Review of KIISC (정보보호학회지)

Korea Institute of Information Security and Cryptology (한국정보보호학회)
권호 표지

Cyber Security Approaches for Industrial Control Networks

  • Published : 2016.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

Critical infrastructure (CI) such as the electrical grid, transportation systems and water resource systems are controlled by Industrial Control and SCADA (Supervisory Control and Data Acquisition) networks. During the last few years, cyber attackers have increasingly targeted such CI systems. This is of great concern because successful attacks have wide ranging impact and can cause widespread destruction and loss of life. As a result, there is a critical requirement to develop enhanced algorithms and tools to detect cyber threats for SCADA networks. Such tools have key differences with the tools utilized to detect cyber threats in regular IT networks. This paper discusses key factors which differentiate network security for SCADA networks versus regular IT networks. The paper also presents various approaches used for SCADA security and some of the advancements in the area.

Keywords

References

  1. Barbosa, Rafael Ramos Regis, Ramin Sadre, and Aiko Pras. "Flow whitelisting in SCADA networks." International journal of critical infrastructure protection 6, no. 3 (2013): 150-158. https://doi.org/10.1016/j.ijcip.2013.08.003
  2. Barbosa, Rafael Ramos Regis, "Anomaly detection in SCADA systems: a network based approach," University of Twente, 2014.
  3. Ahmed, Irfan, Sebastian Obermeier, Martin Naedele, and Golden G. Richard III. "SCADA systems: Challenges for forensic investigators." Computer 45, no. 12 (2012): 44-51 https://doi.org/10.1109/MC.2012.325
  4. Galloway, Brendan and Gerhard P. Hancke. "Introduction to industrial control networks." Communications Surveys & Tutorials, IEEE 15, no. 2 (2013): 860-880. https://doi.org/10.1109/SURV.2012.071812.00124
  5. Goldenberg, Niv, and Avishai Wool. "Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems." International Journal of Critical Infrastructure Protection 6, no. 2 (2013): 63-75. https://doi.org/10.1016/j.ijcip.2013.05.001
  6. Cid, Daniel B. "Log Analysis using OSSEC." Accessed Nov., 21st, 2014. http://www. ossec.net/ossec-docs/auscert-2007-dcid.pdf (2007).
  7. Mantere, Matti, Mirko Sailio, and Sami Noponen. "A module for anomaly detection in ICS networks." In Proceedings of the 3rd international conference on High confidence networked systems, pp. 49-56. ACM, 2014.
  8. Snort.org, https://www.snort.org, Accessed Nov. 30th, 2016
  9. Suricata.org, https://suricata-ids.org, Accessed Nov. 30th, 2016
  10. Bro.org "https://www.bro.org", Accessed November 30th,2016
  11. Stouffer, Keith, Joe Falco, and Karen Scarfone. "Guide to industrial control systems (ICS) security." NIST special publication (2011): 800-82.
  12. Quickdraw, http://www.digitalbond.com/tools/quickdraw, Accessed Nov. 30th, 2016
  13. Knapp, Eric. "Industrial network security: securing critical infrastructure networks for Smart Grid, SCADA, and other industrial control systems." Elsevier, 2011.
  14. Peterson, Dale. Blog. "ICS Protocols Make New GE D20 RTU Still Insecure By Design," http://www.digitalbond.com/blog/2013/08/22/icsprotocols-make-new-ge-d20-rtu-still-insecure-bydesign/, Accessed Nov., 7th, 2014.
  15. Tofino Security. "Tofino Argon Security Appliance." https://www.tofinosecurity.com/sites/default/files/DS-TSA-ARGON.pdf, Accessed Nov., 29th, 2016.
  16. Secure Crossing. "Zenwall-5," http://www.securecrossing.com/our-products/zenwall-5/, Accessed Dec., 1st, 2014.
  17. Tenable Network Security "Protecting Critical Infrastructure: SCADA Network Security Monitoring." http://www.tenable.com/whitepapers, Accessed Dec., 2nd, 2014
  18. Tenable Network Security. "Plugins: SCADA". .http://www.tenable.com/plugins/index.php?view=all&family=SCADA, Accessed November 29th, 2016
  19. OpenVAS.org "About OpenVAS." Accessed November., 29th, 2016. http://www.openvas.org/about.html.
  20. wireshark.org "Dissector for ICCP/TASE.2." https://ask.wireshark.org/questions/19908/dissectorfor-iccptase2, Accessed Nov., 29th, 2016.
  21. Netresec "SCADA Network Forensics with IEC-104." Accessed Dec., 8th, 2014. http://www.netresec.com/?page=Blog&month=2012-08&post=SCADA-Network-Forensics-with-IEC-104
  22. Alien Vault OSSIM, https://www.alienvault.com/products/ossim Accessed November 30th,2016
  23. SmartFlow Anomaly Detection for SCADA - Solana Networks, "/www.solananetworks.com/products/smartflow", Accessed November 29th,2016.
  24. Solana enhances Suricata Open Source Intrusion Detection System (IDS), "http://www.solananetw orks.com/news/2015/09/03/solana-enhances-suric ata-open-source-intrusion-detection-system-ids-support" Accessed November., 29th, 2016.