E-Book, Englisch, Band 75, 277 Seiten
Rieger / Ray / Zhu Anteil EPB
1. Auflage 2019
ISBN: 978-3-030-18214-4
Verlag: Springer International Publishing
Format: PDF
Kopierschutz: 1 - PDF Watermark
Practice and Theory
E-Book, Englisch, Band 75, 277 Seiten
Reihe: Advances in Information Security
ISBN: 978-3-030-18214-4
Verlag: Springer International Publishing
Format: PDF
Kopierschutz: 1 - PDF Watermark
This book provides a comprehensive overview of the key concerns as well as research challenges in designing secure and resilient Industrial Control Systems (ICS). It will discuss today's state of the art security architectures and couple it with near and long term research needs that compare to the baseline. It will also establish all discussions to generic reference architecture for ICS that reflects and protects high consequence scenarios.
Significant strides have been made in making industrial control systems secure. However, increasing connectivity of ICS systems with commodity IT devices and significant human interaction of ICS systems during its operation regularly introduces newer threats to these systems resulting in ICS security defenses always playing catch-up. There is an emerging consensus that it is very important for ICS missions to survive cyber-attacks as well as failures and continue to maintain a certain level and quality of service. Such resilient ICS design requires one to be proactive in understanding and reasoning about evolving threats to ICS components, their potential effects on the ICS mission's survivability goals, and identify ways to design secure resilient ICS systems.
This book targets primarily educators and researchers working in the area of ICS and Supervisory Control And Data Acquisition (SCADA) systems security and resiliency. Practitioners responsible for security deployment, management and governance in ICS and SCADA systems would also find this book useful. Graduate students will find this book to be a good starting point for research in this area and a reference source.
Craig Rieger is the Chief Control Systems Research Engineer at the Idaho National Laboratory (INL), pioneering multidisciplinary research in the area of next generation resilient control systems. In addition, he has organized and chaired nine Institute of Electrical and Electronics Engineers (IEEE) technically co-sponsored symposia and one National Science Foundation workshop in this new research area, and authored more than 40 peer-reviewed publications. He received his PhD in Engineering and Applied Science from Idaho State University in 2008. He is a senior member of IEEE, and has 20 years of software and hardware design experience for process control system upgrades and new installations. He has also been a supervisor and technical lead for control systems engineering groups having design, configuration management, and security responsibilities for several INL nuclear facilities and various control system architectures.
Indrajit Ray is a Professor at the Computer Science Department at Colorado State University. He received his PhD in Information Technology from George Mason University in Fairfax, VA in 1997. His main research interests are in the areas of data and application security, network security, security modeling, risk management, trust models, privacy and digital forensics. He is a member of the Data and Applications Security Group, the Network Security Group, and the Software Assurance Laboratory at Colorado State University. His research has been funded by the U.S. National Science Foundation, the Air Force Office of Scientific Research, the Air Force Research Laboratory and the Federal Aviation Administration. He is a member of IEEE Computer Society, ACM, ACM Special Interest Group on Security Audit and Control, IFIP WG 11.3 on Data and Applications Security and IFIP WG 11.9 on Digital Forensics.
Quanyan Zhu is an Assistant Professor at the Department of Electrical and Computer Engineering at the Polytechnic School of Engineering at the New York University, NY, USA. He received his PhD in Electrical and Computer Engineering from the University of Illinois at Urbana-Champaign in 2013. His main research interests are in the areas of Game Theory and Applications, Resilient and Secure Socio-Cyber-Physical Systems, Adversarial Machine Learning and Signal Processing, Human-Robot Interactions, Internet of Things, Game and Decision Theory for Cyber Security, Economics and Optimization of Infrastructure Systems, and Resource Allocations in Communication Networks.
Michael Haney is an Assistant Professor of Computer Science for the University of Idaho and a cybersecurity researcher for the Idaho National Laboratory. He received his master's and doctorate in computer science from the University of Tulsa in 2013 and 2015, respectively. Currently, his research interests are in data visualization, specifically visualizing network and system log data to improve intrusion detection and response for large-scale networks. He studies cyber-security issues of energy assurance supporting a more resilient 'smart' infrastructure. His focus here lies in honeypot research - creating systems that mimic real power generation systems, oil refineries or water treatment plants, and recording and studying the cyber-attacks against these systems.
