Industrial control system cybersecurity research

Qinghua Daxue Xuebao/Journal of Tsinghua University

Volumn 52, Issue 10, 2012, Pages 1396-1408

  Peng, Yong ^a,b   Jiang, Changqing ^a   Xie, Feng ^a   Dai, Zhonghua ^a   Xiong, Qi ^a   Gao, Yang ^a  

^a CHINA INFORMATION TECHNOLOGY SECURITY EVALUATION CENTER   (China)

^b BEIJING UNIVERSITY OF POSTS AND TELECOMMUNICATIONS   (China)

Author keywords

Cyber physical system (CPS); Cybersecurity; Industrial control system (ICS); Risk assessment; Supervisory control and data acquisition (SCADA)

Indexed keywords

CYBER PHYSICAL SYSTEMS (CPSS); CYBER SECURITY; FUTURE RESEARCH DIRECTIONS; INDUSTRIAL CONTROL SYSTEMS; NATIONAL INFRASTRUCTURE; SUBWAY SYSTEMS; SUPERVISORY CONTROL AND DATA ACQUISITION;

CONTROL SYSTEMS; CRITICAL INFRASTRUCTURES; EMBEDDED SYSTEMS; INDUSTRIAL RAILROADS; NUCLEAR ENERGY; RISK ASSESSMENT;

INTELLIGENT CONTROL;

EID: 84871125623     PISSN: 10000054     EISSN: None     Source Type: Journal    
DOI: None     Document Type: Article

References (97)

