Abstract:Purpose: In order to leverage automation control data, Industry 4.0 manufacturing systems require industrial devices to be connected to the network. Potentially, this can increase the risk of cyberattacks, which can compromise connected industrial devices to acquire production data or gain control over the production process. Search engines such as Sentient Hyper-Optimized Data Access Network (SHODAN) can be perverted by attackers to acquire network information that can be later used for intrusion. To prevent this, cybersecurity standards propose network architectures divided into several networks segments based on system functionalities. In this architecture, Firewalls limit the exposure of industrial control devices in order to minimize security risks. This paper presents a novel Software Defined Networking (SDN) Firewall that automatically applies this standard architecture without compromising network flexibility.Design/methodology/approach: The proposed SDN Firewall changes filtering rules in order to implement the different network segments according to application level access control policies. The Firewall applies two filtering techniques described in this paper: temporal filtering and spatial filtering, so that only applications in a white list can connect to industrial control devices. Network administrators need only to configure this application-oriented white lists to comply with security standards for ICS. This simplifies to a great extent network management tasks. Authors have developed a prototype implementation based on the OPC UA Standard and conducted security tests in order to test the viability of the proposal.Findings: Network segmentation and segregation are effective counter-measures against network scanning attacks. The proposed SDN Firewall effectively configures a flat network into virtual LAN segments according to security standard guidelines. Research limitations/implications:The prototype implementation still needs to implement several features to exploit the full potential of the proposal. Next steps for development are discussed in a separate section. Practical implications:The proposed SDN Firewall has similar security features to commercially available application Firewalls, but SDN Firewalls offer additional security features. First, SDN technology provides improved performance, since SDN low-level processing functions are much more efficient. Second, with SDN, security functions are rooted in the network instead of being centralized in particular -318-Journal of Industrial Engineering and Management -https://doi.org/10.3926/jiem.2534 network elements. Finally, SDN provides a more flexible and dynamic, zero configuration framework for secure manufacturing systems by automating the rollout of security standard-based network architectures.Social implications: SDN Firewalls can facilitate the deployment of secure Industry 4.0 manufacturing systems, since they provide ICS networks with many of the needed security capabilities without compromising flexibility.Originality/va...
In order to protect ICS (Industrial Control System), there are many discussions about ICS security from the viewpoint of cyber defenders. ICS, however, has its specific difficulties to install IT security means such as antivirus with firewall software, because of its 24 hour-a-day, 365 days-a-year non-stop operation under the safety first culture. Comparing IT system, ICS has a certain advantage related to handling against cyber-attacks with operation staffs and safety devices installed in a plant. It is indispensable to fully utilize this advantage, ant at the same time, it is necessary to create leeway in terms of mental and time state to start staff's situated actions based on the safety training. In order to prepare maximum leeway and to prevent effective and concentrated cyber-attacks, human factors of attackers should be analyzed based on their attack scenarios each having three stages; "
Because of their automated processing capabilities, industrial control systems (ICSs) currently play a crucial role in plant operations. It was not long before ICS had been completely insulated from the Internet. However, because of the improved reliability of ICS devices and systems, we could find only a few plants that did not use ICS in conjunction with the Internet. As a result, the extended accessibility of almost every ICS component makes such systems vulnerable to cyber-attacks. Because of this, intrusion detection systems, which monitor ICS network traffic and detect suspicious activities within the components themselves, are extremely important. Previous studies argued that packet intervals could ideally be regarded as indicators of the hazardous status of ICSs against hacking activities, and proposed intrusion detection methodologies relying solely on packet intervals. However, these methodologies with supervised machine-learning have inevitably been compromised by cyber-attacks whose characteristics are different than those of the training dataset. We hypothesize that packet intervals in an ICS network used for automated industrial processes, which are forced to produce a certain type of periodicity, reflect a particular type of packet interval patterns. In other words, certain anomalous behaviors never fail to interfere with this pattern. This paper proposes an intrusion detection method using a singular spectrum analysis to monitor time series packets. We evaluated our proposed method on our cybersecurity testbed using penetration tests. The results verified the validity of our system realized in the packet interval periodicity. Furthermore, we examined the optimum parameter set for the singular spectrum analysis in the proposed method. From this experiment, we successfully designated criteria for the parameter-set based on the period of the packet intervals during normal operations. The proposed method successfully detected all three types of attacks within 4 sec, without producing a false alert during normal operations.
Industrial control systems (ICS) have hidden vulnerabilities that cannot be usually solved by IT security tools, because of their 24 h 365 d non-stop, non-update and non-patch operation. There is, however, very limited report of cyber-attacks, so that owners of critical infrastructures do not have much attention for their ICS protection. This is a kind of misunderstanding of the current situation caused by a lacking of capability to detect a cyber-intrusion. In order to apply an Intrusion Detection System (IDS), it is di cult to make the complete white list of communication packets, and it is also di cult to perform anomaly detection by checking the payload of packet one by one. This paper de nes characteristics of communication in the ICS network and proposes a methodology to visualize the ICS network behavior. An illustrative example of pseudo cyber-attack is also prepared for understanding our proposed method.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.