ABSTRACT
Industrial Control Systems (ICS) such as Supervisory Control And Data Acquisition (SCADA), Distributed Control Systems (DCS) and Distributed Automation Systems (DAS) control and monitor critical infrastructures. In recent years, proliferation of cyber-attacks to ICS revealed that a large number of security vulnerabilities exist in such systems. Excessive security solutions are proposed to remove the vulnerabilities and improve the security of ICS. However, to the best of our knowledge, none of them presented or developed a security test-bed which is vital to evaluate the security of ICS tools and products. In this paper, a test-bed is proposed for evaluating the security of industrial applications by providing different metrics for static testing, dynamic testing and network testing in industrial settings. Using these metrics and results of the three tests, industrial applications can be compared with each other from security point of view. Experimental results on several real world applications indicate that proposed test-bed can be successfully employed to evaluate and compare the security level of industrial applications.
- Duggan, D. P. 2005. Penetration Testing of Industrial Control Systems. Sandia National Laboratories, Report No. SAND2005-2846P.Google Scholar
- Permann, M. R., Rohde, K. 2005. Cyber Assessment Methods for SCADA Security. Idaho National Laboratory, Idaho Falls, Idaho 83415, Presented at 15th Annual Joint ISA POWID/EPRI Controls and Instrumentation Conference.Google Scholar
- Nelson, T. D. 2005. Common Control System Vulnerability. Idaho National Laboratory, Idaho Falls, Idaho 83415.Google Scholar
- Nelson, T. D. 2006. Mitigations for security vulnerabilities found in control system networks. In Proceedings of 16th Annual Joint ISA POWID/EPRI Controls Instrumentation Conference, pp. 1-12.Google Scholar
- Ten, C. W., Liu, C. C. and Manimaran, G. 2008. Vulnerability Assessment of Cyber security for SCADA Systems. IEEE TRANSACTIONS ON POWER SYSTEMS, VOL. 23, NO. 4, 1836 - 1846.Google Scholar
- Davis, C. M., Tate, J. E., Okhravi, H., Grier, C., Overbye, T. J., and Nicol, D. 2006. SCADA Cyber Security Test-bed Development. 38th North American Power Symposium, NAPS, 483-488.Google Scholar
- Cagalaban, G., Kim, T. and Kim, S. 2010. Improving SCADA Control Systems Security with Software Vulnerability Analysis. Proceedings of the 12th WSEAS International Conference on Automatic Control, Modelling & Simulation. Google ScholarDigital Library
- Queiroz, C., Mahmood, A. and Tari, Z. 2011. SCADASim— A Framework for Building SCADA Simulations. IEEE TRANSACTIONS ON SMART GRID, VOL. 2, NO. 4, 589 - 597.Google Scholar
- Nicholson, A. et al. 2012. SCADA security in the light of Cyber-Warfare. Elsevier computers & security journal, VOL. 31, NO. 4, 418 - 436. Google ScholarDigital Library
- Azuwa, M. P., Ahmad, R. and Sahib, S. 2012. A Propose Technical Security Metrics Model for SCADA Systems. Cyber Security, Cyber Warfare and Digital Forensic (CyberSec).Google Scholar
- Genge, B. et al. 2012. A cyber-physical experimentation environment for the security analysis of networked industrial control systems. Elsevier Computers and Electrical Engineering, VOL. 38, NO. 5, 1146 - 1161. Google ScholarDigital Library
- Common Weakness Enumeration (CWE). http://cwe.mitre.org/ {Accessed 12 October 2013}.Google Scholar
- Department of Homeland Security (DHS). 2009. Recommended Practice: improving industrial control systems cyber security with Defense-In-Depth strategies. DHS Documents.Google Scholar
Index Terms
- A security test-bed for industrial control systems
Recommendations
A brief look at the security of DeviceNet communication in industrial control systems
CECC 2018: Proceedings of the Central European Cybersecurity Conference 2018Security is a vital aspect of industrial control systems since they are used in critical infrastructures and manufacturing processes. As demonstrated by the increasing number of emerging exploits, securing such systems is still a challenge as the ...
Cyber In-security of Industrial Control Systems: A Societal Challenge
SAFECOMP 2015: Proceedings of the 34th International Conference on Computer Safety, Reliability, and Security - Volume 9337Our society and its citizens increasingly depend on the undisturbed functioning of critical infrastructures CI, their products and services. Many of the CI services as well as other organizations use Industrial Control Systems ICS to monitor and control ...
Comments