Abstract
Integrating Industrial Control Systems (ICS) with Corporate System (IT) is one of the most important industrial orientations. With recent cybersecurity attacks, the security of integrated ICS systems has become the priority of industrial world. Defense-in-depth is one of the most important security measures that should be applied to integrated ICS systems. This security technique consists essentially of “Segmentation” and “Segregation”. Segmentation of an integrated ICS may be based on various types of characteristics such as functional characteristics, business impact, risk levels or other requirements defined by the organization. Although the research conducted so far on this subject has suggested some segmentation solutions, these solutions are unfortunately not generic enough and do not take sufficient account of all the specificities of integrated ICS systems such as their technical and functional heterogeneity. This paper presents SONICS (Segmentation On iNtegrated ICS systems) a new segmentation method that aims to simplify security zones identification by focusing on systems characteristics that are really relevant for segmentation.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Cai, N., Wang, J., Yu, X.: SCADA system security: complexity, history and new developments. In: 6th IEEE International Conference on Industrial Informatics (2008)
Stouffer, K., Lightman, S., Pillitteri, V., Abrams, M., Hahn, A.: Guide to industrial control systems (ICS) security. In: NIST Special Publication, vol. 800, no. 82 (2015)
Pires, P.S.M., Oliveira, L.A.H.G.: Security aspects of SCADA and corporate network interconnection: an overview. In: IEEE International Conference on Dependability of Computer Systems, pp. 127–134 (2006)
ANSSI: Detailed Measures (2013)
CSSP, DHS: Recommended proctice: improving industrial control systems cybersecurity with defense-in-depth strategies. US-CERT Defense in Depth, October 2009
Security for Industrial Automation and Control Systems: Terminology, Concepts, and Models: Howpublished. ISA-99 Standard 62443-1-1 (Draft2, Edit4) (2013)
Enterprise - Control system integration. Part 2: object model attributes. ISA-95 Standard 95.00.02 (Draft 9) (2001)
Enterprise - Control system integration Part 3: activity models of manufacturing operations management: Howpublished. ISA-95 Standard 95.00.03 (Draft 16) (2004)
Enterprise - Control system integration Part 1: models and terminology: Howpublished. ISA-dS95 Standard (Draft 14) (1999)
Es-Salhi, K., Cuppens-Boulahia, N., Espes, D., Cuppens, F.: Analysis of ICS and corporate system integration vulnerabilities. In: The 14th International Conference on Embedded Systems, Cyber-Physical Systems, and Applications (ESCS’2016) (2016)
Obregon, L.: Secure architecture for industrial control systems. SANS Institute, InfoSec Reading Room (2015)
Zerbst, J.-T., Hjelmvik, E., Rinta-Jouppi, I.: Zoning principles in electricity distribution and energy production environments. In: 20th International Conference on Electricity Distribution (2009)
Galloway, B., Hancke, G.P.: Introduction to industrial control networks. IEEE Commun. Surv. Tutor. 15, 860–880 (2013)
Network Segmentation for Industrial Control Environments. Wurldtech, A GE (2016)
Network Perimeter Defense: Best Practices in Network Segmentation. Energy ESC, November 2014
Mahan, R.E., et al.: Secure data transfer guidance for industrial control and SCADA systems. Report to US Department of Energy, PNNL-20776 (2011)
Mcdonald, J., Oualha, N., Puccetti, A., Hecker, A., Planchon, F.: Application of EBIOS for the risk assessment of ICT use in electrical distribution sub-stations. IEEE PowerTech (POWERTECH). IEEE Grenoble (2013)
Jonathan, P.: Innovative defense strategies for securing SCADA and control systems. PlantData Technologies (2006)
Foley, S.N.: The specification and implementation of “Commercial” security requirements including dynamic segregation of duties. In: Proceedings of the 4th ACM Conference on Computer and Communications Security, Zurich, Switzerland, 1–4 April 1997
Johnson, R.E: Survey of SCADA security challenges and potential attack vectors: In. IEEE International Conference for Internet Technology and Secured Transactions (ICITST) (2010)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Es-Salhi, K., Espes, D., Cuppens, N. (2018). SONICS: A Segmentation Method for Integrated ICS and Corporate System. In: Ganapathy, V., Jaeger, T., Shyamasundar, R. (eds) Information Systems Security. ICISS 2018. Lecture Notes in Computer Science(), vol 11281. Springer, Cham. https://doi.org/10.1007/978-3-030-05171-6_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-05171-6_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-05170-9
Online ISBN: 978-3-030-05171-6
eBook Packages: Computer ScienceComputer Science (R0)