Advertisement

Applying Trusted Network Technology To Process Control Systems

  • Hamed Okhravi
  • David Nicol
Conference paper
Part of the The International Federation for Information Processing book series (IFIPAICT, volume 290)

Interconnections between process control networks and enterprise networks expose instrumentation and control systems and the critical infrastructure components they operate to a variety of cyber attacks. Several architectural standards and security best practices have been proposed for industrial control systems. However, they are based on older architectures and do not leverage the latest hardware and software technologies. This paper describes new technologies that can be applied to the design of next generation security architectures for industrial control systems. The technologies are discussed along with their security benefits and design trade-offs.

Keywords

Process control systems trusted networks security architectures 

References

  1. 1.
    E. Byres, B. Chauvin, J. Karsch, D. Hoffman and N. Kube, The special needs of SCADA/PCN firewalls: Architectures and test results, Proceedings of the Tenth IEEE Conference on Emerging Technologies and Factory Automation, 2005.Google Scholar
  2. 2.
    E. Byres, D. Leversage and N. Kube, Security incident and trends in SCADA and process industries: A statistical review of the Industrial Security Incident Database (ISID), White Paper, Symantec Corporation, Cupertino, California, 2007.Google Scholar
  3. 3.
    E. Byres and J. Lowe, The myths and facts behind cyber security risks for industrial control systems, Proceedings of the VDE Congress, pp. 213–218, 2004.Google Scholar
  4. 4.
    D. Capite, Self-Defending Networks: The Next Generation of Network Security, Cisco Press, Indianapolis, Indiana, 2006.Google Scholar
  5. 5.
    Cisco Systems, Implementing Network Admission Control — Phase One Configuration and Deployment, Version 1.1, San Jose, California, 2005.Google Scholar
  6. 6.
    Cisco Systems, Cisco TrustSec: Enabling switch security services, San Jose, California (www.cisco.com/en/US/solutions/collateral/ns340/ns3 94/ns147/ns774/net implementation_white_paper0900aecd80716abd.pdf), 2007.Google Scholar
  7. 7.
    Cisco Systems, Cisco NAC Appliance — Clean Access Manager Installation and Configuration Guide, Release 4.1(3), San Jose, California (www.cisco.com/en/US/docs/security/nac/appliance/configuration.guide/413/ cam/cam413ug.pdf), 2008.
  8. 8.
    Cisco Systems, Getting started with Cisco NAC network modules in Cisco access routers, San Jose, California (www.cisco.com/en/US/docs/security /nac/appliance/installation.guide/netmodule/nacnmgsg.pdf),2008.Google Scholar
  9. 9.
    Cisco Systems and Microsoft Corporation, Cisco Network Admission Control and Microsoft Network Access Protection Interoperability Architecture, Redmond, Washington (www.microsoft.com/presspass/events/ssc /docs/CiscoMSNACWP.pdf), 2006.Google Scholar
  10. 10.
    M. Franz and D. Miller, Industrial Ethernet security: Threats and counter measures (www.threatmind.net/papers/franz-miller-industrial-ethernet-se c-03.pdf), 2003.Google Scholar
  11. 11.
    Industrial Automation Open Networking Association, The IAONA Handbook for Network Security, Version 1.3, Magdeburg, Germany (www.iaona.org/pictures/files/1122888138-IAONAHNS1_3-reduced_050 725.pdf), 2005.
  12. 12.
    Instrumentation, Systems and Automation Society, Integrating Electronic Security into the Manufacturing and Control Systems Environment, ANSI/ISA Technical Report TR99.00.02-2004, Research Triangle Park, North Carolina, 2004.Google Scholar
  13. 13.
    Microsoft Corporation, Network access protection platform architecture, Redmond, Washington (www.microsoft.com/technet/network/nap/nap arch.mspx),2004.
  14. 14.
    MITRE Corporation, CAPEC: Common Attack Pattern Enumeration and Classification, Bedford, Massachusetts (capec mitre.org).Google Scholar
  15. 15.
    North American Electric Reliability Council, SQL slammer worm lessons learned for consideration by the electricity sector, Princeton, New Jersey (www.esisac.com/publicdocs/SQLSlammer_2003.pdf), 2003.
  16. 16.
    Office of Nuclear Reactor Regulation, Potential vulnerability of plant computer network to worm infection, NRC Information Notice 2003-14, Nuclear Regulatory Commission, Washington, DC (www.nrc.gov/reading-rm/doc-collections/gen-comm/info-notices/2003/in200314.pdf),2003.
  17. 17.
    R. Ross, S. Katzke, A. Johnson, M. Swanson, G. Stoneburner and G. Rogers, Recommended Security Controls for Federal Information Systems, NIST Special Publication 800–53, National Institute of Standards and Technology, Gaithersburg, Maryland, 2005.Google Scholar
  18. 18.
    M. Sopko and K. Winegardner, Process control network security concerns and remedies, IEEE Cement Industry Technical Conference Record, pp. 26–37, 2007.Google Scholar
  19. 19.
    K. Stouffer, J. Falco and K. Scarfone, Guide to Industrial Control Systems Security, Second Public Draft, NIST Special Publication 800–82, National Institute of Standards and Technology, Gaithersburg, Maryland, 2007.Google Scholar
  20. 20.
    Trusted Computing Group, Trusted network connect to ensure endpoint integrity, Beaverton, Oregon (www.trustedcomputinggroup.org/groups /network/TNC_NI_collateral_10_may.pdf), 2005.
  21. 21.
    A. Wool, A quantitative study of firewall configuration errors, IEEE Computer, vol. 37(6), pp. 62–67, 2004.CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2008

Authors and Affiliations

  • Hamed Okhravi
    • 1
  • David Nicol
    • 1
  1. 1.University of IllinoisChicagoUSA

Personalised recommendations