Litcius/Paper detail

Techniques for Enhancing Security in Industrial Control Systems

Vijay Varadharajan, Udaya Tupakula, Kallol Krishna Karmakar

2023ACM Transactions on Cyber-Physical Systems20 citationsDOIOpen Access PDF

Abstract

Increasingly Industrial Control Systems (ICS) systems are being connected to the Internet to minimise the operational costs and provide additional flexibility. These control systems such as the ones used in power grids, manufacturing and utilities operate continually and have long lifespans measured in decades rather than years as in the case of Information Technology (IT) systems. Such industrial control systems require uninterrupted and safe operation. However, they can be vulnerable to a variety of attacks, as successful attacks on critical control infrastructures could have devastating consequences to the safety of human lives as well as a nation’s security and prosperity. Furthermore, there can be a range of attacks that can target ICS and it is not easy to secure these systems against all known attacks let alone unknown ones. In this paper, we propose a software enabled security architecture using Software Defined Networking (SDN) and Network Function Virtualisation (NFV) that can enhance the capability to secure industrial control systems. We have designed such an SDN/NFV enabled security architecture and developed a Control System Security Application (CSSA) in SDN Controller for enhancing security in ICS by achieving real time situational awareness and dynamic policy-driven decision making across the network infrastructure. In particular, CSSA can be used for establishing secure path for end-to-end communication between devices and also deal against certain specific attacks namely denial of service attacks, from unpatched vulnerable control system components and securing the communication flows from the legacy devices that do not support any security functionality. We also discuss how CSSA provides reliable paths for safety critical messages in control systems. We discuss the prototype implementation of the proposed architecture and the results obtained from our analysis.

Topics & Concepts

Computer scienceComputer securityFlexibility (engineering)Industrial control systemDenial-of-service attackSecurity policySecurity serviceSoftware-defined networkingControl (management)Computer networkThe InternetInformation securityMathematicsStatisticsArtificial intelligenceWorld Wide WebSmart Grid Security and ResilienceSoftware-Defined Networks and 5GNetwork Security and Intrusion Detection