DOCSLIB.ORG

Hybrid-IDS-Based-On-ISA95

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Hybrid-IDS-Based-On-ISA95 A hybrid intrusion detection system in industry 4.0 based on ISA95 standard Salwa Alem, David Espes, Eric Martin, Laurent Nana, Florent de Lamotte To cite this version: Salwa Alem, David Espes, Eric Martin, Laurent Nana, Florent de Lamotte. A hybrid intrusion detection system in industry 4.0 based on ISA95 standard. 2020. hal-02506109v2 HAL Id: hal-02506109 https://hal.archives-ouvertes.fr/hal-02506109v2 Preprint submitted on 8 Oct 2020 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. A hybrid intrusion detection system in industry 4.0 based on ISA95 standard Salwa Alema;∗, David Espesb, Eric Martina, Laurent Nanab, Florent De Lamottea, aUniversity Bretagne Sud, Lab-STICC (Laboratoire des Sciences et Techniques de l'Information de la Communication et de la Connaissance), Lorient, France bUniversity of Western Brittany, Lab-STICC (Laboratoire des Sciences et Techniques de l'Information, de la Communication et de la Connaissance), Brest, France Abstract—Today with the emergence of an industrial In recent years, industries have been victims of attacks information system in industry of the future which includes the that came from the IT world and spread to the OT world connection between all trades, applications and the converged such as Stuxnet in Iran, Slammer in US, Shamoon in Saudi technologies between information technology and operational technology, cybersecurity has become urgent. Industrial Arabia, and Black energy in Ukraine [21]. Unfortunately, the Intrusion Detection System are no longer sufficient to counter OT world today does not have all the tools necessary to cyberattacks because of their natures, which is usually misuse, protect itself. Until now factories have mainly used firewalls and are unable to detect attacks that target the application as protection mechanisms that enforce access control. While layer of the Open Systems Interconnection model. Therefore, these mechanisms are very useful to restrict access to or from cybersecurity in industrial systems adopts known information technology security solutions, such as an Intrusion Detection some parts of the network, they cannot detect attacks. System which has to be modified, completed and adapted to Factories mainly use misuse IDS such as Suricata and Snort work in industrial field. We propose to deepen this approach as detection mechanisms. Their approach consists of searching by developing an adapted IDS to monitor industrial systems for the activity of the monitored element among known against illegitimate access and detect abnormal activities. For signatures attacks. The main advantage of this approach is this purpose, we expose in this paper our efficient hybrid intrusion detection solution based on International Society of that it allows the separation of the software from the signatures Automation 95 standard and neural network. Our research database, thus the update can be done independently. However, work is focused on Manufacturing Executive System which its major disadvantages are that the hackers can change these represents the central and main element in industry. signatures. Therefore, they are no longer recognized by the IDS. They need a daily update and the detect only previously Keywords: Industry 4.0, cyber physical system (CPS), intrusion detection system (IDS), ISA95, artificial intelligence. known attacks. In addition, this detection system depends on the quality of the signatures database. Both of Snort and I. INTRODUCTION Suricata have their specific limitations which discouraged us to use them. For instance, Snort is not suitable with high-speed Industry 4.0 is faced with several challenges which are networks, its decoders are limited, and its signatures base is summarized as flexibility, agility and corporate social responsi- unreliable [2]. Another kind of IDS is the behavioral one which bility requirements (CSR). The advent of this fourth industrial is used primarily in the IT world. Its implementation always generation means that all devices are connected and open to requires a learning phase during which it learns the normal the outside world, most data is deported and stored in media behavior of the monitored elements. Any other activity that other than the usual local hard drive such as in the Cloud, deviates from the normal behavior learned is considered as and the information technology (IT) world is specifically abnormal. The main added value of these IDS is the fact connected to the operational technology (OT) world. This that they detect unknown attacks like Zero-day attacks[22]. convergence is performed through the manufacturing executive The disadvantages of this technique are that it does not system (MES). The MES is the industrial management system assess