Securing current and future process control systems

Robert Cunningham; Steven Cheung; Martin Fong; Ulf Lindqvist; David Nicol; Ronald Pawlowski; Eric Robinson; William Sanders; Sankalp Singh; Alfonso Valdes; Bradley Woodworth; Michael Zhivich

doi:10.1007/978-0-387-75462-8_8

Securing current and future process control systems

Robert Cunningham, Steven Cheung, Martin Fong, Ulf Lindqvist, David Nicol, Ronald Pawlowski, Eric Robinson, William Sanders, Sankalp Singh, Alfonso Valdes, Bradley Woodworth, Michael Zhivich

Research output: Chapter in Book/Report/Conference proceeding › Chapter

Abstract

Process control systems (PCSs) are instrumental to the safe, reliable and efficient operation of many critical infrastructure components. However, PCSs increasingly employ commodity information technology (IT) elements and are being connected to the Internet. As a result, they have inherited IT cyber risks, threats and attacks that could affect the safe and reliable operation of infrastructure components, adversely affecting human safety and the economy. This paper focuses on the problem of securing current and future PCSs, and describes tools that automate the task. For current systems, we advocate specifying a policy that restricts control network access and verifying its implementation. We further advocate monitoring the control network to ensure policy implementation and verify that network use matches the design specifications. For future process control networks, we advocate hosting critical PCS software on platforms that tolerate malicious activity and protect PCS processes, and testing software with specialized tools to ensure that certain classes of vulnerabilities are absent prior to shipping.

Original language	English (US)
Title of host publication	Critical Infrastructure Protection
Editors	Eric Goetz, Sujeet Shenoi
Publisher	Springer
Pages	99-115
Number of pages	17
ISBN (Print)	9780387754611
DOIs	https://doi.org/10.1007/978-0-387-75462-8_8
State	Published - 2007
Event	1st Annual IFIP Working Group 11.10 International Conference on Critical Infrastructure Protection - Hanover, NH, United States Duration: Mar 19 2007 → Mar 21 2007

Publication series

Name	IFIP Advances in Information and Communication Technology
Volume	253
ISSN (Print)	1868-4238

Other

Other	1st Annual IFIP Working Group 11.10 International Conference on Critical Infrastructure Protection
Country/Territory	United States
City	Hanover, NH
Period	3/19/07 → 3/21/07

Keywords

Access control
Intrusion detection
Process control systems
Secure platforms
Vulnerability testing

ASJC Scopus subject areas

Information Systems
Computer Networks and Communications
Information Systems and Management

Online availability

10.1007/978-0-387-75462-8_8

Library availability

Discover UIUC Full Text

Cite this

Cunningham, R., Cheung, S., Fong, M., Lindqvist, U., Nicol, D., Pawlowski, R., Robinson, E., Sanders, W., Singh, S., Valdes, A., Woodworth, B., & Zhivich, M. (2007). Securing current and future process control systems. In E. Goetz, & S. Shenoi (Eds.), Critical Infrastructure Protection (pp. 99-115). (IFIP Advances in Information and Communication Technology; Vol. 253). Springer. https://doi.org/10.1007/978-0-387-75462-8_8

Cunningham, R, Cheung, S, Fong, M, Lindqvist, U, Nicol, D, Pawlowski, R, Robinson, E, Sanders, W, Singh, S, Valdes, A, Woodworth, B & Zhivich, M 2007, Securing current and future process control systems. in E Goetz & S Shenoi (eds), Critical Infrastructure Protection. IFIP Advances in Information and Communication Technology, vol. 253, Springer, pp. 99-115, 1st Annual IFIP Working Group 11.10 International Conference on Critical Infrastructure Protection, Hanover, NH, United States, 3/19/07. https://doi.org/10.1007/978-0-387-75462-8_8

