Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
Cover of the book

2019 | OriginalPaper | Chapter

Securing Industrial Control Systems

Authors : Marina Krotofil, Klaus Kursawe, Dieter Gollmann

Published in: Security and Privacy Trends in the Industrial Internet of Things

Publisher: Springer International Publishing

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

We propose controllability, observability, and operability as the core security objectives of a control system, whilst the much-used triad of confidentiality, integrity, and availability captures the security requirements on IT infrastructures. We discuss how the deployment of IT in industrial control systems has changed the attack surface, how this invalidates assumptions about independent failure modes crucial in safety design, and explain why stronger IT infrastructure security does not necessarily imply better ICS security. We show how process physics can be used to carry attack payloads and thus become an instrument for the attacker, and argue that ICS security standards should expand their scope to the physical processes layer.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
next chapter Towards a Secure Industrial Internet of Things
Footnotes
1
Inspired by [10].
 
Literature
1.
Alcaraz C, Lopez J (2017) A cyber-physical systems-based checkpoint model for structural controllability. IEEE Syst J 12:3543–3554CrossRef
2.
Alves-Foss J, Oman PW, Taylor C, Harrison WS (2006) The mils architecture for high-assurance embedded systems. Int J Embed Syst 2(3–4):239–247CrossRef
3.
Arthur W, Challener D (2015) A practical guide to TPM 2.0: using the Trusted Platform Module in the new age of security. Apress, BerkeleyCrossRef
4.
Barreto C, Cárdenas AA, Quijano N (2013) Controllability of dynamical systems: threat models and reactive security. In: International Conference on Decision and Game Theory for Security. Springer, pp 45–64
5.
Bell DE, LaPadula LJ (1973) Secure computer systems: mathematical foundations. Technical report, MITRE CORP BEDFORD MA
6.
Biba KJ (1977) Integrity considerations for secure computer systems. Technical report, MITRE CORP BEDFORD MA
7.
Bratus S, Locasto M, Patterson M, Sassaman L, Shubina A (2011) Exploit programming: from buffer overflows to weird machines and theory of computation. {USENIX; login:}
8.
Byres E (2012) Using ANSI/ISA-99 standards to improve control system security. White paper, Tofino Security
9.
Carvalho M, DeMott J, Ford R, Wheeler DA (2014) Heartbleed 101. IEEE Secur Priv 12(4):63–67CrossRef
10.
Christey S (2007) Unforgivable vulnerabilities. Black Hat Brief 13:17
11.
Clark DD, Wilson DR (1987) A comparison of commercial and military computer security policies. In: Proceedings of the 1987 IEEE Symposium on Security and Privacy, pp 184–194
12.
Dabrowski A, Ullrich J, Weippl ER (2017) Grid shock: coordinated load-changing attacks on power grids: the non-smart power grid is vulnerable to cyber attacks as well. In: Proceedings of the 33rd Annual Computer Security Applications Conference. ACM, pp 303–314
13.
Duntemann J (2004) The lessons of software monoculture. SD Times, p 28, 1 Nov 2004
14.
Etalle S (2017) From intrusion detection to software design. In: European Symposium on Research in Computer Security. Springer, pp 1–10
15.
Fu K, Xu W (2018) Risks of trusting the physics of sensors. Commun ACM 61(2):20–23CrossRef
16.
Glaessgen E, Stargel D (2012) The digital twin paradigm for future nasa and us air force vehicles. In: 53rd AIAA/ASME/ASCE/AHS/ASC Structures, Structural Dynamics and Materials Conference 20th AIAA/ASME/AHS Adaptive Structures Conference 14th AIAA, p 1818
17.
Gollmann D, Gurikov P, Isakov A, Krotofil M, Larsen J, Winnicki A (2015) Cyber-physical systems security: experimental analysis of a vinyl acetate monomer plant. In: Proceedings of the 1st ACM Workshop on Cyber-Physical System Security. ACM, pp 1–12
18.
Jovanovic P, Neves S (2015) Practical cryptanalysis of the open smart grid protocol. In: International Workshop on Fast Software Encryption. Springer, pp 297–316
19.
Kocher P, Genkin D, Gruss D, Haas W, Hamburg M, Lipp M, Mangard S, Prescher T, Schwarz M, Yarom Y (2018) Spectre attacks: exploiting speculative execution. arXiv preprint arXiv:1801.01203
20.
Krotofil M, Larsen J, Gollmann D (2015) The process matters: ensuring data veracity in cyber-physical systems. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security. ACM, pp 133–144
21.
Kursawe K, Peters C (2015) Structural weaknesses in the open smart grid protocol. In: 2015 10th International Conference on Availability, Reliability and Security (ARES). IEEE, pp 1–10
22.
Lampson BW (1973) A note on the confinement problem. Commun ACM 16(10):613–615CrossRef
23.
Leverett E, Wightman R (2013) Vulnerability inheritance programmable logic controllers. In: Proceedings of the Second International Symposium on Research in Grey-Hat Hacking
24.
Lions J-L, Lübeck L, Fauquembergue J-L, Kahn G, Kubbat W, Levedag S, Mazzini L, Merle D, O’Halloran C (1996) Ariane 5 flight 501 failure report by the inquiry board
25.
Lipp M, Schwarz M, Gruss D, Prescher T, Haas W, Mangard S, Kocher P, Genkin D, Yarom Y, Hamburg M (2018) Meltdown. arXiv preprint arXiv:1801.01207
26.
McQueen M, Giani A (2011) ‘Known secure sensor measurements’ for critical infrastructure systems: detecting falsification of system state. In: International Workshop on Software Engineering for Resilient Systems. Springer, pp 156–163
27.
Sharifzadeh M (2013) Integration of process design and control: a review. Chem Eng Res Des 91(12):2515–2549CrossRef
28.
29.
Unified Extensible Firmware Interface specification, Version 2.5, April 2015
30.
U.S. Chemical Safety Board (2011) Dupont corporation toxic chemical releases: investigation report, July 2011
31.
Verizon (2016) Data breach digest. Scenarios from the field
Metadata
Title
Securing Industrial Control Systems
Authors
Marina Krotofil
Klaus Kursawe
Dieter Gollmann
Copyright Year
2019
Book
Security and Privacy Trends in the Industrial Internet of Things

Print ISBN: 978-3-030-12329-1

Electronic ISBN: 978-3-030-12330-7

Copyright Year: 2019

DOI
https://doi.org/10.1007/978-3-030-12330-7_1

Premium Partner

    Image Credits