Autoren/Hrsg.
Weitere Infos & Material
1;Preface;6
2;Contents;9
3;Part I: Current and New Practice;11
3.1;Current Standards for Cyber-Hygiene in Industrial Control System Environments;12
3.1.1;Introduction;12
3.1.1.1;Ways to Address Cyber-Hygiene;13
3.1.2;Standards;14
3.1.2.1;North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP);14
3.1.2.2;ISA/IEC 62443;14
3.1.2.3;Underwriters Laboratories (UL) 2900;15
3.1.2.4;National Institute for Standards and Publications (NIST) Special Publications;18
3.1.3;Department of Homeland Security (DHS) and Department of Energy (DOE) Publications;19
3.1.4;Smart Grid Publications;19
3.1.5;French Network and Information Security Agency (ANSSI);20
3.1.6;Bundesamt für Sicherheit in der Informationstechnik (BSI);21
3.1.7;Personnel Training;22
3.1.8;Summary;23
3.2;Consequence-Based Resilient Architectures;25
3.2.1;The Challenges of Security by Design;25
3.2.2;The Vulnerability Mitigation Cycle;26
3.2.3;Consequence-Driven Cyber-Informed Engineering;27
3.2.4;The ``Future´´ Analysis Problem and Consequence Prioritization;29
3.2.5;System of Systems Analysis;31
3.2.6;Adversarial Approach and Consequence-Based Targeting;32
3.2.7;Mitigation and Elimination of Risk;33
3.2.8;References;34
4;Part II: Cyber-Modeling, Detection, and Forensics;37
4.1;Cyber-Physical Anomaly Detection for Power Grid with Machine Learning;38
4.1.1;Cybersecurity of Modern Power System;38
4.1.1.1;Overview of Modern Power System;38
4.1.1.2;Cyber-Systems Relying on Wide-Area Communication;39
4.1.1.2.1;SCADA (Supervisory Control and Data Acquisition);39
4.1.1.2.2;WAMS (Wide Area Measurement System);40
4.1.1.2.3;AMI (Advanced Metering Infrastructure);40
4.1.1.3;Greenhouse for Malicious Cyber-Attacks;40
4.1.2;Cyber-Physical System Anomaly Detection;41
4.1.2.1;CPS Anomaly Detection Applications;42
4.1.2.1.1;Detection Location;42
4.1.2.1.2;Detection Nature;43
4.1.2.2;Challenges for CPS Anomaly Detection;45
4.1.2.2.1;Timing Performance;45
4.1.2.2.2;Big Data;45
4.1.2.2.3;Detection Model Online Update;46
4.1.2.3;CPS Anomaly Detection with Machine Learning;46
4.1.3;Case Study: Clustering-Based Generation Control Anomaly Detection;47
4.1.3.1;Problem;48
4.1.3.2;Experiment;49
4.1.3.3;Scenarios and Data Collection;50
4.1.3.4;Dimensionality Reduction;52
4.1.3.5;Clustering Results;52
4.1.4;Conclusion;52
4.1.5;References;56
4.2;Toward the Science of Industrial Control Systems Security and Resiliency;57
4.2.1;Introduction;57
4.2.2;State of the Art of Research, Challenges, and Solutions;58
4.2.2.1;Supervisory Control and Data Acquisition Systems;58
4.2.2.2;Potential Cyber-Threats on SCADA;59
4.2.2.3;Research Challenges and Formal Frameworks;61
4.2.2.4;Threat Analysis Architecture;61
4.2.2.5;Formal Approach Characteristics;62
4.2.3;Formal Framework for SCADA Security Analysis;63
4.2.3.1;Methodology;63
4.2.3.1.1;Physical Model;64
4.2.3.1.2;Cyber-Physical Attack Model;65
4.2.3.1.3;Modeling Adversary Attributes;66
4.2.3.1.4;Interdependency Models;67
4.2.3.2;Example Case Study;68
4.2.4;Formal Model for SCADA Resiliency Analysis;69
4.2.4.1;Methodology;69
4.2.4.1.1;SCADA Cyber-Physical System Modeling;70
4.2.4.1.2;Modeling of Attacks and Security Controls;71