1. NIST SP800-82. Guide to Industrial Control Systems (ICS) Security[S]. Gaithersburg, USA: National Institute of Standards and Technology (NIST), 2011.
2. Simon H A. The architecture of complexity[C]// Proceedings of the American Philosophical Society. Philadelphia, USA: Batsford, 1962: 467-482.
3. Bishop M. Computer Security[M]. Boston, USA: Addison Wesley, 2003.
4. Department of Homeland Security (DHS). Cyber Security Assessments of Industrial Control System[S]. Washington DC, USA: Department of Homeland Security (DHS), 2010.
5. The European Network and Information Security Agency (ENISA). Protecting Industrial Control Systems, Recommendations for Europe and Member States[R]. Heraklion, Greece: Recommendations for Europe and Member States, 2011.
6. Byres E J, Kay J, Carter J. Myths and facts behind cyber security and industrial control (2003)[Z/OL]. (2010-02-12), http://www.pimaweb.org/conference/april2003/pdfs/ MythsAndFactsBehindCyberSecurity.pdf.
7. David A. Multiple Efforts to Secure Control Systems Are Under Way, but Challenges Remain, GAO-07-1036[R]. Washington DC, USA: US Government Accountability Office (US GAO), 2007.
8. IEC 61508. Functional Safety of E/E/PE Safety-Related Systems[S]. Geneva, Switzerland: International Electrotechnical Commission (IEC), 2000.
9. Piètre-Cambacédès L, Chaudet C. The SEMA referential framework: Avoiding ambiguities in the terms " security" and " safety"[J]. International Journal of Critical Infrastructure Protection, 2010, 3(2): 55-66.
10. NIST 906330. Security Assurance Levels: A Vector Approach to Describing Security Requirements[S]. Gaithersburg, USA: National Institute of Standards and Technology (NIST), 2010.
11. ANSI/ISA-99.01.01-2007. Security for Industrial Automation and Control Systems: Terminology, Concepts and Models[S]. Los Angeles, USA: The International Society of Automation (ISA), 2007.
12. IEC/TS 62443-1. Industrial Communication Networks-Network and System Security-Part 1-1: Terminology, Concepts and Models[S]. Geneva, Switzerland: International Electrotechnical Commission (IEC), 2009.
13. The President's Commission on Critical Infrastructure Protection. Critical Foundations: Protecting America's Infrastructures, The Report of President's Commission on Critical Infrastructure Protection[R]. Washington DC, USA: The President's Commission on Critical Infrastructure Protection, 1997.
14. US-CERT. The National Strategy to Secure Cyberspace[R]. Washington DC, USA: United States Computer Emergency Readiness Team, 2003.
15. Department of Homeland Security. National Infrastructure Protection Plan[R]. Washington DC, USA: Department of Homeland Security, 2006.
16. Department of Homeland Security (DHS) National Cyber Security Division. Strategy for Securing Control Systems: Coordinating and Guiding Federal, State, and Private Sector Initiatives[R]. Washington DC, USA: Department of Homeland Security (DHS), 2009.
17. The National Research Council. Making the Nation Safer: the Role of Science and Technology in Countering Terrorism[R]. Washington DC, USA: the National Research Council, 2002.
18. United States General Accounting Office. Critical Infrastructure Protection: Challenges and Efforts to Secure Control Systems, GAO-04-354[R]. Washington DC, USA: General Accounting Office (GAO), 2004.
19. Eisenhauer J, Donnelly P, Ellis M, et al. Roadmap to Secure Control Systems in the Energy Sector[R]. Washington DC, USA: Energetics Incorporated, the US Department of Energy and the US Department of Homeland Security, 2006.
20. Department of Homeland Security. National Infrastructure Protection Plan[R]. Washington DC, USA: Department of Homeland Security, 2009.
21. Energy Sector Control Systems Working Group (ESCSWG). Roadmap to Achieve Energy Delivery Systems Cybersecurity[R]. Washington DC, USA: Office of Electricity Delivery & Energy Reliability, 2011.
22. GAO Yang, PENG Yong, XIE Feng. Revelation of industrial control security management in the United States[J]. China Information Security, 2012, 27(03): 44-47. (in Chinese)
23. Department of Energy. National SCADA Testbed[Z/OL]. (2012-07-01), http://www.doe.gov/oe/national-scada-test-bed/.
24. Office of Electricity Delivery and Energy Reliability, US Department of Energy. NSTB fact sheet, national SCADA test bed, enhancing control systems security in the energy sector[Z/OL]. (2012-06-16), http://energy.gov/sites/prod/files/oeprod/Documentsand Media/NSTB_Fact_Sheet_ FINAL_09-16-09.pdf.
25. Office of Electricity Delivery and Energy Reliability, US Department of Energy. NSTB fact sheet, national SCADA test bed, enhancing control systems security in the energy sector[Z/OL]. (2012-06-16), http://www.inl.gov/scada/factsheets/d/nstb.pdf.
26. US-CERT. ICS-CERT[Z/OL]. (2012-06-20), http://www.us-cert.gov/control_system/.
