论文信息 - Towards Computer-Aided Security Life Cycle Management for Critical Industrial Control Systems

Towards Computer-Aided Security Life Cycle Management for Critical Industrial Control Systems

Critical infrastructure experienced a transformation from isolated towards highly (inter-)connected systems. This development introduced a variety of new cyber threats, causing high financial damage, threatening lives and affecting the society. Known examples are Stuxnet, WannaCry and the attacks on the Ukrainian power grid. To prevent such attacks, it is indispensable to properly design, assess and maintain countermeasures and security strategies throughout the whole life cycle of the critical systems. For this, security has to be considered and assessed for every system design and redesign. However, common assessment tools and methodologies are not executed on a detailed system knowledge and therefore they are enhanced with penetration tests. Unfortunately, performing only abstract assessments is inadequate and penetration tests endanger the availability of the tested systems. Therefore, the latter cannot be performed on live systems executing critical processes. In this paper, we address these issues for Industrial Control Systems and explain how new concepts for continuous security-by-design or model-based system monitoring and automated vulnerability assessments can resolve them by exploiting new Industry 4.0 developments.

Christian Haas | Jürgen Beyerer | Ankush Meshram | Pascal Birnstill | Florian Patzer

[1] Lars Duerkop,et al. Using OPC-UA for the autoconfiguration of real-time Ethernet systems , 2013, 2013 11th IEEE International Conference on Industrial Informatics (INDIN).

[2] Frank Schiller,et al. Adaptive Modelling for Security Analysis of Networked Control Systems , 2016, ICS-CSR.

[3] Vincent Naessens,et al. Extracting Vulnerabilities in Industrial Control Systems using a Knowledge-Based System , 2015, ICS-CSR.

[4] Xinming Ou,et al. A host-based security assessment architecture for Industrial Control systems , 2009, 2009 2nd International Symposium on Resilient Control Systems.

[5] Andrew W. Appel,et al. MulVAL: A Logic-based Network Security Analyzer , 2005, USENIX Security Symposium.

[6] Jürgen Schönwälder,et al. Network Configuration Protocol (NETCONF) , 2011, RFC.

[7] Roland Rosen,et al. About The Importance of Autonomy and Digital Twins for the Future of Manufacturing , 2015 .

[8] Mathias Ekstedt,et al. CySeMoL: A tool for cyber security analysis of enterprises , 2013 .

[9] Xinming Ou,et al. Effective Network Vulnerability Assessment through Model Abstraction , 2011, DIMVA.

[10] Yi Ji,et al. A logic-based approach to network security risk assessment , 2009, 2009 ISECS International Colloquium on Computing, Communication, Control, and Management.