4.2.4.1.3;Modeling of Resiliency Threats Based on SCADA Operations;72
4.2.4.2;Example Case Study;73
4.2.5;Conclusion;74
4.2.6;References;74
4.3;Toward Cyber-Resiliency Metrics for Action Recommendations Against Lateral Movement Attacks;76
4.3.1;Introduction;76
4.3.2;Background and Related Work;80
4.3.3;Network Model and Iterative Reachability Computation of Lateral Movement;81
4.3.3.1;Notation and Tripartite Graph Model;81
4.3.3.2;Reachability of Lateral Movement on User-Host Graph;82
4.3.3.3;Reachability of Lateral Movement on Host-Application Graph;83
4.3.3.4;Reachability of Lateral Movement on Tripartite User-Host-Application Graph;85
4.3.4;Segmentation on User-Host Graph;85
4.3.5;Hardening on Host-Application Graph;88
4.3.6;Experimental Results;91
4.3.6.1;Dataset Description and Experiment Setup;91
4.3.6.2;Segmentation Against Lateral Movement;91
4.3.6.3;Hardening Against Lateral Movement;92
4.3.7;Performance Evaluation on Actual Lateral Movement Attacks;94
4.3.8;Conclusion and Future Work;95
4.3.9;References;96
5;Part III: Proactive Defense Mechanism Design;98
5.1;Moving Target, Deception, and Other Adaptive Defenses;99
5.1.1;Introduction;100
5.1.2;Foundations of Moving Target Defense;101
5.1.3;Moving Target Defense Principles;103
5.1.4;Types of Moving Target Defense;105
5.1.5;Examples of Moving Target Defense;107
5.1.5.1;Platform-Based;107
5.1.5.2;Network-Based;108
5.1.5.3;Runtime Environment-Based;109
5.1.5.4;Application-Based;109
5.1.6;Industrial Control System Applications of Moving Target Defense;110
5.1.6.1;Considerations;110
5.1.6.2;ICS Examples;112
5.1.7;Strategy Selection;113
5.1.7.1;Cost-Benefit Analysis;114
5.1.7.1.1;Other Practical Considerations;115
5.1.7.2;Responsive Defenses;116
5.1.8;Conclusion;118
5.1.9;References;118
5.2;Beyond Mirages: Deception in ICS-Lessons Learned from Traditional Networks;123
5.2.1;Introduction;123
5.2.1.1;Deception Background;123
5.2.1.2;State of the Art in Deception in ICS;126
5.2.1.3;Advanced Concepts from Traditional Networks;128
5.2.1.3.1;Temporal Deceptions;131
5.2.1.3.2;Spatial Deceptions;132
5.2.1.3.3;Client Validation and Manipulation;135
5.2.1.4;Potential Transfer to ICS, Challenges, and Opportunities;136
5.2.1.4.1;Attacker in the Internet;138
5.2.1.4.2;Attacker Has Compromised a Corporate User;140
5.2.1.4.3;Attacker in the Control Center;142
5.2.1.4.4;Attacker on the Wind Farm´s Local Network;144
5.2.1.5;Conclusion;144
5.2.2;References;145
5.3;Moving Target Defense to Improve Industrial Control System Resiliency;147
5.3.1;Introduction;147
5.3.1.1;Challenges;149
5.3.1.2;MTD Within Critical Infrastructure;149
5.3.2;Background;150
5.3.2.1;MTD Techniques;152
5.3.2.2;MTD Categories;152
5.3.2.2.1;Dynamic Platforms;153
5.3.2.2.2;Dynamic Runtime Environments;153
5.3.2.2.3;Dynamic Networks;154
5.3.2.2.4;Dynamic Data;154
5.3.2.2.5;Dynamic Software;155
5.3.2.2.6;Dead Code;155
5.3.2.2.7;Stack Directions;156
5.3.2.2.8;Equivalent Instruction Substitution;157
5.3.3;MTD Applications and Scenarios Within ICS;157
5.3.3.1;Industrial Control Systems;158
5.3.3.1.1;Use Case;158
5.3.3.1.2;Constraints;160
5.3.3.1.3;Requirements;161
5.3.4;Experimentation;161
5.3.4.1;Adversarial Scenario;163
5.3.4.2;Metrics;163
5.3.5;Conclusion;168
5.3.6;References;168
