Abstract
Coordinated and targeted cyber-attacks on Critical Infrastructures (CIs) and Supervisory Control And Data Acquisition (SCADA) systems are increasing and becoming more sophisticated. Typically, SCADA has been designed without having security in mind, which is indeed approached by reusing solutions to protect solely Information Technology (IT) based infrastructures, such as the Security Information and Events Management (SIEM) systems. According to the National Institute of Standards and Technology (NIST), these systems are often ineffective for CIs protection. In this paper we analyze limits of current SIEMs and propose a framework developed in the MASSIF Project to enhance services for data treatment. Particularly, the Generic Event Translation (GET) module collects security data from heterogeneous sources, by providing intelligence at the edge of the SIEM; the Resilient Storage (RS), reliably stores data related to relevant security breaches. We illustrate a prototypal deployment for the dam monitoring and control case study.
Keywords
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Kim, S.H., Wang, Q., Ullrich, J.B.: A comparative study of cyberattacks. Commun. ACM 55(3), 66–73 (2012), doi:10.1145/2093548.2093568
Symantec ® Applied Research. Symantec 2010 Critical Infrastructure Protection Study (Global Results) (October 2010)
White Paper, Symantec ® Intelligence Quarterly Report: October-December. Targeted Attacks on Critical Infrastructures (2010)
White Paper, Global Energy Cyberattacks: “Night Dragon”, McAfee ® FoundstonerProfessional Services and McAfee Labs (February 10, 2011)
Baker, S., Waterman, S., Ivanov, G.: In the Crossfire: Critical Infrastructure in the Age of Cyber War. McAffee© (2010), http://resources.mcafee.com/content/NACIPReport
Stouffer, K., Falco, J., Scarfone, K.: Guide to Industrial Control Systems (ICS) Security. National Institute of Standards and Technology (NIST), SP 800-82 (June 2011)
MASSIF project, http://www.massif-project.eu/
MASSIF project, Scenario requirements Deliverable D2.1.1 (April 2011)
INSPIRE project
Zeng, W., Chow, M.Y.: A trade-off model for performance and security in secured networked control systems. In: Proc. IEEE ISIE, pp. 1997–2002 (2011)
Xu, Y., Song, R., Korba, L., Wang, L., Shen, W., Lang, S.: Distributed device networks with security constraints. IEEE Trans. Ind. Informat. 1(4), 217–225 (2005)
Landau, S.: Security and Privacy Landscape in Emerging Technologies. IEEE Security & Privacy 6(4), 74–77 (2008), doi:10.1109/MSP.2008.95
RSATM Security. RSA enVisionTM Universal Device Support Guide (2008)
AlienVaultTM, Available OSSIM Plugin List (2010)
ArcSightTM, ArcSightTM Smartconnector (2009)
Q1LabsTM, Supported devices, http://q1labs.com/products/supported-devices.aspx
Federal Rules of Evidence, The Committee on the Judiciary House of Representatives (December 1, 2010), http://judiciary.house.gov/hearings/printers/111th/evid2010.pdf
Sousa, P., Bessani, A., Correia, M., Neves, N., Verissimo, P.: Highly available intrusion-tolerant services with proactive-reactive recovery. IEEE Transactions on Parallel and Distributed Systems 21(4) (2010)
BSD Syslog Protocol, RFC 3164, http://www.ietf.org/rfc/rfc3164.txt
Campanile, F., Cilardo, A., Coppolino, L., Romano, L.: Adaptable Parsing of Real-Time Data Streams. In: Proceedings of the 15th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP 2007), pp. 412–418. IEEE Computer Society, Washington, DC (2007), doi:10.1109/PDP.2007.16
Coppolino, L., D’Antonio, S., Esposito, M., Romano, L.: Exploiting diversity and correlation to improve the performance of intrusion detection systems. In: International Conference on Network and Service Security, N2S 2009, June 24-26 (2009) ISBN: 978-2-9532-4431-1
Home of SMC: the State Machine Compiler, http://smc.sourceforge.net/
Afzaal, M., Di Sarno, C., Coppolino, L., D’Antonio, S., Romano, L.: A Resilient Architecture for Forensic Storage of Events in Critical Infrastructures. In: 2012 IEEE 14th International Symposium on High-Assurance Systems Engineering (HASE), October 25-27, pp. 48–55 (2012), doi:10.1109/HASE.2012.9
Shoup, V.: Practical threshold signatures. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 207–220. Springer, Heidelberg (2000)
Buttyan, L., Gessner, D., Hessler, A., Langendoerfer, P.: Application of wireless sensor networks in critical infrastructure protection: challenges and design options (Security and Privacy in Emerging Wireless Networks). IEEE Wireless Communications 17(5), 44–49 (2010), doi:10.1109/MWC.2010.5601957
Wolmarans, V., Hancke, G.: Wireless Sensor Networks in Power Supply Grids. In: SATNAC 2008. Wild Coast Sun (September 2008)
Bai, X., Meng, X., Du, Z., Gong, M., Hu, Z.: Design of Wireless Sensor Network in SCADA System for Wind Power Plant. In: Proceedings of the IEEE International Conference on Automation and Logistics, Qingdao, China (September 2008)
Minteos DamWatch, http://www.minteos.com/wp-content/uploads/2011/02/Microsoft-Word-minteos-damwatch_ita.pdf
Langner, R.: Stuxnet: Dissecting a Cyberwarfare Weapon. IEEE Security and Privacy 9(3), 49–51 (2011), doi:10.1109/MSP.2011.67
Bondavalli, A., Daidone, A., Coppolino, L., Romano, L.: A hidden Markov model based intrusion detection system for wireless sensor networks. International Journal of Critical Computer-Based Systems (IJCCBS) 3(3) (2012)
OSSIM AlienVaultTM, http://www.alienvault.com/
Coppolino, L., D’Antonio, S., Formicola, V., Romano, L.: Integration of a System for Critical Infrastructure Protection with the OSSIM SIEM Platform: A dam case study. In: Flammini, F., Bologna, S., Vittorini, V. (eds.) SAFECOMP 2011. LNCS, vol. 6894, pp. 199–212. Springer, Heidelberg (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Coppolino, L., D’Antonio, S., Formicola, V., Romano, L. (2013). Enhancing SIEM Technology to Protect Critical Infrastructures. In: Hämmerli, B.M., Kalstad Svendsen, N., Lopez, J. (eds) Critical Information Infrastructures Security. Lecture Notes in Computer Science, vol 7722. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41485-5_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-41485-5_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-41484-8
Online ISBN: 978-3-642-41485-5
eBook Packages: Computer ScienceComputer Science (R0)