the degree of criticality of the attack. In addition, with that bridges the gap between the information system (IS) at the this behavioral IDS it is difficult to define normal behavior top level of the factory, namely enterprise resource planning especially in the IT world which changes all the time. Because (ERP) and the field level called the automation systems of this last disadvantage, it generates a lot of false positives. [1]. It centralizes all information concerning the production, There some IDS which are both misuse and behavioral such maintenance, stock and products quality. Now that this border as Bro but the problem with Bro the fact that it is difficult is open, any attacks made in the past in the IT world can be to set up and configure because of its used scripting language replayed in the OT world. The notion of cybersecurity has and the need to have a solid knowledge in UNIX environment become an urgent need in industry of the future. to handle it [2]. *Corresponding author. For all of the elements previously mentioned and thanks to Email address: [email protected] MESA model (see Fig 1) that gives us a succession of transac- tions, step by step at the physical level, to realize a production for detecting intrusions. As for IDS, their main function is order (PO), we can easily define a reference behavior on which the attacks detection using either the misuse approach or the a hybrid IDS can be based. This model defines a general behavioral approach. request-response cycle that starts with requests or schedules, To be effective, both of them have to work in a complemen- converts them into a work schedule, dispatches work according tary way to each other. Firewalls represent the first security to the schedule, manages the execution of work, collects data barrier allowing control access and IDS strengthens further and converts the collected data back into responses [3]. security by analyzing flows authorized by firewalls. An IDS Our approach is composed of two steps. The first step is are mainly used in the IT world due to their working process our semantic IDS based on the MESA model which enables that we will explain later in this section. IDS can be classified the first of verification by checking the anomalies related according to the approach used in two kinds of IDS: either to the execution of the PO at the application level of the misuse or behavioral. industrial information system (IIS) and not at the machine • Misuse IDS is based on a set of attack descriptions, also (field level). By studying this model, our proposed IDS can called attack signatures [11]. It consists of defining attack detect 13 anomalies. In the second step, we use network scenarios and looking for traces of these scenarios. It traffic to train our neural network. Hence, we are able to uses either the machine log and this is called HIDS (Host distinguish anomalies from a real intrusion and reduce false Intrusion Detection System), or NIDS (Network Intrusion positives thanks to MESA model which takes into account Detection System). Misuse IDS are the most commonly several anomalies related to the equipment maintenance or used in industry. the stock for example. The paper is organized as follows. • Behavioral IDS relates to models of the normal behavior Section 1 provides a context and positioning of our research of a computer system [12]. The principle of this approach work. Section 2 discusses related works. Section 3 presents is to define a behavior reference representing the normal our approach including its two steps. Section 4 explains the behavior, then any activity which deviates from this experimentation environment and illustrates results. The paper reference behavior is considered as an intrusion. is completed by a conclusion and perspectives. Due to the MESA Model, using a behavioral IDS is now II. CONTEXT AND POSITIONING possible. This model is an abstract model of an industry A. Research work positioning including management and execution functions, different ac- tivities allowing the planning and execution of a PO and Today’s industries need a strong security strategy. Firewalls the various information exchanges between these activities. and antivirus protection are not enough efficient to protect Therefore, the planning and execution of a PO follow an against elaborate attacks. Their protection abilities are very accurate model that is considered by behavioral IDS as a limited and allow only the access control. Misuses IDS are reference. This model is explained in details in the next limited because of their inability to detect attacks that do not section. belong to their signature databases. For all these reasons, our research focuses on behavioral IDS for overall efficiency going C. TOWARDS AN EFFICIENT IDS BASED ON THE ISA95 up to the application layer using AI techniques.
Load more

Recommended publications
  • Realizing a Digital Enterprise Driven by Standards
    Realizing a Digital Enterprise driven by standards This document refers to the Digital Enterprise as a business that not only creates and uses digital representations of the products and environment in which it operates; but aspires to trace an entire digital thread of its products as digital twins through their product lifecycle. Standards are an axiom for common enterprise understanding and the longevity of the digital thread used in Siemens product lifecycle management (PLM) solutions. These standards-driven solutions cover a breadth of industries, including discrete manufacturing, construction, marine and energy. This document addresses standards used in Siemens products that are principally aimed at discrete manufacturing across a wide range of domains, including auto- motive, aerospace and consumer products. A white paper issued by: Siemens PLM Software www.siemens.com/plm White paper | Realizing a Digital Enterprise driven by standards Contents Executive summary ............................................................3 Facing critical challenges ...................................................4 Background .........................................................................4 Business opportunities .........................................................5 Key considerations ..............................................................6 Strategic standards for the Digital Enterprise ....................7 PLM ....................................................................................7 MOM and automation ........................................................13
    [Show full text]
  • Understanding and Minimizing Your HMI/SCADA System Security Gaps
    GE Digital Understanding and Minimizing Your HMI/SCADA System Security Gaps INTRODUCTION With HMI/SCADA systems advancing SCADA security in context technologically and implementations The International Society of Automation (ISA) production Being at the heart of an operation’s data becoming increasingly complex, some model demonstrates the layered structure of a typical visualization, control and reporting for industry standards have emerged with the operation, and shows that HMI/SCADA security is only one operational improvements, HMI/SCADA goal of improving security. However, part of part of an effective cyber-security strategy. These layers systems have received a great deal the challenge is knowing where to start in of automated solution suites share data, and wherever of attention, especially due to various data is shared between devices, there is a possibility for securing the entire system. unauthorized access and manipulation of that data. This cyber threats and other media-fueled The purpose of this paper is to explain where white paper concentrates on the HMI/SCADA layer, but vulnerabilities. The focus on HMI/SCADA vulnerabilities within a HMI/SCADA system unless other potential weaknesses at other levels are security has grown exponentially, and as a may lie, describe how the inherent security of covered, the operation as a whole remains vulnerable. result, users of HMI/SCADA systems across system designs minimize some risks, outline the globe are increasingly taking steps to some proactive steps businesses can take, protect this key element of their operations. and highlight several software capabilities The HMI/SCADA market has been that companies can leverage to further evolving with functionality, scalability and enhance their security.
    [Show full text]
  • Integration of Sensor and Actuator Networks and the SCADA System to Promote the Migration of the Legacy Flexible Manufacturing System Towards the Industry 4.0 Concept
    Journal of Sensor and Actuator Networks Article Integration of Sensor and Actuator Networks and the SCADA System to Promote the Migration of the Legacy Flexible Manufacturing System towards the Industry 4.0 Concept Antonio José Calderón Godoy ID and Isaías González Pérez * ID Department of Electrical Engineering, Electronics and Automation, University of Extremadura, Avenida de Elvas, s/n, 06006 Badajoz, Spain; [email protected] * Correspondence: [email protected]; Tel.: +34-924-289-600 Received: 16 April 2018; Accepted: 17 May 2018; Published: 21 May 2018 Abstract: Networks of sensors and actuators in automated manufacturing processes are implemented using industrial fieldbuses, where automation units and supervisory systems are also connected to exchange operational information. In the context of the incoming fourth industrial revolution, called Industry 4.0, the management of legacy facilities is a paramount issue to deal with. This paper presents a solution to enhance the connectivity of a legacy Flexible Manufacturing System, which constitutes the first step in the adoption of the Industry 4.0 concept. Such a system includes the fieldbus PROcess FIeld BUS (PROFIBUS) around which sensors, actuators, and controllers are interconnected. In order to establish effective communication between the sensors and actuators network and a supervisory system, a hardware and software approach including Ethernet connectivity is implemented. This work is envisioned to contribute to the migration of legacy systems towards the challenging Industry 4.0 framework. The experimental results prove the proper operation of the FMS and the feasibility of the proposal. Keywords: sensor and actuator network; fieldbuses; industrial communications; Ethernet; flexible manufacturing system; programmable logic controllers (PLC); supervisory control and data acquisition (SCADA); Industry 4.0; Industrial Internet of Things (IIoT) 1.
