Abstract
Critical infrastructure experienced a transformation from isolated towards highly (inter-)connected systems. This development introduced a variety of new cyber threats, causing high financial damage, threatening lives and affecting the society. Known examples are Stuxnet, WannaCry and the attacks on the Ukrainian power grid. To prevent such attacks, it is indispensable to properly design, assess and maintain countermeasures and security strategies throughout the whole life cycle of the critical systems. For this, security has to be considered and assessed for every system design and redesign. However, common assessment tools and methodologies are not executed on a detailed system knowledge and therefore they are enhanced with penetration tests. Unfortunately, performing only abstract assessments is inadequate and penetration tests endanger the availability of the tested systems. Therefore, the latter cannot be performed on live systems executing critical processes. In this paper, we address these issues for Industrial Control Systems and explain how new concepts for continuous security-by-design or model-based system monitoring and automated vulnerability assessments can resolve them by exploiting new Industry 4.0 developments.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
References
PLCopen and OPC Foundation: OPC UA Information Model for IEC 61131–3. Standard, OPC Foundation, March 2010
Bjorklund, M.: YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF). RFC 6020, RFC Editor, October 2010. https://rfc-editor.org/rfc/rfc6020.txt
CPNI: Cyber security assessments of industrial control systems: A good practice guide, April 2011
Dürkop, L., Imtiaz, J., Trsek, H., Wisniewski, L., Jasperneite, J.: Using OPC-UA for the auto configuration of real-time ethernet systems. In: 2013 11th IEEE International Conference on Industrial Informatics (INDIN), pp. 248–253, July 2013. https://doi.org/10.1109/INDIN.2013.6622890
Enns, R., Bjorklund, M., Schoenwaelder, J., Bierman, A.: Network Configuration Protocol (NETCONF). RFC 6241, RFC Editor, June 2011. https://tools.ietf.org/html/rfc6241
Holm, H., Sommestadt, T., Ekstedt, M., Nordström, L.: Cysemol: Atool for cyber security analysis of enterprises. In: 22nd International Conference and Exhibition on Electricity Distribution (CIRED 2013), p. 1109. IEEE, Piscataway (2013). https://doi.org/10.1049/cp.2013.1077
OPC Unified Architecture - Part 1: Overview and Concepts. Standard, International Electrotechnical Commission, November 2016
Ji, Y., Wen, D., Wang, H., Xia, C.: A logic-based approach to network security risk assessment. In: 2009 ISECS International Colloquium on Computing, Communication, Control, and Management, pp. 9–14. IEEE, September 2009. https://doi.org/10.1109/CCCM.2009.5267887
Lemaire, L., Vossaert, J., Jansen, J., Naessens, V.: Extracting vulnerabilities in industrial control systems using a knowledge-based system. In: 3rd International Symposium for ICS & SCADA Cyber Security Research 2015. Electronic Workshops in Computing, BCS Learning & Development Ltd (2015). https://doi.org/10.14236/ewic/ICS2015.1
ONF: Of-config 1.2 - openflow management and configuration protocol - onf ts-016. Tech. rep., Open Networking Foundation (2014). https://www.opennetworking.org/images/stories/downloads/sdn-resources/onf-specifications/openflow-config/of-config-1.2.pdf
Ou, X., Govindavajhala, S., Appel, A.W.: Mulval: a logic-based network security analyzer. In: Proceedings of the 14th Conference on USENIX Security Symposium, vol. 14. USENIX Association, Berkeley, CA, USA (2005). http://dl.acm.org/citation.cfm?id=1251398.1251406
Plattform Industrie 4.0: Structure of the administration shell, April 2016. https://www.plattform-i40.de/I40/Redaktion/EN/Downloads/Publikation/structure-of-the-administration-shell.pdf?__blob=publicationFile&v=7
Rakshit, A., Ou, X.: A host-based security assessment architecture for industrial control systems. In: 2nd International Symposium on Resilient Control Systems, pp. 13–18. IEEE (2009). https://doi.org/10.1109/ISRCS.2009.5251378
Rosen, R., von Wichert, G., Lo, G., Bettenhausen, K.D.: About the importance of autonomy and digital twins for the future of manufacturing (2015). https://doi.org/10.1016/j.ifacol.2015.06.141
Schmidt, N., Lüder, A.: AutomationML in a Nutshell. AutomationML - The Glue for Seamless Automation Engineering, November 2015
Wolf, J., Wieczorek, F., Schiller, F., Hansch, G., Wiedermann, N., Hutle, M.: Adaptive modelling for security analysis of networked control systems. In: Proceedings of the 4th International Symposium for ICS & SCADA Cyber Security Research 2016. BCS Learning & Development Ltd., Swindon, UK (2016)
Zhang, S., Ou, X., Homer, J.: Effective network vulnerability assessment through model abstraction. In: Holz, T., Bos, H. (eds.) DIMVA 2011. LNCS, vol. 6739, pp. 17–34. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22424-9_2
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Patzer, F., Meshram, A., Birnstill, P., Haas, C., Beyerer, J. (2019). Towards Computer-Aided Security Life Cycle Management for Critical Industrial Control Systems. In: Luiijf, E., Žutautaitė, I., Hämmerli, B. (eds) Critical Information Infrastructures Security. CRITIS 2018. Lecture Notes in Computer Science(), vol 11260. Springer, Cham. https://doi.org/10.1007/978-3-030-05849-4_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-05849-4_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-05848-7
Online ISBN: 978-3-030-05849-4
eBook Packages: Computer ScienceComputer Science (R0)