27. Commission of the European Communities. Communication from the Commission to the Council and the European Parliament. Critical Infrastructure Protection in the Fight Against Terrorism, COM (2004) 702 Final[R]. Brussels, Belgium: Commission of the European Communities, 2004.
28. Commission of the European Communities. Communication from the Commission-on a European Programme for Critical Infrastructure Protection, COM (2006) 786 Final[R]. Brussels, Belgium: Commission of the European Communities, 2006.
29. Commission of the European Communities. Communication from the Commission to the European Parliament, the Council, The European Economic and Social Committee and the Committee of the Regions-on Critical Information Infrastructure Protection, COM (2009) 149 Final[R]. Brussels, Belgium: Commission of the European Communities, 2009.
30. Commission of the European Communities. Communication from the Commission to the European Parliament, the Council, The European Economic and Social Committee and the Committee of the Regions-A Digital Agenda for Europe, COM (2010) 245[R]. Brussels, Belgium: Commission of the European Communities, 2010.
31. API Standard 1164. Pipeline SCADA Security Guideline[S]. New York, USA: American Petroleum Institute, 2009.
32. AGA-12. Cryptographic Protection of SCADA Communications General Recommendations[S]. Washington DC, USA: American Gas Association, 2004.
33. ANSI/ISA-99. Manufacturing and Control System Security, Standards and Guidelines[S]. Los Angeles, USA: American National Standards Institute(ANSI)/ USA International Standards Authority(ISA), 2009.
34. IEC TC 65 WG 10. Security for Industrial Process Measurement and Control: Network and System Security, Standard[S]. Geneva, Switzerland: International Electrotechnical Commission (IEC), 2008.
35. BAL-001-0a, Reliability Standards for the Bulk Electric Systems in North America, Regulation[S]. Princeton, USA: North American Electric Reliability Council, 2011.
36. International Council on Large Electric systems (CIGRE). JWG D2/B3/C2-01 Security for Information Systems and Intranets in Electric Power Systems, Managing Information Security in an Electric Utility, Guideline[R]. Cuernavaca, Mexico: International Council on Large Electric Systems (CIGRE), 2005.
37. NRC Regulatory Guide 5. 71. Cyber Security Programs for Nuclear Facilities, Guideline/Regulatory[S]. Washington DC, USA: US Nuclear Regulatory Commission, 2010.
38. Sommestad T, Ericsson G N, Nordlander J. SCADA system cyber security's comparison of standards[C]// 2010 IEEE on Power and Energy Society General Meeting. Minneapolis, USA: IEEE Power & Energy Society, 2010: 1-8.
39. European Network and Information Security Agency. Protecting Industrial Control Systems-Annex III, ICS Security Related Standards, Guidelines and Policy Documents[R]. Heraklion, Greece: European Network and Information Security Agency (ENISA), 2011.
40. Pollet J. Innovative defense strategies for securing SCADA control systems[C]// Innovative Defense Strategies for Securing Manufacturing & Control Systems-ISA EXPO 2005. Chicago, USA: Instrumentation, Systems, and Automation Society (ISA), 2005.
41. Holger G. Architecting critical systems[C]// Proceedings of the First International Symposium on Architecting Critical Systems, ISARCS 2010. Prague, Czech Republic: Springer-Verlag. 2010.
42. Byres E, Chauvin B, Karsch J, et al. The special needs of SCADA/PCN firewalls: Architectures and test results[C]// Proceedings of the 10th IEEE Conference on Emerging Technologies and Factory Automation, 2005, ETFA 2005. Catania, Italy: Institute of Electrical and Electronics Engineers Inc, 2005: 876-884.
43. Anat B B, Yotam H, David H. Space-time tradeoffs in software-based deep packet inspection[C]// 2011 IEEE 12th International Conference on High Performance Switching and Routing (HPSR 2011). Cartagena, Spain: IEEE Press, 2011: 1-8.
44. Patel S C, Graham J H, Ralston P A S. Quantitatively assessing the vulnerability of critical information systems: A new method for evaluating security enhancements[J]. International Journal of Information Management, 2008, 28(6): 483-491.
45. BCIT Group for Advanced Information Technology. Good Practice Guide on Firewall Deployment for SCADA and Process Control Networks-Policy and Best Practice, ID 00157[R]. London, UK: National Infrastructure Security Coordination Centre, 2005.
46. Jay B, James C F, Jeffrey P, et al. Snort 2.0 Intrusion Detection Syngress, Feb 2003[Z/OL]. (2012-06-18), http://security.irost.org/ebooks/.
47. Peterson D. Quickdraw: Generating security log events for legacy SCADA and control system devices[C]// Conference for Homeland Security on Cybersecurity Applications & Technology, 2009, CATCH'09. Washington DC, USA: IEEE Press, 2009: 227-229.
