Designing Critical Infrastructure Cyber Security Segmentation Architecture by Balancing Security with Reliability and Availability

Kawano, Kegan

doi:10.1007/978-3-540-89173-4_22

Designing Critical Infrastructure Cyber Security Segmentation Architecture by Balancing Security with Reliability and Availability

Kegan Kawano

Conference paper

1226 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5141))

Abstract

Designing cyber security architecture for critical infrastructure (CI) has a number of unique challenges. One of the best practices for increasing system security is segmentation. In CI however, segmentation can work in opposition to reliability and availability requirements. Balancing these opposing forces is necessary to properly secure CI. This paper will examine the nature segmentation and its role in reducing security risk. Examples and research will be taken from control systems in the commissioning stage, security retrofits, and security concerns introduced through merger and acquisition activity. The population studied will be taken from the Power Generation, Electrical Transmission and Distribution, Water and Wastewater, and Oil and Gas sectors. This population will be limited to those who have experienced cyber security issues around segmentation and to those who have implemented cyber security segmentation in Europe, United Kingdom, Australia and North America.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Bell, D.E., LaPadula, L.J.: Secure Computer Systems: Mathematical Foundations. MITRE Technical Report 2547, vol. 1. The MITRE Corporation, Bedford, MA (1973)
Google Scholar
Biba, K.J.: Integrity Considerations for Secure Computer Systems, MTR-3153, The MITRE Corporation, Bedford, MA (1977)
Google Scholar
Clark, D.D., Wilson, D.R.: A comparison of commercial and military computer security policies. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA (April 1987)
Google Scholar
Anderson, J.P.: Computer Security Technology Planning Study. ESD-TR-73-51, Air Force Electronic Systems Division, Hanscom AFB, Bedford, MA (1972)
Google Scholar
Stouffer, K., Falco, J., Kent, K.: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security: Recommendations of the National Institute of Standards and Technology. In: Special Publication 800-82, National Institute of Standards and Technology, Gaithersburg, MD (2006)
Google Scholar
Various: Information Technology-Security Techniques-Code of Practice for information security management, ISO 27002:2005, BSI, London, UK. Section 11.4.5 (2005)
Google Scholar
Kawano, K.: Water CI: Change to configuration file renders system unstable, Confidential field case, Industrial Defender, Europe (1996)
Google Scholar
Kawano, K.: Power Generation CI: Laptop taped under server cabinet to sniff passwords, Confidential field case, Industrial Defender, N. America (2004)
Google Scholar
McMillan, R.: Hackers break into water system network, Computerworld (2006), www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9004659&WT.svl=bestoftheweb6
Poulsen, K.: Slammer worm crashed Ohio nuke plant, SecurityFocus (2003), http://www.securityfocus.com/news/6767
Kawano, K.: Oil and Gas CI: Blaster stops production on oil platform, Confidential field case, Industrial Defender, N. America (2006)
Google Scholar
Kawano, K.: Power Generation CI: Historian becomes online gaming server, Confidential field case, Industrial Defender, N. America (2005)
Google Scholar
Tagg, L.: Aussie hacker jailed for sewage attacks, Cooltech (2001), http://cooltech.iafrica.com/technews/archive/november/837110.htm
Buldas, A., Laud, P., Priisalu, J., Saarepera, M., Willemson, J.: Rational choice of security measures via multi-parameter attack trees. In: López, J. (ed.) CRITIS 2006. LNCS, vol. 4347, pp. 235–248. Springer, Heidelberg (2006)
Chapter Google Scholar
Bsufka, K., Kroll-Peters, O., Albayrak, S.: Intelligent network based early warning systems. In: López, J. (ed.) CRITIS 2006. LNCS, vol. 4347, pp. 103–111. Springer, Heidelberg (2006)
Chapter Google Scholar

Download references

Authors

Kegan Kawano
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Department of Computer Science, University of Malaga, 29071, Málaga, Spain
Javier Lopez
Hochschule Technik und Architektur Luzern (HTA), Bodenhofstraße 29, 6005, Luzern, Switzerland
Bernhard M. Hämmerli

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Kawano, K. (2008). Designing Critical Infrastructure Cyber Security Segmentation Architecture by Balancing Security with Reliability and Availability. In: Lopez, J., Hämmerli, B.M. (eds) Critical Information Infrastructures Security. CRITIS 2007. Lecture Notes in Computer Science, vol 5141. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89173-4_22

Download citation

DOI: https://doi.org/10.1007/978-3-540-89173-4_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-89095-9
Online ISBN: 978-3-540-89173-4
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics