Securing current and future process control systems

Robert Cunningham, Steven Cheung, Martin Fong, Ulf Lindqvist, David Nicol, Ronald Pawlowski, Eric Robinson, William Sanders, Sankalp Singh, Alfonso Valdes, Bradley Woodworth, Michael Zhivich

Research output: Chapter in Book/Report/Conference proceedingChapter

Abstract

Process control systems (PCSs) are instrumental to the safe, reliable and efficient operation of many critical infrastructure components. However, PCSs increasingly employ commodity information technology (IT) elements and are being connected to the Internet. As a result, they have inherited IT cyber risks, threats and attacks that could affect the safe and reliable operation of infrastructure components, adversely affecting human safety and the economy. This paper focuses on the problem of securing current and future PCSs, and describes tools that automate the task. For current systems, we advocate specifying a policy that restricts control network access and verifying its implementation. We further advocate monitoring the control network to ensure policy implementation and verify that network use matches the design specifications. For future process control networks, we advocate hosting critical PCS software on platforms that tolerate malicious activity and protect PCS processes, and testing software with specialized tools to ensure that certain classes of vulnerabilities are absent prior to shipping.

Original languageEnglish (US)
Title of host publicationCritical Infrastructure Protection
EditorsEric Goetz, Sujeet Shenoi
PublisherSpringer
Pages99-115
Number of pages17
ISBN (Print)9780387754611
DOIs
StatePublished - 2007
Event1st Annual IFIP Working Group 11.10 International Conference on Critical Infrastructure Protection - Hanover, NH, United States
Duration: Mar 19 2007Mar 21 2007

Publication series

NameIFIP Advances in Information and Communication Technology
Volume253
ISSN (Print)1868-4238

Other

Other1st Annual IFIP Working Group 11.10 International Conference on Critical Infrastructure Protection
Country/TerritoryUnited States
CityHanover, NH
Period3/19/073/21/07

Keywords

  • Access control
  • Intrusion detection
  • Process control systems
  • Secure platforms
  • Vulnerability testing

ASJC Scopus subject areas

  • Information Systems
  • Computer Networks and Communications
  • Information Systems and Management

Cite this