Abstract
Designing cyber security architecture for critical infrastructure (CI) has a number of unique challenges. One of the best practices for increasing system security is segmentation. In CI however, segmentation can work in opposition to reliability and availability requirements. Balancing these opposing forces is necessary to properly secure CI. This paper will examine the nature segmentation and its role in reducing security risk. Examples and research will be taken from control systems in the commissioning stage, security retrofits, and security concerns introduced through merger and acquisition activity. The population studied will be taken from the Power Generation, Electrical Transmission and Distribution, Water and Wastewater, and Oil and Gas sectors. This population will be limited to those who have experienced cyber security issues around segmentation and to those who have implemented cyber security segmentation in Europe, United Kingdom, Australia and North America.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Bell, D.E., LaPadula, L.J.: Secure Computer Systems: Mathematical Foundations. MITRE Technical Report 2547, vol. 1. The MITRE Corporation, Bedford, MA (1973)
Biba, K.J.: Integrity Considerations for Secure Computer Systems, MTR-3153, The MITRE Corporation, Bedford, MA (1977)
Clark, D.D., Wilson, D.R.: A comparison of commercial and military computer security policies. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA (April 1987)
Anderson, J.P.: Computer Security Technology Planning Study. ESD-TR-73-51, Air Force Electronic Systems Division, Hanscom AFB, Bedford, MA (1972)
Stouffer, K., Falco, J., Kent, K.: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security: Recommendations of the National Institute of Standards and Technology. In: Special Publication 800-82, National Institute of Standards and Technology, Gaithersburg, MD (2006)
Various: Information Technology-Security Techniques-Code of Practice for information security management, ISO 27002:2005, BSI, London, UK. Section 11.4.5 (2005)
Kawano, K.: Water CI: Change to configuration file renders system unstable, Confidential field case, Industrial Defender, Europe (1996)
Kawano, K.: Power Generation CI: Laptop taped under server cabinet to sniff passwords, Confidential field case, Industrial Defender, N. America (2004)
McMillan, R.: Hackers break into water system network, Computerworld (2006), www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9004659&WT.svl=bestoftheweb6
Poulsen, K.: Slammer worm crashed Ohio nuke plant, SecurityFocus (2003), http://www.securityfocus.com/news/6767
Kawano, K.: Oil and Gas CI: Blaster stops production on oil platform, Confidential field case, Industrial Defender, N. America (2006)
Kawano, K.: Power Generation CI: Historian becomes online gaming server, Confidential field case, Industrial Defender, N. America (2005)
Tagg, L.: Aussie hacker jailed for sewage attacks, Cooltech (2001), http://cooltech.iafrica.com/technews/archive/november/837110.htm
Buldas, A., Laud, P., Priisalu, J., Saarepera, M., Willemson, J.: Rational choice of security measures via multi-parameter attack trees. In: López, J. (ed.) CRITIS 2006. LNCS, vol. 4347, pp. 235–248. Springer, Heidelberg (2006)
Bsufka, K., Kroll-Peters, O., Albayrak, S.: Intelligent network based early warning systems. In: López, J. (ed.) CRITIS 2006. LNCS, vol. 4347, pp. 103–111. Springer, Heidelberg (2006)
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kawano, K. (2008). Designing Critical Infrastructure Cyber Security Segmentation Architecture by Balancing Security with Reliability and Availability. In: Lopez, J., Hämmerli, B.M. (eds) Critical Information Infrastructures Security. CRITIS 2007. Lecture Notes in Computer Science, vol 5141. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89173-4_22
Download citation
DOI: https://doi.org/10.1007/978-3-540-89173-4_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-89095-9
Online ISBN: 978-3-540-89173-4
eBook Packages: Computer ScienceComputer Science (R0)