skip to main content
10.1145/1558607.1558664acmotherconferencesArticle/Chapter ViewAbstractPublication PagescsiirwConference Proceedingsconference-collections
research-article

The case for prevention-based, host-resident defenses in the modern PCS network

Published: 13 April 2009 Publication History

Abstract

The process control system (PCS) owner can no longer rely on a physical air gap and custom hardware to protect her network from attack. Demand for greater visibility into PCS operations, coupled with greater use of commodity hardware, now exposes the PCS network to the same threats facing other networks. To address these threats, we argue for the deployment of prevention-based, host-resident, network layer devices, coupled with scalable, service-based management, that will not only protect PCS communications but will also support higher level reasoning about PCS trustworthiness. We explain why the modern PCS network is particularly well-suited for this approach, and we highlight where our own research supports this claim.

References

[1]
S. M. Bellovin. Distributed firewalls. login:, 1999.
[2]
M. Carney, R. Hanzlik, and T. R. Markham. Virtual private groups. In Proceedings of the 3rd Annual IEEE Information Assurance Workshop, 2002.
[3]
J. T. Haigh, S. A. Harp, R. C. O'Brien, C. N. Payne, J. Gohde, and J. Maraist. Trapping malicious insiders in the spdr web. In Proceedings of the Forty-Second Annual Hawaii International Conference on System Sciences (HICSS-42), Waikoloa, Big Island, Hawaii, January 2009. To appear.
[4]
S. Ioannidis, A. D. Keromytis, S. M. Bellovin, and J. M. Smith. Implementing a distributed firewall. In CCS '00: Proceedings of the 7th ACM conference on Computer and communications security, pages 190--199. ACM Press, 2000.
[5]
A. Keromytis, S. Ioannidis, M. Greenwald, and J. Smith. The strongman architecture. In DARPA Information Survivability Conference and Exposition, 2003.
[6]
T. Markham and C. N. Payne. Security at the network edge: a distributed firewall architecture. In DARPA Information Survivability Conference Exposition II, 2001.
[7]
L. M. Meredith. A summary of the autonomic distributed firewalls (adf) project. In DARPA Information Survivability Conference and Exposition, 2003.
[8]
R. C. O'Brien and J. Charles N. Payne. Virtual private groups for protecting critical infrastructure networks. In Cybersecurity Applications and Technology Conference for Homeland Security, pages 118--123. IEEE Computer Society Press, 2009.
[9]
C. Payne and T. Markham. Architecture and applications for a distributed embedded firewall. In 17th Annual Computer Security Applications Conference, December 2001.
[10]
P. Rubel, M. Ihde, S. Harp, and C. Payne. Generating policies for defense in depth. In Proceedings of the 21st Annual Computer Security Applications Conference. IEEE, 2005.

Index Terms

  1. The case for prevention-based, host-resident defenses in the modern PCS network

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Other conferences
      CSIIRW '09: Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
      April 2009
      952 pages
      ISBN:9781605585185
      DOI:10.1145/1558607
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 13 April 2009

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. distributed firewalls
      2. process control systems
      3. security policy management

      Qualifiers

      • Research-article

      Conference

      CSIIRW '09

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • 0
        Total Citations
      • 114
        Total Downloads
      • Downloads (Last 12 months)1
      • Downloads (Last 6 weeks)0
      Reflects downloads up to 11 Feb 2025

      Other Metrics

      Citations

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media