@inbook{2c13ef0b46864392bf9338acc20d4bbb,

title = "Securing current and future process control systems",

abstract = "Process control systems (PCSs) are instrumental to the safe, reliable and efficient operation of many critical infrastructure components. However, PCSs increasingly employ commodity information technology (IT) elements and are being connected to the Internet. As a result, they have inherited IT cyber risks, threats and attacks that could affect the safe and reliable operation of infrastructure components, adversely affecting human safety and the economy. This paper focuses on the problem of securing current and future PCSs, and describes tools that automate the task. For current systems, we advocate specifying a policy that restricts control network access and verifying its implementation. We further advocate monitoring the control network to ensure policy implementation and verify that network use matches the design specifications. For future process control networks, we advocate hosting critical PCS software on platforms that tolerate malicious activity and protect PCS processes, and testing software with specialized tools to ensure that certain classes of vulnerabilities are absent prior to shipping.",

keywords = "Access control, Intrusion detection, Process control systems, Secure platforms, Vulnerability testing",

author = "Robert Cunningham and Steven Cheung and Martin Fong and Ulf Lindqvist and David Nicol and Ronald Pawlowski and Eric Robinson and William Sanders and Sankalp Singh and Alfonso Valdes and Bradley Woodworth and Michael Zhivich",

year = "2007",

doi = "10.1007/978-0-387-75462-8_8",

language = "English (US)",

isbn = "9780387754611",

series = "IFIP Advances in Information and Communication Technology",

publisher = "Springer",

pages = "99--115",

editor = "Eric Goetz and Sujeet Shenoi",

booktitle = "Critical Infrastructure Protection",

address = "Germany",

note = "1st Annual IFIP Working Group 11.10 International Conference on Critical Infrastructure Protection ; Conference date: 19-03-2007 Through 21-03-2007",

}

TY - CHAP

T1 - Securing current and future process control systems

AU - Cunningham, Robert

AU - Cheung, Steven

AU - Fong, Martin

AU - Lindqvist, Ulf

AU - Nicol, David

AU - Pawlowski, Ronald

AU - Robinson, Eric

AU - Sanders, William

AU - Singh, Sankalp

AU - Valdes, Alfonso

AU - Woodworth, Bradley

AU - Zhivich, Michael

PY - 2007

Y1 - 2007

N2 - Process control systems (PCSs) are instrumental to the safe, reliable and efficient operation of many critical infrastructure components. However, PCSs increasingly employ commodity information technology (IT) elements and are being connected to the Internet. As a result, they have inherited IT cyber risks, threats and attacks that could affect the safe and reliable operation of infrastructure components, adversely affecting human safety and the economy. This paper focuses on the problem of securing current and future PCSs, and describes tools that automate the task. For current systems, we advocate specifying a policy that restricts control network access and verifying its implementation. We further advocate monitoring the control network to ensure policy implementation and verify that network use matches the design specifications. For future process control networks, we advocate hosting critical PCS software on platforms that tolerate malicious activity and protect PCS processes, and testing software with specialized tools to ensure that certain classes of vulnerabilities are absent prior to shipping.

AB - Process control systems (PCSs) are instrumental to the safe, reliable and efficient operation of many critical infrastructure components. However, PCSs increasingly employ commodity information technology (IT) elements and are being connected to the Internet. As a result, they have inherited IT cyber risks, threats and attacks that could affect the safe and reliable operation of infrastructure components, adversely affecting human safety and the economy. This paper focuses on the problem of securing current and future PCSs, and describes tools that automate the task. For current systems, we advocate specifying a policy that restricts control network access and verifying its implementation. We further advocate monitoring the control network to ensure policy implementation and verify that network use matches the design specifications. For future process control networks, we advocate hosting critical PCS software on platforms that tolerate malicious activity and protect PCS processes, and testing software with specialized tools to ensure that certain classes of vulnerabilities are absent prior to shipping.

KW - Access control

KW - Intrusion detection

KW - Process control systems

KW - Secure platforms

KW - Vulnerability testing

UR - http://www.scopus.com/inward/record.url?scp=84902317446&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84902317446&partnerID=8YFLogxK

U2 - 10.1007/978-0-387-75462-8_8

DO - 10.1007/978-0-387-75462-8_8

M3 - Chapter

AN - SCOPUS:84902317446

SN - 9780387754611

T3 - IFIP Advances in Information and Communication Technology

SP - 99

EP - 115

BT - Critical Infrastructure Protection

A2 - Goetz, Eric

A2 - Shenoi, Sujeet

PB - Springer

T2 - 1st Annual IFIP Working Group 11.10 International Conference on Critical Infrastructure Protection

Y2 - 19 March 2007 through 21 March 2007

ER -

Securing current and future process control systems

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this