Abstract
An Industrial Control System (ICS) is a system of physical entities whose functioning heavily relies on information and communication technology components and infrastructures. ICS are ubiquitous and can be found in a number of safety-critical areas including energy, chemical processes, health-care, aerospace, manufacturing, and transportation. While originally isolated and inherently secure, ICS are recently becoming more and more exposed to cyber attacks (e.g. Stuxnet).
Many existing ICS do not feature cyber security protection, with liability issues and high costs in case of incidents. Since existing ICS are normally based on components and protocols that cannot be modified nor updated, redesign is usually not feasible. In this paper we propose a monitoring framework for the run-time verification of ICS. The framework is based on a formal language that supports the precise specification of high-level safety requirements as well as of the relevant threat model, and on a passive monitoring technique that detects and notifies if the system state is close to a critical state.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
American Gas Association: Aga-12: cryptographic protection of scada communications (2006)
Bagnara, R., Hill, P.M., Zaffanella, E.: The parma polyhedra library: toward a complete set of numerical abstractions for the analysis and verification of hardware and software systems. Sci. Comput. Programm. 72(1–2), 3–21 (2008)
Bolzoni, D., Zambon, E., Etalle, S., Hartel, P.: Poseidon: a 2-tier anomaly-based network intrusion detection system. In: Proceedings of the Fourth IEEE International Workshop on Information Assurance, IWIA 2006, pp. 144–156. IEEE Computer Society, Los Alamitos. http://doc.utwente.nl/64935/
Carcano, A., Coletta, A., Guglielmi, M., Masera, M., Fovino, I.N., Trombetta, A.: A multidimensional critical state analysis for detecting intrusions in scada systems. IEEE Trans. Ind. Inform. 7(2), 179–186 (2011)
Caswell, B., Beale, J.: Snort 2.1 Intrusion Detection. Syngress, Rockland (2004)
Cheung, S., Dutertre, B., Fong, M., Lindqvist, U., Skinner, K., Valdes, A.: Using model-based intrusion detection for scada networks. In: Proceedings of the SCADA Security Scientific Symposium, 46, pp. 1–12 (2007)
European Union Agency for Network and Information Security (ENISA): Smart grid security - recommendations for europe and member states, July 2012
Garcia-Teodoro, P., Diaz-Verdejo, J., Maciá-Fernández, G., Vázquez, E.: Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. 28(1), 18–28 (2009)
Guralnik, V., Heimerdinger, W., VanRiper, R.: Anomaly-based intrusion detection, uS Patent App. 11/189,446, 26 July 2005
Leszczyna, R., Egozcue, E., Tarrafeta, L., Villar, V.F., Estremera, R., Alonso, J.: Protecting industrial control systems - recommendations for europe and member states. Technical report, European Union Agency for Network and Information Security (ENISA) (2011)
Miller, D., Harris, S., Harper, A., VanDyke, S., Blask, C.: Security Information and Event Management (SIEM) Implementation. McGraw Hill Professional, New York (2010)
Mitchell, R., Chen, I.R.: Behavior rule specification-based intrusion detection for safety critical medical cyber physical systems. IEEE Trans. Dependable Secur. Comput. 5971, 1 (2014). http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6774867
Modbus, I.D.A.: Modbus application protocol specification v1. 1a. North Grafton, Massachusetts (2004). www.modbus.org/specs.php
Fovino, I.N., Coletta, A., Carcano, A., Masera, M.: Critical state-based filtering system for securing SCADA network protocols. IEEE Trans. Ind. Electron. 59(10), 3943–3950 (2012). http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6111289
Roesch, M., et al.: Snort: lightweight intrusion detection for networks. LISA 99, 229–238 (1999)
Smart Grid Interoperability Panel Cyber Security Working Group and others: Nistir 7628-guidelines for smart grid cyber security, vol. 1–3 (2010)
Stouffer, K., Falco, J., Scarfone, K.: Guide to Industrial Control Systems (ICS) Security: Supervisory Control and Data Acquisition (SCADA) Systems, Distributed Control Systems (DCS), and Other Control System Configurations such as Programmable Logic Controllers (PLC). Technical report, National Institute of Standards and Technology, Gaithersburg, MD. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r1.pdf
Swales, A.: Open Modbus/TCP specification. Schneider Electr. 26, 29 March 1999
Xiao, K., Chen, N., Ren, S., Shen, L., Sun, X., Kwiat, K., Macalik, M.: A workflow-based non-intrusive approach for enhancing the survivability of critical infrastructures in cyber environment. In: Third International Workshop on Software Engineering for Secure System, SESS 2007, ICSE Workshop, p. 4 (2007). http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=4273330
Zimmer, C., Bhat, B., Mueller, F., Mohan, S.: Time-based intrusion detection in cyber-physical systems. In: Proceedings of the 1st ACM/IEEE International Conference on Cyber-Physical Systems, pp. 109–118. ACM (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Coletta, A., Armando, A. (2016). Security Monitoring for Industrial Control Systems. In: Bécue, A., Cuppens-Boulahia, N., Cuppens, F., Katsikas, S., Lambrinoudakis, C. (eds) Security of Industrial Control Systems and Cyber Physical Systems. CyberICS WOS-CPS 2015 2015. Lecture Notes in Computer Science(), vol 9588. Springer, Cham. https://doi.org/10.1007/978-3-319-40385-4_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-40385-4_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-40384-7
Online ISBN: 978-3-319-40385-4
eBook Packages: Computer ScienceComputer Science (R0)