Advertisement

Designing Critical Infrastructure Cyber Security Segmentation Architecture by Balancing Security with Reliability and Availability

  • Kegan Kawano
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5141)

Abstract

Designing cyber security architecture for critical infrastructure (CI) has a number of unique challenges.  One of the best practices for increasing system security is segmentation.  In CI however, segmentation can work in opposition to reliability and availability requirements. Balancing these opposing forces is necessary to properly secure CI. This paper will examine the nature segmentation and its role in reducing security risk. Examples and research will be taken from control systems in the commissioning stage, security retrofits, and security concerns introduced through merger and acquisition activity. The population studied will be taken from the Power Generation, Electrical Transmission and Distribution, Water and Wastewater, and Oil and Gas sectors. This population will be limited to those who have experienced cyber security issues around segmentation and to those who have implemented cyber security segmentation in Europe, United Kingdom, Australia and North America.

Keywords

Remote Site Critical Infrastructure Security Risk Human Machine Interface User Risk 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bell, D.E., LaPadula, L.J.: Secure Computer Systems: Mathematical Foundations. MITRE Technical Report 2547, vol. 1. The MITRE Corporation, Bedford, MA (1973)Google Scholar
  2. 2.
    Biba, K.J.: Integrity Considerations for Secure Computer Systems, MTR-3153, The MITRE Corporation, Bedford, MA (1977)Google Scholar
  3. 3.
    Clark, D.D., Wilson, D.R.: A comparison of commercial and military computer security policies. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA (April 1987)Google Scholar
  4. 4.
    Anderson, J.P.: Computer Security Technology Planning Study. ESD-TR-73-51, Air Force Electronic Systems Division, Hanscom AFB, Bedford, MA (1972)Google Scholar
  5. 5.
    Stouffer, K., Falco, J., Kent, K.: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security: Recommendations of the National Institute of Standards and Technology. In: Special Publication 800-82, National Institute of Standards and Technology, Gaithersburg, MD (2006)Google Scholar
  6. 6.
    Various: Information Technology-Security Techniques-Code of Practice for information security management, ISO 27002:2005, BSI, London, UK. Section 11.4.5 (2005) Google Scholar
  7. 7.
    Kawano, K.: Water CI: Change to configuration file renders system unstable, Confidential field case, Industrial Defender, Europe (1996)Google Scholar
  8. 8.
    Kawano, K.: Power Generation CI: Laptop taped under server cabinet to sniff passwords, Confidential field case, Industrial Defender, N. America (2004)Google Scholar
  9. 9.
    McMillan, R.: Hackers break into water system network, Computerworld (2006), www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9004659&WT.svl=bestoftheweb6
  10. 10.
    Poulsen, K.: Slammer worm crashed Ohio nuke plant, SecurityFocus (2003), http://www.securityfocus.com/news/6767
  11. 11.
    Kawano, K.: Oil and Gas CI: Blaster stops production on oil platform, Confidential field case, Industrial Defender, N. America (2006)Google Scholar
  12. 12.
    Kawano, K.: Power Generation CI: Historian becomes online gaming server, Confidential field case, Industrial Defender, N. America (2005)Google Scholar
  13. 13.
    Tagg, L.: Aussie hacker jailed for sewage attacks, Cooltech (2001), http://cooltech.iafrica.com/technews/archive/november/837110.htm
  14. 14.
    Buldas, A., Laud, P., Priisalu, J., Saarepera, M., Willemson, J.: Rational choice of security measures via multi-parameter attack trees. In: López, J. (ed.) CRITIS 2006. LNCS, vol. 4347, pp. 235–248. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Bsufka, K., Kroll-Peters, O., Albayrak, S.: Intelligent network based early warning systems. In: López, J. (ed.) CRITIS 2006. LNCS, vol. 4347, pp. 103–111. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Kegan Kawano

There are no affiliations available

Personalised recommendations