    [Show full text]
  • A Meta-Model for Leveraging the ISA- 88/95/106 Standards
    A meta-model for leveraging the ISA- 88/95/106 standards Introduction The story began in 1990 with the ISA-88 « Batch control » standard that addresses modular automation for flexible batch processes. It was followed by the ISA-95 « Enterprise – control systems integration » standard that deals with manufacturing operations management (MOPM, MES) and interoperability. The latest ISA-106 “Procedural Automation for Continuous Process Operations” standard tackles procedural control for continuous processes. These standards provide good engineering practices for improving control design for industrial facilities. ISA-88 and ISA-95 are respectively published as international standards IEC61512 and ISO/IEC62264. These standards share genetic concepts due to their consanguinity: many experts have contributed in the three standardization committees, which originated in ISA88. Though their viewpoint, terminology and abstraction level sensibly differ, the way they handle structural and behavioural aspects is relatively consistent, allowing a quite straightforward retro engineering of their implied meta-model. The interest of extracting a common meta-model of these standards is two-fold: - It allows understanding the respective scope of each standard and their overlap. - It makes easier to consider interoperability in the broader architectural approach of enterprise transformation Despite its technical and specialized content, this article may be of interest even for people who are not fluent in the discussed standards, but who could appreciate
    [Show full text]
  • INDUSTRY4.0 TECHNOLOGY BATTLES in MANUFACTURING OPERATIONS MANAGEMENT Non-Technical Dominance Factors for Iiot & MES
    INDUSTRY4.0 TECHNOLOGY BATTLES IN MANUFACTURING OPERATIONS MANAGEMENT non-technical dominance factors for IIoT & MES Master thesis submitted to Delft University of Technology in partial fulfilment of the requirements for the degree of MASTER OF SCIENCE in Management of Technology Faculty of Technology, Policy and Management by ing. Aksel de Vries #1293087 To be defended in public on 09 February 2021. Graduation committee: Chair & First Supervisor: Prof.dr.ir. M.F.W.H.A. Janssen, ICT Second Supervisor: Dr. G. (Geerten) van de Kaa, ET&I Equinoxia Industrial Automation Impressum The cover photo shows the Djoser step pyramid. It was once high-tech and replaced old-school pyramid technology; the ruin in the front. The analogy is to the once high-tech Automation Pyramid: Figure 1: Automation Pyramid as advocated by MESA.org and ISA.org since 1986 A.D. About the author Aksel de Vries (1973) is a Chemical Process Engineer and has been work- ing in the field of Manufacturing Operations Management since 1998. At AspenTech Europe, Aksel delivered training and consultancy during the transition from Computer Integrated Manufacturing (CIM/21, Batch/21, SetCIM, etc.) to Industry4.0 on corporate vertical and horizontal inte- gration, fully leveraging ISA-88 and ISA-95. Aksel works as independent consultant www.equinoxia.eu since 2006 mainly in Biotech Pharma4.0 for System Integrators like Zenith Tech- nologies (now Cognizant) and blue-chip corporations such as DSM, GSK, BioNTech, Kite Pharma / Gilead Sciences, Amgen, Lonza, etc. Copyright © 2021 Equinoxia Industrial Automation, The Netherlands Aksel de Vries EXECUTIVE SUMMARY In 2011, the fourth industrial revolution was announced at the German Hannover Messe.
