Applying Trusted Network Technology To Process Control Systems
- 1.3k Downloads
Interconnections between process control networks and enterprise networks expose instrumentation and control systems and the critical infrastructure components they operate to a variety of cyber attacks. Several architectural standards and security best practices have been proposed for industrial control systems. However, they are based on older architectures and do not leverage the latest hardware and software technologies. This paper describes new technologies that can be applied to the design of next generation security architectures for industrial control systems. The technologies are discussed along with their security benefits and design trade-offs.
KeywordsProcess control systems trusted networks security architectures
- 1.E. Byres, B. Chauvin, J. Karsch, D. Hoffman and N. Kube, The special needs of SCADA/PCN firewalls: Architectures and test results, Proceedings of the Tenth IEEE Conference on Emerging Technologies and Factory Automation, 2005.Google Scholar
- 2.E. Byres, D. Leversage and N. Kube, Security incident and trends in SCADA and process industries: A statistical review of the Industrial Security Incident Database (ISID), White Paper, Symantec Corporation, Cupertino, California, 2007.Google Scholar
- 3.E. Byres and J. Lowe, The myths and facts behind cyber security risks for industrial control systems, Proceedings of the VDE Congress, pp. 213–218, 2004.Google Scholar
- 4.D. Capite, Self-Defending Networks: The Next Generation of Network Security, Cisco Press, Indianapolis, Indiana, 2006.Google Scholar
- 5.Cisco Systems, Implementing Network Admission Control — Phase One Configuration and Deployment, Version 1.1, San Jose, California, 2005.Google Scholar
- 6.Cisco Systems, Cisco TrustSec: Enabling switch security services, San Jose, California (www.cisco.com/en/US/solutions/collateral/ns340/ns3 94/ns147/ns774/net implementation_white_paper0900aecd80716abd.pdf), 2007.Google Scholar
- 7.Cisco Systems, Cisco NAC Appliance — Clean Access Manager Installation and Configuration Guide, Release 4.1(3), San Jose, California (www.cisco.com/en/US/docs/security/nac/appliance/configuration.guide/413/ cam/cam413ug.pdf), 2008.
- 8.Cisco Systems, Getting started with Cisco NAC network modules in Cisco access routers, San Jose, California (www.cisco.com/en/US/docs/security /nac/appliance/installation.guide/netmodule/nacnmgsg.pdf),2008.Google Scholar
- 9.Cisco Systems and Microsoft Corporation, Cisco Network Admission Control and Microsoft Network Access Protection Interoperability Architecture, Redmond, Washington (www.microsoft.com/presspass/events/ssc /docs/CiscoMSNACWP.pdf), 2006.Google Scholar
- 10.M. Franz and D. Miller, Industrial Ethernet security: Threats and counter measures (www.threatmind.net/papers/franz-miller-industrial-ethernet-se c-03.pdf), 2003.Google Scholar
- 11.Industrial Automation Open Networking Association, The IAONA Handbook for Network Security, Version 1.3, Magdeburg, Germany (www.iaona.org/pictures/files/1122888138-IAONAHNS1_3-reduced_050 725.pdf), 2005.
- 12.Instrumentation, Systems and Automation Society, Integrating Electronic Security into the Manufacturing and Control Systems Environment, ANSI/ISA Technical Report TR99.00.02-2004, Research Triangle Park, North Carolina, 2004.Google Scholar
- 13.Microsoft Corporation, Network access protection platform architecture, Redmond, Washington (www.microsoft.com/technet/network/nap/nap arch.mspx),2004.
- 14.MITRE Corporation, CAPEC: Common Attack Pattern Enumeration and Classification, Bedford, Massachusetts (capec mitre.org).Google Scholar
- 15.North American Electric Reliability Council, SQL slammer worm lessons learned for consideration by the electricity sector, Princeton, New Jersey (www.esisac.com/publicdocs/SQLSlammer_2003.pdf), 2003.
- 16.Office of Nuclear Reactor Regulation, Potential vulnerability of plant computer network to worm infection, NRC Information Notice 2003-14, Nuclear Regulatory Commission, Washington, DC (www.nrc.gov/reading-rm/doc-collections/gen-comm/info-notices/2003/in200314.pdf),2003.
- 17.R. Ross, S. Katzke, A. Johnson, M. Swanson, G. Stoneburner and G. Rogers, Recommended Security Controls for Federal Information Systems, NIST Special Publication 800–53, National Institute of Standards and Technology, Gaithersburg, Maryland, 2005.Google Scholar
- 18.M. Sopko and K. Winegardner, Process control network security concerns and remedies, IEEE Cement Industry Technical Conference Record, pp. 26–37, 2007.Google Scholar
- 19.K. Stouffer, J. Falco and K. Scarfone, Guide to Industrial Control Systems Security, Second Public Draft, NIST Special Publication 800–82, National Institute of Standards and Technology, Gaithersburg, Maryland, 2007.Google Scholar
- 20.Trusted Computing Group, Trusted network connect to ensure endpoint integrity, Beaverton, Oregon (www.trustedcomputinggroup.org/groups /network/TNC_NI_collateral_10_may.pdf), 2005.