48. Morris T, Vaughn R, Dandass Y. A retrofit network intrusion detection system for MODBUS RTU and ASCII industrial control systems[C]// HICSS 2012. Kauai, USA: Institute of Electrical and Electronics Engineers Computer Society, 2012: 2338-2345.
49. Roosta T, Nilsson D, Lindqvist U, et al. An intrusion detection system for wireless process control systems[C]// The 5th IEEE International Conference on Mobile Ad Hoc and Sensor Systems. Atlanta, USA: IEEE Press, 2008: 866-872.
50. Cheung S, Valdes A. Communication pattern anomaly detection in process control systems[C]// IEEE International Conference on Technologies for Homeland Security. Waltham, USA: IEEE Press, 2009: 1-8.
51. Valdes A, Cheung S. Intrusion monitoring in process control systems[C]// Proceedings of the 42nd Hawaii International Conference on System Sciences. Big Island, USA: IEEE Computer Society Press, 2009: 21-28.
52. Rrushi J, Kang K. Detecting anomalies in process control networks[C]// Critical Infrastructure Protection III. IFIP Advances in Information and Communication Technology. Heisenberg, Germany: Springer, 2009: 151-165.
53. Gao W, Morris T, Reaves B, et al. On SCADA control system command and response injection and intrusion detection[C]// Proceedings of 2010 IEEE eCrime Researchers Summit. Dallas, USA: IEEE Press, 2010: 1-8.
54. Zhu B, Joseph A, Sastry S. A taxonomy of cyber attacks on SCADA systems[C]// Proceedings of the 2011 International Conference on Internet of Things and the 4th International Conference on Cyber, Physical and Social Computing (ITHINGSCPSCOM'11). Washington DC, USA: IEEE Computer Society, 2011: 380-388.
55. David M W, Sakurai K. Mobile agent based security monitoring and analysis for the electric power infrastructure[C]// Proceeding of Communication, Network, and Information Security 2003. New York, USA: ACTA Press, 2003.
56. Isabelle G, Jason W, Stephen B, et al. Gene selection for cancer classification using support vector machines[J]. Machine Learning, 2002, 46(1-3): 389-422.
57. Ido C, Tal E H, Nir F, et al. Mean field variational approximation for continuous-time Bayesian network[J]. Journal of Machine Learning Research, 2010, 11: 2745-2783.
58. Dimitrios G, Thomas H, Donato M, et al. Machine learning and knowledge discovery in databases-European Conference[C]// Proceedings of the European Conference on Machine Learning and Principles and Practice of Knowledge Discovery in Databases (ECML PKDD 2011). Athens, Greece: Part I. Heisenberg, Germany: Springer 2011.
59. Renée S A, Daniel A J, Doug B. Mixed-signal approximate computation: A neural predictor case study[J]. IEEE Micro, 2009, 29(1): 104-115.
60. Idaho National Laboratory. Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program, INL/EXT-08-13979[R]. Idaho, USA: Idaho National Laboratory, 2008.
61. Fink R, Spencer D, Wells R. Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems, INL/CON-06-11665[R]. Idaho, USA: Idaho National Laboratory, 2006.
62. Idaho National Laboratory. Wireless Procurement Language in Support of Advanced Metering Infrastructure Security, INL/EXT-09-15658[R]. Idaho, USA: Idaho National Laboratory, 2009.
63. Hahn A, Kregel B, Govindarasu M, et al. Development of the PowerCyber SCADA security testbed[C]// Proceedings of the 6th Annual Workshop on Cyber Security and Information Intelligence Research-CSIIRW'10. New York, USA: ACM Press, 2010.
64. Iowa State University. Power Infrastructure Cybersecurity Laboratory of Electrical and Computer Engineering Department[Z/OL]. (2012-06-11), http://powercyber.ece.iastate.edu/powercyber.html.
65. XIONG Qi, JING Xiaowei, ZHAN Feng. Summary and implications for China of the information security work of the ICS system in the oil and gas industry in America[J]. China Information Security, 2012, 27(03): 80-83. (in Chinese)
66. Industrial Instrumentation Process Lab. British Columbia Institute of Technology[Z/OL]. (2012-07-11), http://www.bcit.ca/appliedresearch/tc/facilities/industrial.shtml.
67. Bergman D, JIN Dong, Nicol D, et al. The virtual power system testbed and inter-testbed integration[C]// USENIX 2nd Workshop on Cyber Security Experimentation and Test (CSET'09) held in Conjunction with the 18th USENIX Security Symposium (USENIX Security'09). Montreal, Canada: USENIX, 2009: 1-6.
68. Rohan C, Bruno S, Gabor K, et al. Simulation of network attacks on SCADA systems[C]// First Workshop on Secure Control Systems, 2010. Stockholm, Sweden: Team for Research in Ubiquitous Secure Technology (TRUSTSTC), 2010.
69. Queiroz C, Mahmood A, HU Jiankun, et al. Building a SCADA Security Testbed[C]// Third International Conference on Network and System Security (NSS'09). Gold Coast, QLD. Washington DC, USA: IEEE Press, 2009: 357-364.
