Advertisement

Integration of a System for Critical Infrastructure Protection with the OSSIM SIEM Platform: A dam case study

  • Luigi Coppolino
  • Salvatore D’Antonio
  • Valerio Formicola
  • Luigi Romano
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6894)

Abstract

In recent years the monitoring and control devices in charge of supervising the critical processes of Critical Infrastructures have been victims of cyber attacks. To face such threat, organizations providing critical services are increasingly focusing on protecting their network infrastructures. Security Information and Event Management (SIEM) frameworks support network protection by performing centralized correlation of network asset reports. In this work we propose an extension of a commercial SIEM framework, namely OSSIM by AlienVault, to perform the analysis of the reports (events) generated by monitoring, control and security devices of the dam infrastructure. Our objective is to obtain evidences of misuses and malicious activities occurring at the dam monitoring and control system, since they can result in issuing hazardous commands to control devices. We present examples of misuses and malicious activities and procedures to extend OSSIM for analyzing new event types.

Keywords

Critical Infrastructure Protection SIEM dam OSSIM 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Regan, P.J.: Dams as systems - a holistic approach to dam safety. In: 30th Annual USSD Conference Sacramento, California (2010)Google Scholar
  2. 2.
    White Paper, Global Energy Cyberattacks: “Night Dragon”, McAfee® Foundstone®Professional Services and McAfee Labs (2011)Google Scholar
  3. 3.
    White Paper, Symantec®Intelligence Quarterly Report, Targeted Attacks on Critical Infrastructures, http://bit.ly/g8kpvz (October-December, 2010)
  4. 4.
    Jeon, J., Lee, J., Shin, D., Park, H.: Development of dam safety management system. Advances in Engineering Software 40(8), 554–563 (2009) ISSN 0965-9978CrossRefGoogle Scholar
  5. 5.
    Farinha, F., Portela, E., Domingues, C., Sousa, L.: Knowledge-based systems in civil engineering: Three case studies. In: Advances in Engineering Software. Selected papers from Civil-Comp 2003 and AICivil-Comp 2003, vol. 36(11-12), pp. 729–739 (November-December 2005) ISSN 0965-9978Google Scholar
  6. 6.
    Ingelrest, F., Barrenetxea, G., Schaefer, G., Vetterli, M., Couach, O., Parlange, M.: SensorScope: Application-specific sensor network for environmental monitoring. ACM Trans. Sen. Netw. 6(2) Article 17 (2010)Google Scholar
  7. 7.
    Briesemeister, L., Cheung, S., Lindqvist, U., Valdes, A.: Detection, correlation, and visualization of attacks against critical infrastructure systems. In: Eighth Annual International Conference on Privacy Security and Trust (PST), 2010, August 17-19, pp. 15–22 (2010), doi:10.1109/PST.2010.5593242Google Scholar
  8. 8.
    Madrid, J.M., Munera, L.E., Montoya, C.A., Osorio, J.D., Cardenas, L.E., Bedoya, R., Latorre, C.: Functionality, reliability and adaptability improvements to the OSSIM information security console. In: IEEE Latin-American Conference on Communications, LATINCOM 2009, September 10-11, pp. 1–6 (2009)Google Scholar
  9. 9.
    Myers, B.K., Dutson, G.C., Sherman, T.: City of Salem Utilizing Automated Monitoring for the Franzen Reservoir Dam Safety Program. In: 25th USSD Annual Meeting and Conference Proceedings (2005)Google Scholar
  10. 10.
    Parekh, M., Stone, K., Delborne, J.: Coordinating Intelligent and Continuous Performance Monitoring with Dam and Levee Safety Management Policy. In: Association of State Dam Safety Officials Conference Proceedings, at the 2010 Dam Safety Conference (2010)Google Scholar
  11. 11.
    Karg, D., Casal, J.: Ossim: Open source security information management. Tech. report, OSSIM (2008)Google Scholar
  12. 12.
    AlienVault®, http://alienvault.com/
  13. 13.
    AlienVault OSSIM Available Plugins, http://alienvault.com/community/plugins

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Luigi Coppolino
    • 1
  • Salvatore D’Antonio
    • 2
  • Valerio Formicola
    • 2
  • Luigi Romano
    • 2
  1. 1.Epsilon S.r.l.NaplesItaly
  2. 2.Department of TechnologyUniversity of Naples ”Parthenope”Italy

Personalised recommendations