Leveraging Software-Defined Networking for Incident Response in Industrial Control Systems

Piedrahita, Andrés Felipe Murillo; Gaur, Vikram; Giraldo, Jairo; Cárdenas, Álvaro A.; Rueda, Sandra

doi:10.1109/ms.2017.4541054

Cited by 39 publications

(14 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The proposed response mechanism replaces the measurements from the compromised sensor with a measurement sequence that the linear model generates. Similarly, in [30], a SCADA system with software-defined network (SDN) assistance is presented, which replaces compromised measurements with estimated ones. For evaluation, an extension of the MiniCPS [31] is developed in order to provide SDN functionalities for both supervisory and field networks.…”

Section: Model-based Responsementioning

confidence: 99%

See 1 more Smart Citation

Classifying resilience approaches for protecting smart grids against cyber threats

Syrmakesis

Alcaraz

Hatziargyriou

2022

Int. J. Inf. Secur.

View full text Add to dashboard Cite

Smart grids (SG) draw the attention of cyber attackers due to their vulnerabilities, which are caused by the usage of heterogeneous communication technologies and their distributed nature. While preventing or detecting cyber attacks is a well-studied field of research, making SG more resilient against such threats is a challenging task. This paper provides a classification of the proposed cyber resilience methods against cyber attacks for SG. This classification includes a set of studies that propose cyber-resilient approaches to protect SG and related cyber-physical systems against unforeseen anomalies or deliberate attacks. Each study is briefly analyzed and is associated with the proper cyber resilience technique which is given by the National Institute of Standards and Technology in the Special Publication 800-160. These techniques are also linked to the different states of the typical resilience curve. Consequently, this paper highlights the most critical challenges for achieving cyber resilience, reveals significant cyber resilience aspects that have not been sufficiently considered yet and, finally, proposes scientific areas that should be further researched in order to enhance the cyber resilience of SG.

show abstract

Section: Model-based Responsementioning

confidence: 99%

“…Moreover, the incident response system for the water treatment SCADA system, previously presented in [30], can also use SDN for deception technique. According to this work, another potential incident-response strategy to mitigate an attack is to mislead an adversary to a honeypot when an attack has been detected.…”

Section: Software-defined Networkingmentioning

confidence: 99%

Classifying resilience approaches for protecting smart grids against cyber threats

Syrmakesis

Alcaraz

Hatziargyriou

2022

Int. J. Inf. Secur.

View full text Add to dashboard Cite

show abstract

“…This is particularly useful for control networks within critical infrastructures, which require extremely high availability. Reference [25] discusses how SDN and Network Function Virtualization (NFV) technologies can help design automatic incident-response mechanisms for ICS and also describes a prototype to show the feasibility in a scenario that uses Programmable Logic Controllers (PLC) managing a classical tank-filling control system. Reference [26] studies the applicability of emerging technologies in the area of IP networks, including SDN, NFV, and next generation firewalls, to secure ICS.…”

Section: Software Defined Networkingmentioning

confidence: 99%

Advancements and Research Trends in Microgrids Cybersecurity

2021

View full text Add to dashboard Cite

Microgrids are growing in importance in the Smart Grid paradigm for power systems. Microgrid security is becoming crucial since these systems increasingly rely on information and communication technologies. Many technologies have been proposed in the last few years for the protection of industrial control systems, ranging from cryptography, network security, security monitoring systems, and innovative control strategies resilient to cyber-attacks. Still, electrical systems and microgrids present their own peculiarities, and some effort has to be put forth to apply cyber-protection technologies in the electrical sector. In the present work, we discuss the latest advancements and research trends in the field of microgrid cybersecurity in a tutorial form.

show abstract

“…But these studies were proactive response approaches, they could not identity what type of field devices were compromised and react as soon as an attack was detected. In [25], Piedrahita et al described a prospect of intrusion response solution in ICSs by leveraging the SDN and network functions virtualization (NFV) techniques, but it did not suggest a specific method.…”

Section: B Software-defined Security (Sdsec)mentioning

confidence: 99%

A Software-Defined Security Approach for Securing Field Zones in Industrial Control Systems

2019

View full text Add to dashboard Cite

Industrial control systems (ICSs) are facing increasingly severe security threats. Zone isolation, a commonly adopted idea for stopping attack propagation in general information systems, has been investigated for ICS security protection. It is usually implemented through perimeter security techniques. However, anomaly states of the physical processes in a compromised field zone may spread into other zones through the inter-zone information interaction. Due to the coupling of the physical processes between different zones, it is difficult to prevent the propagation of attack impact in ICSs. In this paper, a softwaredefined security (SDSec) approach is presented to address this problem. It consists of a hybrid anomaly detection module and a multi-level security response module, both of which work together to secure the ICS field zones. The hybrid anomaly detection module inspects anomaly behaviors from the perspectives of network communications and physical process states. The multi-level security response module helps prevent unapproved packets from communications, thus isolating any compromised zone. It also generates attack mitigation strategies to secure physical processes. Hardware-in-the-loop simulations are conducted to demonstrate the effectiveness of the presented approach.

show abstract

Leveraging Software-Defined Networking for Incident Response in Industrial Control Systems

Cited by 39 publications

References 8 publications

Classifying resilience approaches for protecting smart grids against cyber threats

Classifying resilience approaches for protecting smart grids against cyber threats

Advancements and Research Trends in Microgrids Cybersecurity

A Software-Defined Security Approach for Securing Field Zones in Industrial Control Systems

Contact Info

Product

Resources

About