70. Varga A. The OMNeT++discrete event simulation system[C]// Proceedings of the European Simulation Multiconference (ESM'2001). Prague, Czech Republic: The European Multidisciplinary Society for Modelling and Simulation Technology (EUROSIS), 2001: 319-324.
71. The OMNeT++Community. INET Framework for OMNeT++4.0[Z/OL]. (2012-07-02), http://inet.omnetpp.org/.
72. The LEGO Group. Lego Mindstroms NXT[Z/OL]. (2012-07-03), http://mindstorms.lego.com.
73. Raimbault S. Libmodbus-A modbus library for Linux and OSX[Z/OL]. (2012-07-03), http://www.libmodbus.org.
74. Davis C, Tate J, Okhravi H, et al. SCADA cyber security testbed development[C]// Proceedings of the 38th North American in Power Symposium, 2006 (NAPS 2006). Washington DC, USA: IEEE Press, 2006: 483-488.
75. Mallouhi M, AI-Nashif Y, Cox D, et al. A testbed for analyzing security of SCADA control systems (TASSCS)[C]// 2011 IEEE PES on Innovative Smart Grid Technologies (ISGT). Hilton Anaheim, USA: IEEE Computer Society, 2011: 1-7.
76. GB/T 18336.1-2008 idt ISO/IEC 15408-1: 2005. Information Technology-Security Techniques-Evaluation criteria for IT Security-Part 1: Introduction and General Model[S]. Beijing: State Bureau of Quality Technical Supervision, 2001. (in Chinese)
77. NIST SP 800-30. Risk Management Guide for Information Technology Systems[S]. Gaithersburg, USA: National Institute of Standards and Technology (NIST), 2002.
78. Haimes Y Y. Hierarchical holographic modeling[J]. IEEE Transactions on Systems, Man, and Cybernetics, 1981, 11(9): 606-617.
79. Haimes Y Y. Risk Modeling, Assessment, and Management[M]. 1st Ed. New York, USA: John Wiley & Sons, 1998.
80. Haimes Y Y, Chittester C G. A roadmap for quantifying the efficacy of risk management of information security and interdependent SCADA systems[J]. Journal of Homeland Security and Emergency Management, 2005, 2(2): 1-21.
81. XIONG Qi, PENG Yong, DAI Zhonghua. First exploration on the information security risk assessment of the industrial control system[J]. China Information Security, 2012, 27(03): 57-59. (in Chinese)
82. Kaplan S, Garrick B J. On the quantitative definition of risk[J]. Risk Analysis, 1981, 1(1): 11-37.
83. Stoneburner G. Toward a unified security/safety model[J]. Computer, 2006, 39(8): 96-97.
84. Schneier B. Attack trees: Modeling security threats[J]. Dr. Dobb's Journal, 1999, 12(24): 21-29.
85. Brian K. Cyber incident blamed for nuclear power plant shutdown[Z/OL]. (2012-06-12), http://www.washingtonpost.com/wp-dyn/content/ article/2008/06/05/AR2008060501958.html.
86. Robert J T. Cyber Incidents Involving Control Systems, Technical Report INL/EXT-05-00671[R]. Idaho, USA: Idaho National Laboratory, 2005.
87. Richard E. Hackers penetrate water system computers[Z/OL]. (2012-06-06), http://blogs.abcnews.com/theblotter/ 2006/10/ hackers_penetra.html.
88. United States Attorney. Sacramento man pleads guilty to attempting to shut down California's power grid[Z/OL]. (2012-06-07), http://www.usdoj.gov/usao/cae/press_releases/ docs/2007/12-14-07DenisonPlea.pdf.
89. Kravets D. Feds: Hacker disabled offshore oil platform leak-detection system[Z/OL]. (2012-06-06), http://www.wired.com/threatlevel/2009/03/feds-hacker-dis.
90. Leyden J. Polish teen derails tram after hacking train network[R]. London, UK: The Register, 2008.
91. Nicolas F, Liam O M, Eric C. W32. Stuxnet Dossier, Version 1.3 Edition[R]. Washington DC, USA: Symantec, 2010.
92. Bellovin S. Stuxnet: The first weaponized software?[Z/OL]. (2012-06-06), http://www.cs.columbia.edu/~smb/blog/2010-09-27.html.
93. Byres E J, Franz M, Miller D. The use of attack trees in assessing vulnerabilities in SCADA systems[C]// International Infrastructure Survivability Workshop (IISW'04). Lisbon, Portugal: Institute of Electrical and Electronics Engineers, 2004.
94. Ten C W, LIU Chenching, Govindarasu M. Vulnerability assessment of cybersecurity for SCADA systems using attack trees[C]// The 2007 IEEE Conference on Power Engineering Society General Meeting. Tampa, USA: Institute of Electrical and Electronics Engineers Inc., 2007: 1-8.
95. Park G Y, Lee C K, Choi J G, et al. Cyber security analysis by attack trees for a reactor protection system[C]// Proceedings of the Korean Nuclear Society (KNS) Fall Meeting. Pyeong Chang, Korea: Korean Nuclear Society, 2008.
96. Patel S C, Graham J H, Ralston P A S. Quantitatively assessing the vulnerability of critical information systems: A new method for evaluating security enhancements[J]. International Journal of Information Management, 2008, 28(6): 483-491.
97. Zonouz S A, Khurana H, Sanders W H, et al. RRE: A game-theoretic intrusion response and recovery engine[C]// IEEE/IFIP International Conference on Dependable Systems & Networks, 2009 (DSN'09). Lisbon, Portugal: Institute of Electrical and Electronics Engineers, 2009: 439-448.