Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Systems Security

ICISS 2018: Information Systems Security pp 231–250Cite as

SONICS: A Segmentation Method for Integrated ICS and Corporate System

  • Conference paper
  • First Online:

  • 1001 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11281))

Abstract

Integrating Industrial Control Systems (ICS) with Corporate System (IT) is one of the most important industrial orientations. With recent cybersecurity attacks, the security of integrated ICS systems has become the priority of industrial world. Defense-in-depth is one of the most important security measures that should be applied to integrated ICS systems. This security technique consists essentially of “Segmentation” and “Segregation”. Segmentation of an integrated ICS may be based on various types of characteristics such as functional characteristics, business impact, risk levels or other requirements defined by the organization. Although the research conducted so far on this subject has suggested some segmentation solutions, these solutions are unfortunately not generic enough and do not take sufficient account of all the specificities of integrated ICS systems such as their technical and functional heterogeneity. This paper presents SONICS (Segmentation On iNtegrated ICS systems) a new segmentation method that aims to simplify security zones identification by focusing on systems characteristics that are really relevant for segmentation.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Cai, N., Wang, J., Yu, X.: SCADA system security: complexity, history and new developments. In: 6th IEEE International Conference on Industrial Informatics (2008)

    Google Scholar 

  2. Stouffer, K., Lightman, S., Pillitteri, V., Abrams, M., Hahn, A.: Guide to industrial control systems (ICS) security. In: NIST Special Publication, vol. 800, no. 82 (2015)

    Google Scholar 

  3. Pires, P.S.M., Oliveira, L.A.H.G.: Security aspects of SCADA and corporate network interconnection: an overview. In: IEEE International Conference on Dependability of Computer Systems, pp. 127–134 (2006)

    Google Scholar 

  4. ANSSI: Detailed Measures (2013)

    Google Scholar 

  5. CSSP, DHS: Recommended proctice: improving industrial control systems cybersecurity with defense-in-depth strategies. US-CERT Defense in Depth, October 2009

    Google Scholar 

  6. Security for Industrial Automation and Control Systems: Terminology, Concepts, and Models: Howpublished. ISA-99 Standard 62443-1-1 (Draft2, Edit4) (2013)

    Google Scholar 

  7. Enterprise - Control system integration. Part 2: object model attributes. ISA-95 Standard 95.00.02 (Draft 9) (2001)

    Google Scholar 

  8. Enterprise - Control system integration Part 3: activity models of manufacturing operations management: Howpublished. ISA-95 Standard 95.00.03 (Draft 16) (2004)

    Google Scholar 

  9. Enterprise - Control system integration Part 1: models and terminology: Howpublished. ISA-dS95 Standard (Draft 14) (1999)

    Google Scholar 

  10. Es-Salhi, K., Cuppens-Boulahia, N., Espes, D., Cuppens, F.: Analysis of ICS and corporate system integration vulnerabilities. In: The 14th International Conference on Embedded Systems, Cyber-Physical Systems, and Applications (ESCS’2016) (2016)

    Google Scholar 

  11. Obregon, L.: Secure architecture for industrial control systems. SANS Institute, InfoSec Reading Room (2015)

    Google Scholar 

  12. Zerbst, J.-T., Hjelmvik, E., Rinta-Jouppi, I.: Zoning principles in electricity distribution and energy production environments. In: 20th International Conference on Electricity Distribution (2009)

    Google Scholar 

  13. Galloway, B., Hancke, G.P.: Introduction to industrial control networks. IEEE Commun. Surv. Tutor. 15, 860–880 (2013)

    Article  Google Scholar 

  14. Network Segmentation for Industrial Control Environments. Wurldtech, A GE (2016)

    Google Scholar 

  15. Network Perimeter Defense: Best Practices in Network Segmentation. Energy ESC, November 2014

    Google Scholar 

  16. Mahan, R.E., et al.: Secure data transfer guidance for industrial control and SCADA systems. Report to US Department of Energy, PNNL-20776 (2011)

    Google Scholar 

  17. Mcdonald, J., Oualha, N., Puccetti, A., Hecker, A., Planchon, F.: Application of EBIOS for the risk assessment of ICT use in electrical distribution sub-stations. IEEE PowerTech (POWERTECH). IEEE Grenoble (2013)

    Google Scholar 

  18. Jonathan, P.: Innovative defense strategies for securing SCADA and control systems. PlantData Technologies (2006)

    Google Scholar 

  19. Foley, S.N.: The specification and implementation of “Commercial” security requirements including dynamic segregation of duties. In: Proceedings of the 4th ACM Conference on Computer and Communications Security, Zurich, Switzerland, 1–4 April 1997

    Google Scholar 

  20. Johnson, R.E: Survey of SCADA security challenges and potential attack vectors: In. IEEE International Conference for Internet Technology and Secured Transactions (ICITST) (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. IMT Atlantique - LabSTICC, Cesson Sevigne, France

    Khaoula Es-Salhi & Nora Cuppens

  2. University of Western Brittany - LabSTICC, Brest, France

    David Espes

Authors
  1. Khaoula Es-Salhi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. David Espes
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nora Cuppens
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Khaoula Es-Salhi , David Espes or Nora Cuppens .

Editor information

Editors and Affiliations

  1. Indian Institute of Science, Bangalore, India

    Vinod Ganapathy

  2. Pennsylvania State University, University Park, PA, USA

    Trent Jaeger

  3. Indian Institute of Technology Bombay, Mumbai, India

    R.K. Shyamasundar

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Es-Salhi, K., Espes, D., Cuppens, N. (2018). SONICS: A Segmentation Method for Integrated ICS and Corporate System. In: Ganapathy, V., Jaeger, T., Shyamasundar, R. (eds) Information Systems Security. ICISS 2018. Lecture Notes in Computer Science(), vol 11281. Springer, Cham. https://doi.org/10.1007/978-3-030-05171-6_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-05171-6_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-05170-9

  • Online ISBN: 978-3-030-05171-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation