Integration of a System for Critical Infrastructure Protection with the OSSIM SIEM Platform: A dam case study
In recent years the monitoring and control devices in charge of supervising the critical processes of Critical Infrastructures have been victims of cyber attacks. To face such threat, organizations providing critical services are increasingly focusing on protecting their network infrastructures. Security Information and Event Management (SIEM) frameworks support network protection by performing centralized correlation of network asset reports. In this work we propose an extension of a commercial SIEM framework, namely OSSIM by AlienVault, to perform the analysis of the reports (events) generated by monitoring, control and security devices of the dam infrastructure. Our objective is to obtain evidences of misuses and malicious activities occurring at the dam monitoring and control system, since they can result in issuing hazardous commands to control devices. We present examples of misuses and malicious activities and procedures to extend OSSIM for analyzing new event types.
KeywordsCritical Infrastructure Protection SIEM dam OSSIM
Unable to display preview. Download preview PDF.
- 1.Regan, P.J.: Dams as systems - a holistic approach to dam safety. In: 30th Annual USSD Conference Sacramento, California (2010)Google Scholar
- 2.White Paper, Global Energy Cyberattacks: “Night Dragon”, McAfee® Foundstone®Professional Services and McAfee Labs (2011)Google Scholar
- 3.White Paper, Symantec®Intelligence Quarterly Report, Targeted Attacks on Critical Infrastructures, http://bit.ly/g8kpvz (October-December, 2010)
- 5.Farinha, F., Portela, E., Domingues, C., Sousa, L.: Knowledge-based systems in civil engineering: Three case studies. In: Advances in Engineering Software. Selected papers from Civil-Comp 2003 and AICivil-Comp 2003, vol. 36(11-12), pp. 729–739 (November-December 2005) ISSN 0965-9978Google Scholar
- 6.Ingelrest, F., Barrenetxea, G., Schaefer, G., Vetterli, M., Couach, O., Parlange, M.: SensorScope: Application-specific sensor network for environmental monitoring. ACM Trans. Sen. Netw. 6(2) Article 17 (2010)Google Scholar
- 7.Briesemeister, L., Cheung, S., Lindqvist, U., Valdes, A.: Detection, correlation, and visualization of attacks against critical infrastructure systems. In: Eighth Annual International Conference on Privacy Security and Trust (PST), 2010, August 17-19, pp. 15–22 (2010), doi:10.1109/PST.2010.5593242Google Scholar
- 8.Madrid, J.M., Munera, L.E., Montoya, C.A., Osorio, J.D., Cardenas, L.E., Bedoya, R., Latorre, C.: Functionality, reliability and adaptability improvements to the OSSIM information security console. In: IEEE Latin-American Conference on Communications, LATINCOM 2009, September 10-11, pp. 1–6 (2009)Google Scholar
- 9.Myers, B.K., Dutson, G.C., Sherman, T.: City of Salem Utilizing Automated Monitoring for the Franzen Reservoir Dam Safety Program. In: 25th USSD Annual Meeting and Conference Proceedings (2005)Google Scholar
- 10.Parekh, M., Stone, K., Delborne, J.: Coordinating Intelligent and Continuous Performance Monitoring with Dam and Levee Safety Management Policy. In: Association of State Dam Safety Officials Conference Proceedings, at the 2010 Dam Safety Conference (2010)Google Scholar
- 11.Karg, D., Casal, J.: Ossim: Open source security information management. Tech. report, OSSIM (2008)Google Scholar
- 12.AlienVault®, http://alienvault.com/
- 13.AlienVault OSSIM Available Plugins, http://alienvault.com/community/plugins