An integrated framework for control system simulation and regulatory compliance monitoring

International Journal of Critical Infrastructure Protection

Volumn 4, Issue 1, 2011, Pages 41-53

  Mahoney, William ^a   Gandhi, Robin A ^a  

^a UNIVERSITY OF NEBRASKA AT OMAHA   (United States)

Author keywords

Compliance; Regulations; SCADA simulation

Indexed keywords

ACTUAL SYSTEM; COMPLIANCE; COMPLIANCE MONITORING; CONTROL SYSTEM SIMULATIONS; COORDINATED ATTACK; CYBER SECURITY; DESIGN DECISIONS; INTEGRATED FRAMEWORKS; LEGACY CONTROL SYSTEMS; NEAR-REAL TIME; OPERATIONAL IMPACTS; OPERATIONAL SEMANTICS; REGULATIONS; REGULATORY REQUIREMENTS; SCADA SIMULATION; SECURITY CONTROLS;

COMPUTER PROGRAMMING LANGUAGES; COMPUTER SIMULATION LANGUAGES; CONTROL THEORY; CRITICAL INFRASTRUCTURES; INTEGRATION; LEGACY SYSTEMS; PUBLIC WORKS; SCADA SYSTEMS; SECURITY OF DATA; SEMANTIC WEB; SEMANTICS; TAXONOMIES; WATER SUPPLY; WATER SUPPLY SYSTEMS;

REGULATORY COMPLIANCE;

EID: 79954421663     PISSN: 18745482     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.ijcip.2011.03.002     Document Type: Article

References (35)

1. BBC News, Stuxnet worm hits Iran nuclear plant staff computers, September 26, 2010. http://www.bbc.co.uk/news/world-middle-east-11414483.
2. McMillan Robert Siemens: stuxnet worm hit industrial systems. Computerworld 2010, http://www.computerworld.com/s/article/print/9185419/Siemens_Stuxnet_worm_hit_industrial_systems?taxonomyName=Network+Security%26taxonomyId=142.
3. N. Falliere, L.O. Murchu, E. Chien, W32. Stuxnet Dossier, Version 1.3, November 2010. URL: (accessed on: 14.01.10). http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf.
4. Ronald L. Krutz, Securing SCADA systems, 2006 Wiley Publishing, Indianapolis, Indiana.
5. John Leyden, Polish teen derails tram after hacking train network, The Register, January 11, 2008. http://www.theregister.co.uk/2008/01/11/tram_hack/.
6. A Shortlist of Reported SCADA. Incidents at: http://ciip.wordpress.com/2009/06/21/a-list-of-reported-scada-incidents/.
7. CNN, Sources: staged cyber attack reveals vulnerability in power grid. http://www.cnn.com/2007/US/09/26/power.at.risk/index.html.
8. NIST SP 800-82, Guide to industrial control systems (ICS) security, Draft for Public Comment, September 29, 2008. http://csrc.nist.gov/publications/drafts/800-82/draft_sp800-82-fpd.pdf.
9. Geer D. Security of critical control systems sparks concern. Computer 2006, 39(1):20-23.
10. J. Pollet, Developing a solid SCADA security strategy, in: [Conference Paper] SIcon/02, Sensors for Industry Conference, Proceedings of the ISA/IEEE, IEEE Cat. No. 02EX626, Research Triangle Park, NC, USA, 2002, pp. 148-156.
11. North American Electric Reliability Corporation (NERC) control systems security working group, Top 10 vulnerabilities of control systems and their associated mitigations, 2007, US Department of Energy National SCADA Test Bed Program, March 22, 2007.
12. IEC Standards. Available at: http://www.iec.ch/.
13. http://www.iso.org/iso/support/faqs/faqs_widely_used_standards/widely_used_standards_other/information_security.htm.
14. NIST 800-53, Recommended security controls for federal information systems. http://csrc.nist.gov/publications/nistpubs/800-53-Rev2/sp800-53-rev2-final.pdf.
15. American Petrolium Institute, Pipeline SCADA Security, 2nd ed., 06/01/09.
16. Security content automation protocol-open checklist interactive language. http://scap.nist.gov/specifications/ocil/.
17. The technical specification for the security content automation protocol (SCAP): SCAP version 1.1 (DRAFT). http://csrc.nist.gov/publications/drafts/800-126-r1/draft-sp800-126r1-jan2011.pdf.
18. Shangping Ren, Kevin Kwiat, A non-intrusive approach to enhance legacy embedded control systems with cyber protection features, in: Third International Conference on Availability, Reliability and Security, 2008, ARES 08, 4-7 March 2008, pp. 1180-1187.
19. S. Cheung, B. Dutertre, et al. Using model-based intrusion detection for SCADA networks, in: Proceedings of the SCADA Security Scientific Symposium, Florida, January 2007.
20. http://www.modbus.org/.
21. Oman P., Phillips M. Intrusion detection and event monitoring in SCADA networks. Critical Infrastructure Protection 2007, 161-174. Springer, New York, NY, Chapter 12 in. E. Goetz, S. Shenoi (Eds.).
22. Giani Annarita, Karsai Gabor, Roosta Tanya, Shah Aakash, Sinopoli Bruno, Wiley Jon A testbed for secure and robust SCADA systems. ACM SIGBED Review 2008, 5(2).
23. William Mahoney, William Sousan, Intrusion detection via instrumented software, in: 1st CATARS Workshop at the 38th IEEE/ IFIP Intl. Conf. on Dependable Systems & Networks, Anchorage, Alaska, 2008.
24. Tyan H.Y., Sobeih A., Hou J.C. Design, realization and evaluation of a component-based, compositional network simulation environment. Simulation 2009, 85(3):159-181. 10.1177/0037549708099998.
25. Harold Elliotte Rusty, Means W.Scott XML in a Nutshell 2004, O'Reilly Media, Inc. third ed.
26. Robin Gandhi, William Mahoney, Ken Dick, ADACS-a language for monitoring regulatory compliance in control systems, in: Second Workshop on Compiler and Architectural Techniques for Application Reliability and Security, the 39th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, Estoril, Portugal.
27. Tucker A., Noonan R.E. Programming Languages-Principles and Paradigms 2007, McGraw Hill. 2nd ed.
28. Heninger K.L. Specifying software requirements for complex systems: new techniques and their application. IEEE Transactions on Software Engineering 1980, 6(1):2-13.
29. J. Lobo, R. Bhatia, S. Naqvi, A policy description language, in: Proc. 16th Conf. on AI, AAAI, CA, July 1999, pp. 291-298.
30. Tim Lindholm, Frank Yellin, The JavaTM Virtual Machine Specification-Second Edition. http://java.sun.com/docs/books/jvms/second_edition/html/VMSpecTOC.doc.html.
31. Schneider F.B. Enforceable security policies. ACM Transactions on Information and System Security 2000, 3:30-50.
32. http://www.w3.org/TR/xpath20/.
33. Simpson John XPath and XPointer 2002, O'Reilly Media, Inc.
34. OWL 2 Web ontology language document overview, W3C Recommendation 27 October 2009. http://www.w3.org/TR/owl2-overview/.
35. NERC standards CIP-002-2 through CIP-009-2. http://www.nerc.com/filez/standards/Project_2008-06_Cyber_Security.html.