Enhancing SIEM Technology to Protect Critical Infrastructures

Coordinated and targeted cyber-attacks on Critical Infrastructures (CIs) and Supervisory Control And Data Acquisition (SCADA) systems are increasing and becoming more sophisticated. Typically, SCADA has been designed without having security in mind, which is indeed approached by reusing solutions to protect solely Information Technology (IT) based infrastructures, such as the Security Information and Events Management (SIEM) systems. According to the National Institute of Standards and Technology (NIST), these systems are often ineffective for CIs protection. In this paper we analyze limits of current SIEMs and propose a framework developed in the MASSIF Project to enhance services for data treatment. Particularly, the Generic Event Translation (GET) module collects security data from heterogeneous sources, by providing intelligence at the edge of the SIEM; the Resilient Storage (RS), reliably stores data related to relevant security breaches. We illustrate a prototypal deployment for the dam monitoring and control case study.

[1]  Seung-Hyun Kim,et al.  A comparative study of cyberattacks , 2012, Commun. ACM.

[2]  Luigi Coppolino,et al.  A Resilient Architecture for Forensic Storage of Events in Critical Infrastructures , 2012, 2012 IEEE 14th International Symposium on High-Assurance Systems Engineering.

[3]  Bart Preneel,et al.  Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[4]  Andrea Bondavalli,et al.  A hidden Markov model based intrusion detection system for wireless sensor networks , 2012, Int. J. Crit. Comput. Based Syst..

[5]  Xiangzhong Meng,et al.  Design of Wireless Sensor Network in SCADA system for wind power plant , 2008, 2008 IEEE International Conference on Automation and Logistics.

[6]  Mo-Yuen Chow,et al.  A trade-off model for performance and security in secured Networked Control Systems , 2011, 2011 IEEE International Symposium on Industrial Electronics.

[7]  Weiming Shen,et al.  Nrc Publications Archive (nparc) Archives Des Publications Du Cnrc (nparc) Distributed Device Networks with Security Constraints Distributed Device Networks with Security Constraints* Distributed Device Networks with Security Constraints , 2022 .

[8]  Victor Shoup,et al.  Practical Threshold Signatures , 2000, EUROCRYPT.

[9]  Luigi Coppolino,et al.  Exploiting diversity and correlation to improve the performance of intrusion detection systems , 2009, 2009 International Conference on Network and Service Security.

[10]  Susan Landau Security and Privacy Landscape in Emerging Technologies , 2008, IEEE Security & Privacy.

[11]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[12]  Luigi Coppolino,et al.  Integration of a System for Critical Infrastructure Protection with the OSSIM SIEM Platform: A dam case study , 2011, SAFECOMP.

[13]  Miguel Correia,et al.  Highly Available Intrusion-Tolerant Services with Proactive-Reactive Recovery , 2010, IEEE Transactions on Parallel and Distributed Systems.

[14]  David Clark,et al.  Safety and Security Analysis of Object-Oriented Models , 2002, SAFECOMP.

[15]  Alessandro Cilardo,et al.  Adaptable Parsing of Real-Time Data Streams , 2007, 15th EUROMICRO International Conference on Parallel, Distributed and Network-Based Processing (PDP'07).

[16]  Peter Langendörfer,et al.  Application of wireless sensor networks in critical infrastructure protection: challenges and design options [Security and Privacy in Emerging Wireless Networks] , 2010, IEEE Wireless Communications.