5.4;Proactive Defense Through Deception;172
5.4.1;Introduction;173
5.4.2;Related Work;174
5.4.3;Threat Model;176
5.4.4;Motivating Example;176
5.4.5;Deception Approach;178
5.4.5.1;View Model;179
5.4.5.2;Problem Statement;181
5.4.5.3;Algorithms;181
5.4.5.3.1;Algorithm TopKDistance;182
5.4.5.3.2;Algorithm TopKDistance;184
5.4.6;Fingerprinting;185
5.4.6.1;Sin FP3;186
5.4.6.2;p0f;188
5.4.6.3;Nessus;188
5.4.6.4;Fingerprint Manipulation;189
5.4.6.5;Implementation;191
5.4.6.5.1;Operating System Fingerprint Module;191
5.4.6.5.2;Service Fingerprint Module;192
5.4.7;Experimental Evaluation;192
5.4.7.1;Evaluation of TopKDistance;194
5.4.7.2;Evaluation of TopKBudget;197
5.4.7.2.1;Legitmate User Perspective;199
5.4.7.3;Attacker Perspective;201
5.4.7.4;Drawbacks and Limitations;201
5.4.8;Conclusions;203
5.4.9;References;204
5.5;Next-Generation Architecture and Autonomous Cyber-Defense;206
5.5.1;Synopsis;206
5.5.2;Overview;206
5.5.3;Understanding the Challenges;209
5.5.3.1;ICS Networks;209
5.5.3.2;Challenges to ICS Networks;211
5.5.3.3;ICS Network Defenses;213
5.5.4;Requirements for a Next-Generation Architecture;215
5.5.5;Theory of ACD and Next-Generation Architecture;217
5.5.5.1;Strategy for Resilience;217
5.5.5.1.1;The Reactive Cycle;218
5.5.5.1.2;The Background Cycle;220
5.5.5.2;Resilient Control Design;220
5.5.5.3;Resilience Components and Metrics;222
5.5.5.3.1;Challenge Tolerance;222
5.5.5.3.2;Trustworthiness;224
5.5.6;Implementation;226
5.5.6.1;Memory Unit;227
5.5.6.2;Resilience Knowledge Base;227
5.5.6.3;Defensive Measures: Defend Subsystem;228
5.5.6.4;Challenge Detection Subsystem;230
5.5.6.5;Resilience Manager;232
5.5.6.5.1;Evaluation Subsystems;232
5.5.6.5.2;Prediction Subsystems;233
5.5.6.5.3;Analysis Subsystem;233
5.5.6.5.4;Response Subsystem;234
5.5.6.6;Refinement;234
5.5.7;Conclusion;234
5.5.8;Appendix 1: Acronyms;235
5.5.9;References;235
6;Part IV: Human System Interface;238
6.1;Fault Understanding, Navigation, and Control Interface: A Visualization System for Cyber-Resilient Operations for Advanced Nuc...;239
6.1.1;Introduction;239
6.1.2;Development of New Systems for New Reactors;241
6.1.3;New Operational Philosophy and Operator Support Systems;242
6.1.4;Fault Understanding, Navigation, and Control Interface (FUNCI);243
6.1.4.1;Form and Function of FUNCI;245
6.1.5;Case Study Scenarios;248
6.1.5.1;Vibration Fault (Spoof);249
6.1.5.2;Ramp Rate Surge (No Spoof);249
6.1.5.3;CV Fault 1 (Spoof with Text);249
6.1.5.4;CV Fault 2 (Spoof with Trend);249
6.1.6;Case Study Results;250
6.1.7;Lessons Learned;250
6.1.8;Conclusions and Discussion;251
6.1.9;References;252
7;Part V: Metrics;255
7.1;Resilient Control System Metrics;256
7.1.1;Introduction;257
7.1.2;Modern Distribution System Resilience Metric;259
7.1.2.1;Single-Asset Description;260
7.1.2.2;Type of Single Assets;262
7.1.2.3;Concise Asset Description;263
7.1.2.4;Groupings of Assets in the MDS;264
7.1.2.5;Resilient Metrics in the Context of the Grid Topology;266
7.1.2.6;Example Aggregation of Assets in a Distribution System;267
7.1.2.7;Mapping to DIRE Curve;269
7.1.3;Cyber/Communication/Control Effects on the System;272
7.1.4;The Cost of Resilience;274
7.1.5;Conclusions;275
7.1.6;References;276
