overview and Concepts. Standard, International Electrotechnical Commission, November 2016Google Scholar
  8. 8.
    Ji, Y., Wen, D., Wang, H., Xia, C.: A logic-based approach to network security risk assessment. In: 2009 ISECS International Colloquium on Computing, Communication, Control, and Management, pp. 9–14. IEEE, September 2009.  https://doi.org/10.1109/CCCM.2009.5267887
  9. 9.
    Lemaire, L., Vossaert, J., Jansen, J., Naessens, V.: Extracting vulnerabilities in industrial control systems using a knowledge-based system. In: 3rd International Symposium for ICS & SCADA Cyber Security Research 2015. Electronic Workshops in Computing, BCS Learning & Development Ltd (2015).  https://doi.org/10.14236/ewic/ICS2015.1
  10. 10.
    ONF: Of-config 1.2 - openflow management and configuration protocol - onf ts-016. Tech. rep., Open Networking Foundation (2014). https://www.opennetworking.org/images/stories/downloads/sdn-resources/onf-specifications/openflow-config/of-config-1.2.pdf
  11. 11.
    Ou, X., Govindavajhala, S., Appel, A.W.: Mulval: a logic-based network security analyzer. In: Proceedings of the 14th Conference on USENIX Security Symposium, vol. 14. USENIX Association, Berkeley, CA, USA (2005). http://dl.acm.org/citation.cfm?id=1251398.1251406
  12. 12.
  13. 13.
    Rakshit, A., Ou, X.: A host-based security assessment architecture for industrial control systems. In: 2nd International Symposium on Resilient Control Systems, pp. 13–18. IEEE (2009).  https://doi.org/10.1109/ISRCS.2009.5251378
  14. 14.
    Rosen, R., von Wichert, G., Lo, G., Bettenhausen, K.D.: About the importance of autonomy and digital twins for the future of manufacturing (2015).  https://doi.org/10.1016/j.ifacol.2015.06.141
  15. 15.
    Schmidt, N., Lüder, A.: AutomationML in a Nutshell. AutomationML - The Glue for Seamless Automation Engineering, November 2015Google Scholar
  16. 16.
    Wolf, J., Wieczorek, F., Schiller, F., Hansch, G., Wiedermann, N., Hutle, M.: Adaptive modelling for security analysis of networked control systems. In: Proceedings of the 4th International Symposium for ICS & SCADA Cyber Security Research 2016. BCS Learning & Development Ltd., Swindon, UK (2016)Google Scholar
  17. 17.
    Zhang, S., Ou, X., Homer, J.: Effective network vulnerability assessment through model abstraction. In: Holz, T., Bos, H. (eds.) DIMVA 2011. LNCS, vol. 6739, pp. 17–34. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-22424-9_2CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Florian Patzer
    • 1
  • Ankush Meshram
    • 2
  • Pascal Birnstill
    • 1
  • Christian Haas
    • 1
  • Jürgen Beyerer
    • 1
    • 2
  1. 1.Fraunhofer Institute of Optronics, System Technologies and Image Exploitation (IOSB)KarlsruheGermany
  2. 2.Vision and Fusion Laboratory (IES)Karlsruhe Institute of Technology (KIT)KarlsruheGermany

Personalised recommendations