    [Show full text]
  • The Role of Manufacturing Execution Systems (Mes) in Erp Selection
    IFS EXECUTIVE SUMMARY THE ROLE OF MANUFACTURING EXECUTION SYSTEMS (MES) IN ERP SELECTION Enterprise resource planning (ERP) software is well-understood by most mid-level and senior managers. Fewer understand at a high level manufacturing execution systems (MES). MES is hard to define to begin with because it is an intermediary technology between process automation equipment on the plant floor and ERP software. So let’s define some terms and drive clarity on what MES is, who needs it and how IFS meets the needs of companies who want ERP software with the functional benefits of MES. Common definitions of MES suggest that it: • Tracks and documents the transformation of raw materials into finished goods • Provides information to help business decision-makers understand real-time conditions in their plant to support optimization of operations • Enables control of inputs, personnel, machines and support services APICS, the association for operations management, defines MES as involving: • Direct and supervisory control of equipment • Graphical displays showing what is going on in the plant currently • Gathering quality information, material transactions and traceability information through integration with the production equipment used Most of these needs are satisfied by IFS Applications™. IFS functionality for ERP will provide deep traceability for inputs through inventory and non-inventory quality management tools. Personnel are managed through human resources functionality, and support services from outside the organization are handled through embedded contract management tools. Documents having to do with these various disciplines are handled by native document management functionality that enables any document—be it a material test report or a personnel training record—to be attached to work orders, shop orders, customer orders, recipes; in fact, virtually to any object across the application.
    [Show full text]
  • (SCADA) Systems
    NCS TIB 04-1 NATIONAL COMMUNICATIONS SYSTEM TECHNICAL INFORMATION BULLETIN 04-1 Supervisory Control and Data Acquisition (SCADA) Systems October 2004 OFFICE OF THE MANAGER NATIONAL COMMUNICATIONS SYSTEM P.O. Box 4052 Arlington, VA 22204-4052 Office of the Manager National Communications System October 2004 By Communication Technologies, Inc. 14151 Newbrook Drive, Suite 400 Chantilly, Virginia 20151 703-961-9088 (Voice) 703-961-1330 (Fax) www.comtechnologies.com Supervisory Control and Data Acquisition (SCADA) Systems Abstract The goal of this Technical Information Bulletin (TIB) is to examine Supervisory Control and Data Acquisition (SCADA) systems and how they may be used by the National Communications System (NCS) in support of National Security and Emergency Preparedness (NS/EP) communications and Critical Infrastructure Protection (CIP). An overview of SCADA is provided, and security concerns are addressed and examined with respect to NS/EP and CIP implementation. The current and future status of National, International, and Industry standards relating to SCADA systems is examined. Observations on future trends will be presented. Finally, recommendations on what the NCS should focus on with regards SCADA systems and their application in an NS/EP and CIP environment are presented. i ii Table of Contents Executive Summary.................................................................................................................. ES-1 1.0 Introduction...........................................................................................................................
    [Show full text]
  • The MES Software Solution for Continuous Productivity Efficiency
    The MES software solution for continuous Productivity Efficiency improvement The software solution for collecting and analyzing production data in real-time, to know and anticipate the production system’s weak points and to act on effective decision making to increase productivity and efficiency. 2 MES software technology for open and flexibe architectures Progea offers Pro.Lean© as a MES software solution that interconnects plant floor levels with managerial levels to provide KPI and OEE data, calculate machine downtimes, track and schedule production runs. Every modern company operating in the Industry 4.0 the Overall Equipment Effectiveness (OEE) values to age needs simple and efficient tools to ensure discover the effective connectivity, data collection, aggregation and analysis, efficiency of your production plant. Knowing the with minimum and rapid return of investment (ROI). data makes it easier to imagine how a more efficient The reality of productivity in today’s increasingly production can mean a significant increase in business competitive world, demands efficiency, quality and for any company by investing little. Even a small continuously improving processes according to the increase in performances and loss reductions will earn “Lean Manufacturing” philosophy and Industry 4.0 the company big financial gains. guidelines. Automation systems that manage In addition, data management and interconnections to manufacturing production can only be optimized by managerial systems, within a Industry 4.0 framework, having adequate real-time data. The permit you to digitalize production processes, reduce Movicon.NExT™ errors and machine downtimes. Other functions such as Pro.Lean© module offers maximum efficiency and uses production Traceability, Scheduling and Maintenance, Progea’s vast experience in the industrial automation make the Pro.Lean solution open and adaptable to any software sector.
