Addressing IT Security for Critical Control Systems

Control systems for critical infrastructures like national power grids make increasingly use of open technologies and protocols, and the Internet. In this environment, the risk of electronic attacks on these control systems has to be evaluated and mitigated. This paper addresses the key challenges commonly mentioned in the context of control system security (also referred to as "SCADA security") and discusses feasible solutions for most of them. The paper argues that the main obstacle to control system security is not technical, but financial. A couple of exemplary research projects from one automation vendor that aim to reduce the plant owners' cost of security are presented to demonstrate what kind of research will bring control system security forward

[1]  Christian Rehtanz,et al.  Autonomous Systems and Intelligent Agents in Power System Control and Operation (Power Systems) , 2003 .

[2]  F. Cleveland,et al.  IEC TC57 Security Standards for the Power System's Information Infrastructure - Beyond Simple Encryption , 2006, 2005/2006 IEEE/PES Transmission and Distribution Conference and Exhibition.

[3]  E. Byres,et al.  The Myths and Facts behind Cyber Security Risks for Industrial Control Systems , 2004 .

[4]  H. Stepan,et al.  Out of control?! , 2009, Der Gynäkologe.

[5]  Jonathan S. Shapiro Understanding the Windows EAL4 Evaluation , 2003, Computer.

[6]  Miles A. McQueen,et al.  Quantitative Cyber Risk Reduction Estimation Methodology for a Small SCADA Control System , 2006, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06).

[7]  Thomas E. Koch,et al.  Trust and tamper-proof software delivery , 2006, SESS '06.

[8]  M. Naedele,et al.  An Access Control Protocol for Embedded Devices , 2006, 2006 4th IEEE International Conference on Industrial Informatics.

[9]  Winn Schwartau,et al.  Time Based Security , 1999 .

[10]  Joe Falco,et al.  Using Host-based Anti-virus Software on Industrial Control Systems: Integration Guidance and a Test Methodology for Assessing Performance Impacts , 2006 .

[11]  Kang Lee,et al.  IEEE 1588 standard for a precision clock synchronization protocol for networked measurement and control systems , 2002, 2nd ISA/IEEE Sensors for Industry Conference,.

[12]  Dennis K. Holstein,et al.  Cyber Security Management for Utility Operations , 2006, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06).

[13]  M. Naedele,et al.  Human-Assisted Intrusion Detection for Process Control Systems , 2004 .

[14]  Andrew K. Wright,et al.  Low-Latency Cryptographic Protection for SCADA Communications , 2004, ACNS.

[15]  Thomas P. von Hoff,et al.  Security for Industrial Communication Systems , 2005, Proceedings of the IEEE.

[16]  Mark Adamiak,et al.  IEC 61850 Communication Networks and Systems In Substations: An Overview for Users , 1988 .

[17]  M. Naedele,et al.  Standardizing industrial IT security - a first look at the IEC approach , 2005, 2005 IEEE Conference on Emerging Technologies and Factory Automation.

[18]  Doug Walker,et al.  Utility IT executives expect breach of critical SCADA systems , 2006 .

[19]  Christian Rehtanz,et al.  Implementation of Autonomous Systems , 2003 .

[20]  G. Sher,et al.  Out of Control* , 2006, Ethics.