Towards securing SCADA systems against process-related threats

We propose a tool-assisted approach to address process-related threats on SCADA systems. Process-related threats have not been addressed before in a systematic manner. Our approach consists of two steps: threat analysis and threat mitigation. For the threat analysis, we combine two methodologies (PHEA and HAZOP) to systematically identify process-related threats. The threat mitigation is supported by our tool, MELISSA, that helps to detect incidents (attacks or user mistakes). MELISSA uses SCADA system logs and visualization techniques to highlight potential incidents. A preliminary case study suggests that our approach is effective in detecting anomalous events that might alter the regular SCADA process work-flow.

[1]  Milos Manic,et al.  Neural Network based Intrusion Detection System for critical infrastructures , 2009, 2009 International Joint Conference on Neural Networks.

[2]  Yacov Y. Haimes,et al.  Risks of Terrorism to Information Technology and to Critical Interdependent Infrastructures , 2004 .

[3]  C. Bellettini,et al.  Vulnerability Analysis of SCADA Protocol Binaries through Detection of Memory Access Taintedness , 2007, 2007 IEEE SMC Information Assurance and Security Workshop.

[4]  John A. Clark,et al.  Effective Security Requirements Analysis: HAZOP and Use Cases , 2004, ISC.

[5]  Aunshul Rege‐Patwardhan Cybercrimes against critical infrastructures: a study of online criminal organization and techniques , 2009 .

[6]  Giordano Vicoli,et al.  Novelty detection and management to safeguard information-intensive critical infrastructures , 2007 .

[7]  Ning Lu,et al.  Safeguarding SCADA Systems with Anomaly Detection , 2003, MMM-ACNS.

[8]  Jill Slay,et al.  Lessons Learned from the Maroochy Water Breach , 2007, Critical Infrastructure Protection.

[9]  J. Stamp,et al.  Common vulnerabilities in critical infrastructure control systems. , 2003 .

[10]  Martin Gilje Jaatun,et al.  A Study of Information Security Practice in a Critical Infrastructure Application , 2008, ATC.

[11]  G. Stoneburner,et al.  Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .

[12]  Rune Winther,et al.  Security Assessments of Safety Critical Systems Using HAZOPs , 2001, SAFECOMP.

[13]  Raffael Marty,et al.  Applied Security Visualization , 2008 .

[14]  Eric A. M. Luiijf,et al.  Assessing and improving SCADA security in the Dutch drinking water sector , 2009, Int. J. Crit. Infrastructure Prot..