Skip to main content

2019 | OriginalPaper | Buchkapitel

Engineering Edge Security in Industrial Control Systems

verfasst von : Piroska Haller, Béla Genge, Adrian-Vasile Duka

Erschienen in: Critical Infrastructure Security and Resilience

Verlag: Springer International Publishing

Aktivieren Sie unsere intelligente Suche um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Industrial Controllers (e.g., Programmable Logical Controllers – PLCs, and Remote Terminal Units – RTUs) have been specialized to deliver robust control strategies. However, little has been done towards the integration of security strategies within their application-layer. This chapter investigates the integration of security solutions within the industrial control system’s “edge” devices – the Industrial Controller (IC). As a specific case study it demonstrates the implementation of a simple anomaly detection engine traditional in control applications. The approach shows that the scheduling rate of control applications is significantly affected by various events, such as a change in the number of network packets, configuration interventions, etc. Implementations realized on a Phoenix Contact ILC 350-PN controller demonstrate the feasibility and applicability of the proposed methodology.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literatur
2.
Zurück zum Zitat Bini E, Nguyen THC, Richard P, Baruah SK (2009) A response-time bound in fixed-priority scheduling with arbitrary deadlines. IEEE Trans Comput 58(2):279–286MathSciNetCrossRef Bini E, Nguyen THC, Richard P, Baruah SK (2009) A response-time bound in fixed-priority scheduling with arbitrary deadlines. IEEE Trans Comput 58(2):279–286MathSciNetCrossRef
4.
Zurück zum Zitat Cárdenas AA, Amin S, Lin ZS, Huang YL, Huang CY, Sastry S (2011) Attacks against process control systems: risk assessment, detection, and response. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS’11. ACM, New York, pp 355–366. https://doi.org/10.1145/1966913.1966959 Cárdenas AA, Amin S, Lin ZS, Huang YL, Huang CY, Sastry S (2011) Attacks against process control systems: risk assessment, detection, and response. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS’11. ACM, New York, pp 355–366. https://​doi.​org/​10.​1145/​1966913.​1966959
6.
Zurück zum Zitat Di Pietro A, Panzieri S, Gasparri A (2015) Situational awareness using distributed data fusion with evidence discounting. In: Rice M, Shenoi S (eds) Critical infrastructure protection IX. Springer, Cham, pp 281–296CrossRef Di Pietro A, Panzieri S, Gasparri A (2015) Situational awareness using distributed data fusion with evidence discounting. In: Rice M, Shenoi S (eds) Critical infrastructure protection IX. Springer, Cham, pp 281–296CrossRef
9.
Zurück zum Zitat Genge B, Rusu DA, Haller P (2014) A connection pattern-based approach to detect network traffic anomalies in critical infrastructures. In: Proceedings of the Seventh European Workshop on System Security, EuroSec’14. ACM, New York, pp 1:1–1:6. https://doi.org/10.1145/2592791.2592792 Genge B, Rusu DA, Haller P (2014) A connection pattern-based approach to detect network traffic anomalies in critical infrastructures. In: Proceedings of the Seventh European Workshop on System Security, EuroSec’14. ACM, New York, pp 1:1–1:6. https://​doi.​org/​10.​1145/​2592791.​2592792
14.
Zurück zum Zitat Hagerott M (2014) Stuxnet and the vital role of critical infrastructure operators and engineers. Int J Crit Infrastruct Prot 7(4):244–246CrossRef Hagerott M (2014) Stuxnet and the vital role of critical infrastructure operators and engineers. Int J Crit Infrastruct Prot 7(4):244–246CrossRef
16.
17.
Zurück zum Zitat Montgomery DC (2013) Introduction to statistical quality control. Wiley, New YorkMATH Montgomery DC (2013) Introduction to statistical quality control. Wiley, New YorkMATH
19.
Zurück zum Zitat Phoenix Contact GmbH Co. K (2010) PC WORX 6 IEC 61131-Programming Phoenix Contact GmbH Co. K (2010) PC WORX 6 IEC 61131-Programming
21.
Zurück zum Zitat Rubio JE, Alcaraz C, Roman R, Lopez J (2017) Analysis of intrusion detection systems in industrial ecosystems. In: Proceedings of the 14th International Joint Conference on E-Business and Telecommunications (ICETE 2017) – vol 4: SECRYPT, Madrid, 24–26 July 2017, pp 116–128. https://doi.org/10.5220/0006426301160128 Rubio JE, Alcaraz C, Roman R, Lopez J (2017) Analysis of intrusion detection systems in industrial ecosystems. In: Proceedings of the 14th International Joint Conference on E-Business and Telecommunications (ICETE 2017) – vol 4: SECRYPT, Madrid, 24–26 July 2017, pp 116–128. https://​doi.​org/​10.​5220/​0006426301160128​
24.
Zurück zum Zitat Symantec (2014) Dragonfly: cyberespionage attacks against energy suppliers. Symantec Security Response Symantec (2014) Dragonfly: cyberespionage attacks against energy suppliers. Symantec Security Response
26.
Zurück zum Zitat Wang B, Mao Z (2018) One-class classifiers ensemble based anomaly detection scheme for process control systems. Trans Inst Meas Control 40(12):3466–3476CrossRef Wang B, Mao Z (2018) One-class classifiers ensemble based anomaly detection scheme for process control systems. Trans Inst Meas Control 40(12):3466–3476CrossRef
Metadaten
Titel
Engineering Edge Security in Industrial Control Systems
verfasst von
Piroska Haller
Béla Genge
Adrian-Vasile Duka
Copyright-Jahr
2019
DOI
https://doi.org/10.1007/978-3-030-00024-0_10