© The Institution of Engineering and Technology
This study presents an approach to the security assessment of the information systems of critical infrastructures. The approach is based on the faithful reconstruction of the evaluated information system in a computer security laboratory followed by simulations of possible threats against the system. The evidence collected during the experiments, stored and organised using a proprietary system InSAW, may later be used for the creation of trust cases which provide valuable information for the end users of the infrastructure. Another new proposal is MAlSim – mobile agent-based simulator of malicious software (viruses, worms, etc). To the best of the authors' knowledge, such a simulator has not been proposed before. The present approach was applied to the verification of the security of industrial control systems and power plants. In the study, one of the experiments related to the security study of an information system of a power plant, a simulation of zero-day worm attack, is described.
References
-
-
1)
-
E. Skoudis ,
L. Zeltser
.
(2003)
Malware: fighting malicious code.
-
2)
-
Leszczyna, R., Fovino, I.N., Masera, M.: `Security evaluation of IT systems underlying critical networked infrastructures', Proc. First Int. IEEE Conf. on Information Technology (IT 2008), May 2008, Gdansk, Poland.
-
3)
-
ISA99, http://www.isa.org.
-
4)
-
R. Leszczyna ,
I.N. Fovino ,
M. Masera
.
Simulating Malware with MAlSim.
J. Comput. Virol.
,
1 ,
65 -
75.
-
5)
-
European Commission: Communication from the Commission to the Council and the European Parliament: Critical Infrastructure Protection in the Fight Against Terrorism. Internet, October 2004.
-
6)
-
Mander, T., Nabhani, F., Wang, L., Cheung, R.: `Data object based security for DNP3 Over TCP/IP for increased utility commercial aspects security', Proc. Power Engineering Society General Meeting, 24–28 June 2007, Tampa, FL, USA, p. 1–8, (IEEE, Los Alamitos, 2007).
-
7)
-
Nai Fovino, I., Masera, M.: `Through the description of attacks: A multidimensional view', Proc. 25th Int. Conf. on Computer Safety, Reliability and Security, 26–29 September 2006, Gdansk, Poland.
-
8)
-
M. Fossi ,
D. Turner ,
A. Andrews
.
(2010)
Symantec Intelligence Quarterly April–June 2010.
-
9)
-
A. Lee ,
T. Brewer
.
(2009)
Smart grid cyber security strategy and requirements.
-
10)
-
ISO 27000 standards, http://www.iso.org.
-
11)
-
J. Górski ,
A. Jarze˛bowicz ,
R. Leszczyna ,
J. Miler ,
M. Olszewski
.
Trust case: Justifying trust in an IT solution.
Reliab. Eng. Syst. Saf.
,
1 ,
33 -
47
-
12)
-
J. Górski ,
Ł. Cyra ,
A. Jarze˛bowicz ,
J. Miler
.
Argument strategies and patterns of the trust-IT framework.
Pol. J. Environ. Stud.
,
323 -
329
-
13)
-
P. Herzog
.
Open source security testing methodology manual.
-
14)
-
Majdalawieh, M., Parisi-Presicce, F., Wijesekera, D.: `Distributed network protocol security (DNPSec) security framework', Proc. 21st Annual Computer Security Applications Conf., 5–9 December 2005, Tucson, Arizona.
-
15)
-
Cyra, Ł., Górski, J.: `Extending GQM by argument structures', Proc. Ninth Natl Software Engineering Conf. (KKIO), October 2007, Poznań, Poland.
-
16)
-
Nai Fovino, I., Genge, B., Siaterlis, C., Masera, M.: `A framework for analyzing cyber-physical attacks on networked industrial control systems', Fifth IFIP WG 11.10 Int. Conf. on Critical Infrastructure Protection Dartmouth College, 23–25 March 2011, Hanover, New Hampshire, USA.
-
17)
-
Nai Fovino, I., Masera, M.: `InSAW-industrial security assessment workbench', Proc. Int. Conf. on Infrastructure Systems, 10–12 November 2008, Rotterdam.
-
18)
-
SecurityFocus: ‘SecurityFocus vulnerability database’. http://www.securityfocus.com/bid (last accessed 9 September 2010).
-
19)
-
Stuxnet: http://www.symantec.com/connect/blogs/stuxnet-introduces-first-known-rootkit-scada-devices.
-
20)
-
P. Szor
.
(2005)
The art of computer virus research and defense.
-
21)
-
Chandia, R., Gonzalez, J., Kilpatrick, T., Papa, M., Shenoi, S.: `Security strategies for scada networks', Proc. First Annual IFIP Working Group 11.10 Int. Conf. on Critical Infrastructure Protection, Dartmouth College, 19–21 March 2007, Hanover, New Hampshire, USA.
-
22)
-
Hussain, A., Schwab, S., Thomas, R., Fahmy, S., Mirkovic, J.: `DDoS experiment methodology', Proc. DETER Community Workshop on Cyber Security Experimentation, June 2006.
-
23)
-
I. Nai Fovino ,
M. Masera ,
A. Decian
.
Integrating cyber attacks within fault trees.
Int. J. Reliab. Eng. Syst. Saf.
,
9 ,
1394 -
1402
-
24)
-
A. Miller
.
Trends in process control systems security.
IEEE Secur. Priv.
,
5 ,
57 -
60
-
25)
-
Emulab - Network Emulation Testbed – http://www.emulab.net/.
-
26)
-
A. Creery ,
E. Byres
.
Industrial Cyber-security for power system and SCADA networks.
IEEE Ind. Appl.
,
4 ,
49 -
55
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2010.0261
Related content
content/journals/10.1049/iet-ifs.2010.0261
pub_keyword,iet_inspecKeyword,pub_concept
6
6