Abstract
The fact that modern Networked Industrial Control Systems (NICS) depend on Information and Communication Technologies (ICT) is well known. Although many studies have focused on the security of NICS, today we still lack a proper understanding of the impact that network design choices have on the resilience of NICS, e.g., a network architecture using VLAN segmentation. In this paper we investigate the impact of process control network segmentation on the resilience of physical processes. We consider an adversary capable of reprogramming the logic of control hardware in order to disrupt the normal operation of the physical process. Our analysis that is based on the Tennessee-Eastman chemical process proves that network design decisions significantly increase the resilience of the process using as resilience metric the time that the process is able to run after the attack is started, before shutting down. Therefore a resilience-aware network design can provide a tolerance period of several hours that would give operators more time to intervene, e.g., switch OFF devices or disconnect equipment in order to reduce damages.
Keywords
- network segmentation
- cyber-physical
- resilience
- security
Download conference paper PDF
References
dos Anjos, I., Brito, A., Pires, P.M.: A model for security management of SCADA systems. In: Proceedings of IEEE International Conference on Emerging Technologies and Factory Automation, pp. 448–451 (2008)
Boyer, S.: Supervisory Control And Data Acquisition. International Society of Automation, USA (2010)
Cárdenas, A., Amin, S., Lin, Z.S., Huang, Y.L., Huang, C.-Y., Sastry, S.: Attacks against process control systems: Risk assessment, detection, and response. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, pp. 355–366 (2011)
Chen, M., Nolan, C., Wang, X., Adhikari, S., Li, F., Qi, H.: Hierarchical utilization control for real-time and resilient power grid. In: Proceedings of the 21st Euromicro Conference on Real-Time Systems, pp. 66–75 (2009)
Downs, J.J., Vogel, E.F.: A plant-wide industrial process control problem. Computers & Chemical Engineering 17(3), 245–255 (1993)
Drummond, D.: A new approach to China (2010), http://googleblog.blogspot.com/2010/01/new-approach-to-china.html
East, S., Butts, J., Papa, M., Shenoi, S.: A taxonomy of attacks on the DNP3 protocol. IFIP AICT, vol. 311, pp. 67–81 (2009)
Falliere, N., Murchu, L.O., Chien, E.: W32.stuxnet dossier (2010), http://www.wired.com/images_blogs/threatlevel/2010/11/w32_stuxnet_dossier.pdf
Genge, B., Fovino, I.N., Siaterlis, C., Masera, M.: Analyzing cyber-physical attacks on networked industrial control systems. In: Critical Infrastructure Protection, pp. 167–183 (2011)
Ji, K., Wei, D.: Resilient control for wireless networked control systems. Journal of Control, Automation, and Systems 9(2), 285–293 (2011)
Fovino, I.N., Carcano, A., Masera, M., Trombetta, A.: An experimental investigation of malware attacks on SCADA systems. Journal of Critical Infrastructure Protection 2(4), 139–145 (2009)
Pal, O., Saiwan, S., Jain, P., Saquib, Z., Patel, D.: Cryptographic key management for SCADA system: An architectural framework. In: Proceedings of International Conference on Advances in Computing, Control, & Telecommunication Technologies, pp. 169–174 (2009)
Ricker, N.: Tennessee Eastman challenge archive (2002), http://depts.washington.edu/control/LARRY/TE/download.html
Siemens: Security concept pcs 7 and wincc - basic document (2008), http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=26462131&caller=view
Sozio, J.: Intelligent parameter adaptation for chemical processes. Master’s thesis, Virginia Polytechnic Institute and State University, USA (1999)
Wei, D., Ji, K.: Resilient industrial control system (RICS): Concepts, formulation, metrics, and insights. In: Proceedings of the 3rd International Symposium on Resilient Control Systems, pp. 15–22 (2010)
White, B., Lepreau, J., Stoller, L., Ricci, R., Guruprasad, S., Newbold, M., Hibler, M., Barb, C., Joglekar, A.: An integrated experimental environment for distributed systems and networks. In: Proceedings of the 5th Symposium on Operating Systems Design and Implementation, pp. 255–270 (2002)
Zhu, Q., Wei, D., Başar, T.: Secure routing in smart grids. In: Workshop on Foundations of Dependable and Secure Cyber-Physical Systems (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Genge, B., Siaterlis, C. (2012). An Experimental Study on the Impact of Network Segmentation to the Resilience of Physical Processes. In: Bestak, R., Kencl, L., Li, L.E., Widmer, J., Yin, H. (eds) NETWORKING 2012. NETWORKING 2012. Lecture Notes in Computer Science, vol 7289. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30045-5_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-30045-5_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30044-8
Online ISBN: 978-3-642-30045-5
eBook Packages: Computer ScienceComputer Science (R0)
