ICS & SCADA Cyber Security

This paper analyzes the security requirements and constraints in ICS/BACS and proposes the Hybrid Access Decision Architecture (HADA) to allow for interoperability between centralized and distributed access control methods. While a central party is in control of policy specification, the system also allows for the deployment of lightweight and compact access control policies to the target devices so that access control decisions can take place in a distributed manner. Our prototype that is based on 6LoWPAN/CoAP IP protocols and binary JSON access control policies shows the feasibility of our approach.

With the increasing threat of sophisticated attacks on critical infrastructures, it is vital that forensic investigations take place immediately following a security incident. This paper presents an existing SCADA forensic process model and proposes a structured SCADA forensic process model to carry out a forensic investigations. A discussion on the limitations of using traditional forensic investigative processes and the challenges facing forensic investigators. Furthermore, flaws of existing research into providing forensic capability for SCADA systems are examined in detail. The study concludes with an experimentation of a proposed SCADA forensic capability architecture on the Siemens S7 PLC. Modifications to the memory addresses are monitored and recorded for forensic evidence. The collected forensic evidence will be used to aid the reconstruction of a timeline of events, in addition to other collected forensic evidence such as network packet captures.

This paper presents a set of attacks against SCADA control systems. The attacks are grouped into 4 classes; reconnaissance, response and measurement injection, command injection and denial of service. The 4 classes are defined and each attack is described in detail. The response and measurement injection and command injection classes are subdivided into sub-classes based on attack complexity. Each attack described in this paper has been exercised against industrial control systems in a laboratory setting.

Nations around the world rely on the correct and continued functioning of industrial control systems (ICS) to keep economiesmoving and provide critical services such as electricity and cleanwater. This paper provides an analysis of the current threat landscape facing ICS. Discussion is provided on the actors involved, their motivations, and specific attack vectors they may use to reach their goals.

Security requirements for process control systems can be viewed as a social construct derived from the culture and society within which the requirement is said to exist. To capture and understand these requirements we need to make use of a formal reasoning system that supports a rigorous deductive process. Socio—Technical Systems thinking offers us the ability to express the wider socio—context within which an ICT system can be said to operate. In this paper we will extend the π-calculus model of actions via the creation of role logic. Then via the application of responsibilitymodelling and role logic we will demonstrate how a model of a Socio—Technical process control system can be created and analysed so as to identify critical dependancies.

In this paper, we address the problem of securing an existing or new host machine with on-demand integrity measurement solution to offer a fresh and trusted VM whenever some illegitimate changes are detected in the current VM. The solution is targeted at smaller devices with a limited number of VMs and customers per device. It also assumes VMs to be rather stable and does not use virtual TPMs. Thus, it focuses on secure virtualization in critical environments, automation, or industry control systems.

Supervisory control and Data Acquisition (SCADA) systems play a core role in a nation’s critical infrastructure, overseeing the monitoring and control of systems in electricity, gas supply, logistics services, banks and hospitals. SCADA systems were once separated from other networks and used proprietary communications protocols, hardware and software. Nowadays modern SCADA systems are increasingly directly or indirectly connected to the Internet, use standardised protocols and commercial-off-the-shelf hardware and software. Attacks on these systems have the potential for devastating consequences and attribution of attacks against SCADA systems presents new challenges. This paper investigates the use of techniques to attribute cyber attacks against SCADA systems.We investigate the use of five known technical attribution techniques in SCADA systems.

The analysis of security policies designed for ICS and SCADA can benefit significantly from the adoption of automatic/semi-automatic software tools that are able to work at a global (system) level. This implies the availability of a suitablemodel of the system, which is able to combine the abstractions used in the definition of policies with the access control and right management mechanisms usually present in the real system implementation. This paper introduces a modeling framework based on the Role Based Access Control (RBAC) technique that includes all the elements needed to support different kinds of automatic security analyses such as policy coherence checks and verifications of correct implementation of policies.

This work provides an overview of the literature regarding the key issues faced by engineers attempting to secure industrial control systems, appraises work done to integrate cyber security into the systems engineering process and puts forward recommendations for the future of security-aware systems engineering through the extension of SysML to incorporate a Security viewpoint on the model. These recommendations include the presentation of a novel threat model profile that forms the basis of the SysML extensions.

To enable researchers to perform network security experiments while taking into account the physical component of ICS networks, we propose the use of the ICS sandbox. The ICS sandbox uses the proven virtualized cluster approach to emulate SCADA networks with high fidelity. The virtualized cluster is interfaced with an electrical power flow simulator to integrate the physical component of an ICS network controlling electrical grid critical infrastructure without imposing scale constraints. Parts of the proposed sandbox were validated in a training session offered to industry professionals where a satisfaction survey indicated that hands-on session with the ICS sandbox provided significant training value to the participants that could not have been obtained in traditional training.

The ongoing convergence of Industrial Control Systems (ICSs) with the Internet introduces many challenges from security perspective. Particularly, the smart energy grid as large ICS and critical infrastructure, requires especial protection as the consequences of its failure can be severe. However, even a careful system design cannot prevent all attacks in advance. For this reason, the smart grid requires an additional line of defence that can be provided by a Collaborative Intrusion Detection System (CIDS) to detect unknown and ongoing attacks. In this paper, we describe the requirements to a CIDS for deployment in the smart grid. Furthermore, we discuss the design choices for such a system and summarize the arising challenges in the deployment of CIDSs in smart grids as well as present initial ideas to address them.

SCADA (Supervisory Control And Data Acquisition) systems have always been susceptible to cyber-attacks. Different types of cyber-attacks could occur depending on the architecture and configurations used in the SCADA system. To protect cyber infrastructure from above attacks a growing collaborative effort between cyber security professionals and researchers from private and academia has involved in designing variety of intelligent intrusion detection systems. This paper introduces a new European Framework-7 project CockpitCI and roles of intelligent machine learning methods to prevent SCADA systems from cyber-attacks.

This paper outlines a general framework for future research into the real-time cyber security assessments of industrial control systems (ICSs). A proof-of-concept real-time assessment framework is also introduced.