    [Show full text]
  • SCADA System Design Standards
    SCADA System Design Standards Prepared By Lake Havasu City, Arizona 2019 Table of Contents Glossary 1.0 Introduction. 2.0 Programmable Logic Controllers (PLC). 2.1 General 2.2 Hardware . 23 Software... 3.0 Operator Interface Terminal (OIT) 3.1 General 3.2 Hardware . 3.3Software. 4.0 Radio and Telemetry Equipment 10 4.1 General . 10 4.2 Hardware .10 4.3 Software.. 10 5.0 Control system networking 11 5.1 General 1 1 5.2 Hardware 1 1 6.0 Computer Hardware .13 6.1 Server 13 6.2 Workstation 13 6.3 Monitor 7.0 UPS. 7.1 Indoor Workstation 7.2OutdoorRemotestations . Figures 1.1 Allen‐Bradley ControlLogix PLC 1.2 Allen‐Bradley CompactLogix PLC 1.3 Example Control System Network Diagram for Typical Installation Tables 1.1 Allen‐Bradley Logix PLC Platform Comparison Glossary AB Allen‐Bradley Rockwell Automation AES Advance Encryption Standard APC American Power Conversion Corporation BOM ‐ Bill of Materials DI ‐ Device Integration ENC ‐ ESTeem Network Configuration FBD ‐ Function Block Programming Language FCC ‐ Federal Communication Commission HMI Human Machine Interface IEEE ‐ Institute of Electrical and Electronics Engineers I/O ‐ Input/Output LAN ‐ Local Area Network LD ‐ Ladder Logic Programming Language I‐HC ‐ Lake Havasu City LM ‐ Lean Managed OIT ‐ Operator Interface Terminal OS ‐ Operating System PLC ‐ Programmable Logic Controller POE ‐ Power over Ethernet 3 RIO ‐ Remote Input/Output RSTP ‐ Rapid Spanning Tree Protocol RTD ‐ Resistance Temperature Detector RTU ‐ Remote Terminal Unit SCADA Supervisory Control and Data Acquisition SFC Sequential Function Chart Programming Language ST ‐ Structured Text Programming Language ST (Fiber) ‐ Straight Tip Fiber Connector UPS Uninterruptable Power Supply VHF Very High Frequency VI‐AN ‐ Virtual Local Area Network VM ‐ Virtual Machine WAN ‐ Wide Area Network WWTP ‐ Waste Water Treatment Plant 4 1.0 Introduction The water and wastewater facilities have been constructed over several years by different integrators and contractors, each with their own approach to control system design and philosophies.
