An Analysis of Two New Directions in Control System Perimeter Security

Traditional IT firewalls are used in control systems to provide a security perimeter and offer important protection. However, two new directions in control system perimeter security are now available and claim to provide a higher level of security: namely, one-way communication technologies and control system protocol deep packet inspection. In this paper, we will present these technologies and purported benefits, analyze their effectiveness against a variety of attacks, and consider architecture options where these new classes of security products may offer the most benefits. Finally, the paper discusses how this new technology can be extended and further tailored for the control system security challenge.

[1]  Ira S. Moskowitz,et al.  A Network Pump , 1996, IEEE Trans. Software Eng..

[2]  M. Milvich,et al.  Idaho National Laboratory Supervisory Control and Data Acquisition Intrusion Detection System (SCADA IDS) , 2008, 2008 IEEE Conference on Technologies for Homeland Security.

[3]  Ira S. Moskowitz,et al.  Improving Inter-Enclave Information Flow for a Secure Strike Planning Application , 1995 .

[4]  Ira S. Moskowitz,et al.  The Pump: a decade of covert fun , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[5]  Myong H. Kang,et al.  Design and assurance strategy for the NRL pump , 1997, Proceedings 1997 High-Assurance Engineering Workshop.

[6]  Ira S. Moskowitz,et al.  A case study of two NRL Pump prototypes , 1996, Proceedings 12th Annual Computer Security Applications Conference.

[7]  Ira S. Moskowitz,et al.  A network version of the Pump , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[8]  Ira S. Moskowitz,et al.  A pump for rapid, reliable, secure communication , 1993, CCS '93.

[9]  Fred Cohen Designing provably correct information networks with digital diodes , 1988, Comput. Secur..

[10]  Ulf Lindqvist,et al.  Using Model-based Intrusion Detection for SCADA Networks , 2006 .

[11]  K. Loer,et al.  Integrating model checking with the industrial design of interactive systems , 2004, ICSE 2004.