Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us
Search
Cart
Book cover

International Conference on Research in Networking

NETWORKING 2012: NETWORKING 2012 pp 121–134Cite as

  1. Home
  2. NETWORKING 2012
  3. Conference paper
An Experimental Study on the Impact of Network Segmentation to the Resilience of Physical Processes

An Experimental Study on the Impact of Network Segmentation to the Resilience of Physical Processes

  • Béla Genge20 &
  • Christos Siaterlis20 
  • Conference paper
  • 1946 Accesses

  • 10 Citations

Part of the Lecture Notes in Computer Science book series (LNCCN,volume 7289)

Abstract

The fact that modern Networked Industrial Control Systems (NICS) depend on Information and Communication Technologies (ICT) is well known. Although many studies have focused on the security of NICS, today we still lack a proper understanding of the impact that network design choices have on the resilience of NICS, e.g., a network architecture using VLAN segmentation. In this paper we investigate the impact of process control network segmentation on the resilience of physical processes. We consider an adversary capable of reprogramming the logic of control hardware in order to disrupt the normal operation of the physical process. Our analysis that is based on the Tennessee-Eastman chemical process proves that network design decisions significantly increase the resilience of the process using as resilience metric the time that the process is able to run after the attack is started, before shutting down. Therefore a resilience-aware network design can provide a tolerance period of several hours that would give operators more time to intervene, e.g., switch OFF devices or disconnect equipment in order to reduce damages.

Keywords

  • network segmentation
  • cyber-physical
  • resilience
  • security

Download conference paper PDF

References

  1. dos Anjos, I., Brito, A., Pires, P.M.: A model for security management of SCADA systems. In: Proceedings of IEEE International Conference on Emerging Technologies and Factory Automation, pp. 448–451 (2008)

    Google Scholar 

  2. Boyer, S.: Supervisory Control And Data Acquisition. International Society of Automation, USA (2010)

    Google Scholar 

  3. Cárdenas, A., Amin, S., Lin, Z.S., Huang, Y.L., Huang, C.-Y., Sastry, S.: Attacks against process control systems: Risk assessment, detection, and response. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, pp. 355–366 (2011)

    Google Scholar 

  4. Chen, M., Nolan, C., Wang, X., Adhikari, S., Li, F., Qi, H.: Hierarchical utilization control for real-time and resilient power grid. In: Proceedings of the 21st Euromicro Conference on Real-Time Systems, pp. 66–75 (2009)

    Google Scholar 

  5. Downs, J.J., Vogel, E.F.: A plant-wide industrial process control problem. Computers & Chemical Engineering 17(3), 245–255 (1993)

    CrossRef  Google Scholar 

  6. Drummond, D.: A new approach to China (2010), http://googleblog.blogspot.com/2010/01/new-approach-to-china.html

  7. East, S., Butts, J., Papa, M., Shenoi, S.: A taxonomy of attacks on the DNP3 protocol. IFIP AICT, vol. 311, pp. 67–81 (2009)

    Google Scholar 

  8. Falliere, N., Murchu, L.O., Chien, E.: W32.stuxnet dossier (2010), http://www.wired.com/images_blogs/threatlevel/2010/11/w32_stuxnet_dossier.pdf

  9. Genge, B., Fovino, I.N., Siaterlis, C., Masera, M.: Analyzing cyber-physical attacks on networked industrial control systems. In: Critical Infrastructure Protection, pp. 167–183 (2011)

    Google Scholar 

  10. Ji, K., Wei, D.: Resilient control for wireless networked control systems. Journal of Control, Automation, and Systems 9(2), 285–293 (2011)

    CrossRef  Google Scholar 

  11. Fovino, I.N., Carcano, A., Masera, M., Trombetta, A.: An experimental investigation of malware attacks on SCADA systems. Journal of Critical Infrastructure Protection 2(4), 139–145 (2009)

    CrossRef  Google Scholar 

  12. Pal, O., Saiwan, S., Jain, P., Saquib, Z., Patel, D.: Cryptographic key management for SCADA system: An architectural framework. In: Proceedings of International Conference on Advances in Computing, Control, & Telecommunication Technologies, pp. 169–174 (2009)

    Google Scholar 

  13. Ricker, N.: Tennessee Eastman challenge archive (2002), http://depts.washington.edu/control/LARRY/TE/download.html

  14. Siemens: Security concept pcs 7 and wincc - basic document (2008), http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=26462131&caller=view

  15. Sozio, J.: Intelligent parameter adaptation for chemical processes. Master’s thesis, Virginia Polytechnic Institute and State University, USA (1999)

    Google Scholar 

  16. Wei, D., Ji, K.: Resilient industrial control system (RICS): Concepts, formulation, metrics, and insights. In: Proceedings of the 3rd International Symposium on Resilient Control Systems, pp. 15–22 (2010)

    Google Scholar 

  17. White, B., Lepreau, J., Stoller, L., Ricci, R., Guruprasad, S., Newbold, M., Hibler, M., Barb, C., Joglekar, A.: An integrated experimental environment for distributed systems and networks. In: Proceedings of the 5th Symposium on Operating Systems Design and Implementation, pp. 255–270 (2002)

    Google Scholar 

  18. Zhu, Q., Wei, D., Başar, T.: Secure routing in smart grids. In: Workshop on Foundations of Dependable and Secure Cyber-Physical Systems (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute for the Protection and Security of the Citizen, Joint Research Centre, Via E. Fermi, 21027, Ispra, Italy

    Béla Genge & Christos Siaterlis

Authors
  1. Béla Genge
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Christos Siaterlis
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Telecommunications Engineering, Czech Technical University in Prague, Technicka 2, 166 27, Prague 6, Czech Republic

    Robert Bestak & Lukas Kencl & 

  2. Alcatel-Lucent, Bell Labs, 600 Mountain Avenue, 07974-0636, Murray Hill, NJ, USA

    Li Erran Li

  3. Instituto IMDEA Networks, Avenida del Mar Mediterraneo 22, Leganes, 28918, Madrid), Spain

    Joerg Widmer

  4. Tsinghua-ChinaCache Joint Laboratory, Tsinghua University, FIT 3-429, Haidian District, 100016, Beijing, China

    Hao Yin

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 IFIP International Federation for Information Processing

About this paper

Cite this paper

Genge, B., Siaterlis, C. (2012). An Experimental Study on the Impact of Network Segmentation to the Resilience of Physical Processes. In: Bestak, R., Kencl, L., Li, L.E., Widmer, J., Yin, H. (eds) NETWORKING 2012. NETWORKING 2012. Lecture Notes in Computer Science, vol 7289. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30045-5_10

Download citation

  • .RIS
  • .ENW
  • .BIB
  • DOI: https://doi.org/10.1007/978-3-642-30045-5_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-30044-8

  • Online ISBN: 978-3-642-30045-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Search

Navigation

  • Find a journal
  • Publish with us

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support

167.114.118.210

Not affiliated

Springer Nature

© 2023 Springer Nature