13.07.14 - 16.07.14, Seminar 14292

Network Attack Detection and Defense: Securing Industrial Control Systems for Critical Infrastructures

Diese Seminarbeschreibung wurde vor dem Seminar auf unseren Webseiten veröffentlicht und bei der Einladung zum Seminar verwendet.

Motivation

The last years have highlighted the fact that security precautions of information and communication technology (ICT) in many critical infrastructures are clearly insufficient, especially if considering targeted attacks carried out by resourceful and motivated individuals or organizations. Critical infrastructures, such as energy or water provisioning, transportation, telecommunication, or health support are relying to an ever-larger extent on ICT, often being monitored or controlled in a semi or fully automated way. Disruption of these control processes may turn out to be disastrous, particularly as many of these systems are cyber-physical systems that interact with the real world through sensors and actuators and can thus have a direct influence on the physical world not mediated by the common sense of a human being. This is especially true for many industrial control systems (ICS) that control vital processes in many areas of industry.

Rendering ICT systems in industrial control systems unusable or malfunctioning can cause huge economic damages or even endanger human lives. The Stuxnet malware that actually damaged around 1000 Uranium enrichment centrifuges in the Iranian enrichment facility in Natanz (which was possibly its goal) is the most well-known examples reported 1. Many similar examples, where industrial control systems have been affected due to insufficient security precautions 2, have been published meanwhile. The proliferation of the sophisticated Stuxnet-like malware (e.g., Duqu, Flame, or Gauss) shows how imminent the threat is and how limited our detection and response countermeasures.

Increased efforts in research are required to protect industrial control systems. This is a consequence of the increasing shift of the industrial ICT to the IP protocol leading to sensible ICT infrastructures which are more vulnerable as the proprietary systems used in the past. A problem is that all malware available in open ICT systems suddenly also becomes available to attackers on industrial control systems and that a lot of known vulnerabilities become exploitable. On the pro side, many established security mechanisms like firewalls, intrusion detection systems, or operating system security mechanisms like malware scanners can be applied. However, you often need to specifically adjust them for the new domain (e.g., by having SCADA-specific signatures for an intrusion detection system). At the same time, the different (dependability) requirements and different applications in industrial control systems often require new or updated approaches, e.g., regarding security updating or security testing methodologies.

The main objective of the seminar will be to discuss new approaches and ideas for securing industrial control systems. The seminar is a merger of two previous Dagstuhl seminars that addressed these issues in the recent past: (1) the series of Dagstuhl seminars Network Attack Detection and Defense 2008 and 2012, and (2) the Dagstuhl seminar Securing Critical Infrastructures from Targeted Attacks held in 2012. In this seminar we want to consider appropriate methods for detecting attacks on industrial control systems and for limiting the impact on the physical components. This is closely coupled to the question if and how reactive security mechanisms can be made more ICS- and process-aware. To some extend it seems possible to adopt existing security approaches from other areas (e.g., conventional networks, embedded systems, sensor networks, robotics). The main question is whether adopting these approaches is enough to reach the desired security level in the specific domain of industrial control systems. Detecting attacks to the physical components and appropriate reactions are new aspects that need to be considered as well.

Specific questions to be addressed during the seminar may include:

  • How can existing approaches for detection, reaction, and analysis be enhanced or better adapted for industrial control systems?
  • How can reactive security mechanisms be made more system- and process-aware and how will this be leveraged for enhancing security?
  • How can security systems be made more reactive, adaptive, and self-defending?
  • How can the negative effects of successful attacks be contained?
  • How can industrial control systems be made resilient to attack, and able to maintain critical (possibly degraded) function in the presence of attack?
  • What are likely attack scenarios and how can one cope with targeted attacks that are by there very nature almost impossible to predict?
  • How can technical solutions and organizational policies be aligned and enhanced in a consistent way?
  • How do the approaches of academia and industry in addressing targeted attacks on industrial control systems differ?

The seminar will provide a forum for the exchange about ideas and approaches pursued in academic research and the demands and experience of industry practitioners.

Areas of interest, but are not limited to the following:

  • Critical infrastructure protection
  • Detecting attacks on industrial control systems
  • Security in SCADA networks
  • Reaction to attacks on industrial control systems and damage containment
  • Analyzing targeted attacks on industrial control systems
  • Future attack scenarios and attacker models
  • Design of attack resilient industrial control systems
  • Sharing of information and return on experience related to past attacks against industrial control systems

See

1 http://www.isis-online.org/isis-reports/detail/did-stuxnet-take-out-1000-centrifuges-at-the-natanz-enrichment-plant/

See

2 http://ciip.wordpress.com/2009/06/21/a-list-of-reported-scada-incidents/