    [Show full text]
  • Possilibities of Control and Information Systems Integration Within Industrial Applications Area
    1. Peter PENIAK, 2. Mária FRANEKOVÁ, 3.Peter LÜLEY POSSILIBITIES OF CONTROL AND INFORMATION SYSTEMS INTEGRATION WITHIN INDUSTRIAL APPLICATIONS AREA 1‐2. UNIVERSITY OF ŽILINA, FACULTY OF ELECTRICAL ENGINEERING, DEPT. OF CONTROL & INFORMATION SYSTEMS, ŽILINA, SLOVAKIA 3. EVPÚ A. S., TRENČIANSKA 19, 018 51 NOVÁ DUBNICA, SLOVAKIA ABSTRACT: This article is devoted to possibilities of control systems and information systems integration for industrial applications with the focus on nowadays trends in application of technology implementation in manufacturing facilities. Alternatives of implementations on process virtualization and with open interfaces are described in detail, mostly OPC, which is supported by experiences with implementation of this technology in company Continental, a.s. Púchov, Slovak Republic. KEYWORDS: control system, information system, SCADA, MES, ERP, virtualization, OPC INTRODUCTION Information systems of nowadays companies are based mostly on ERP systems (Enterprise Resource Planning) which allow control of corporate resources and processes. Their primarily functions are to maintain basic functions of company. These functions are [1]: enterprise resource planning, financial management, purchase, human resources management, logistics, production planning, support of maintenance and quality management. It is possible to implement these system independently form the level of automation in production process on procedural and operator level. Control of production machinery, production lines and units is provided through separate control systems of separate producers of machinery DCS (Distributed Control System). Integration of information systems and control systems is natural consequence of the need for advanced control of company’s resources and overall optimization of the production process in terms of productivity and production efficiency. A typical requirement of integration includes support for information exchange between information system and control systems.
    [Show full text]
  • International Standard Iec Cei Norme Internationale
    This preview is downloaded from www.sis.se. Buy the entire standard via https://www.sis.se/std-572708 INTERNATIONAL IEC STANDARD CEI 62264-3 NORME First edition INTERNATIONALE Première édition 2007-06 Enterprise-control system integration – Part 3: Activity models of manufacturing operations management Intégration du système de commande d’entreprise – Partie 3: Modèles d’activités pour la gestion des opérations de fabrication Reference number Numéro de référence IEC/CEI 62264-3:2007 Copyright © IEC, 2007, Geneva, Switzerland. All rights reserved. Sold by SIS under license from IEC and SEK. No part of this document may be copied, reproduced or distributed in any form without the prior written consent of the IEC. This preview is downloaded from www.sis.se. Buy the entire standard via https://www.sis.se/std-572708 THIS PUBLICATION IS COPYRIGHT PROTECTED Copyright © 2007 IEC, Geneva, Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or your local IEC member National Committee for further information. Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie et les microfilms, sans l'accord écrit de la CEI ou du Comité national de la CEI du pays du demandeur.
    [Show full text]
  • Framework for SCADA Security Policy Dominique Kilman Jason Stamp [email protected] [email protected] Sandia National Laboratories Albuquerque, NM 87185-0785
    1 Framework for SCADA Security Policy Dominique Kilman Jason Stamp [email protected] [email protected] Sandia National Laboratories Albuquerque, NM 87185-0785 Abstract – Modern automation systems used in infrastruc- 1.1. SCADA-Specific Security Administration ture (including Supervisory Control and Data Acquisition, or SCADA systems need a separate, SCADA specific secu- SCADA) have myriad security vulnerabilities. Many of these relate directly to inadequate security administration, which rity administration structure to ensure that all the special- precludes truly effective and sustainable security. Adequate ized features, needs, and implementation idiosyncrasies of security management mandates a clear administrative struc- the SCADA system are adequately covered. [2] contains a ture and enforcement hierarchy. The security policy is the table which lists the key differences in IT and SCADA sys- root document, with sections covering purpose, scope, posi- tem designs which can affect security and policy decisions. tions, responsibilities, references, revision history, enforce- Acceptable use of SCADA should be narrower than IT ment, and exceptions for various subjects relevant for system systems due to its different mission, sensitivity of data, and security. It covers topics including the overall security risk heightened criticality. SCADA systems are oftentimes used management program, data security, platforms, communica- to control time-critical functions. When time is an impor- tions, personnel, configuration management, audit- tant factor, some standard IT security practices may not be ing/assessment, computer applications, physical security, and manual operations. This article introduces an effective frame- appropriate for SCADA. For example, since anti-virus work for SCADA security policy. scanning can sometimes slow down a system, these may not be acceptable for some SCADA platforms.
    [Show full text]