Deakin University
Browse

Techniques for Enhancing Security in Industrial Control Systems

Download (5.7 MB)
journal contribution
posted on 2024-08-09, 01:59 authored by Vijay Varadharajan, Uday Tupakula, Kallol Krishna Karmakar
Increasingly Industrial Control Systems (ICS) systems are being connected to the Internet to minimise the operational costs and provide additional flexibility. These control systems such as the ones used in power grids, manufacturing and utilities operate continually and have long lifespans measured in decades rather than years as in the case of Information Technology (IT) systems. Such industrial control systems require uninterrupted and safe operation. However, they can be vulnerable to a variety of attacks, as successful attacks on critical control infrastructures could have devastating consequences to the safety of human lives as well as a nation’s security and prosperity. Furthermore, there can be a range of attacks that can target ICS and it is not easy to secure these systems against all known attacks let alone unknown ones. In this paper, we propose a software enabled security architecture using Software Defined Networking (SDN) and Network Function Virtualisation (NFV) that can enhance the capability to secure industrial control systems. We have designed such an SDN/NFV enabled security architecture and developed a Control System Security Application (CSSA) in SDN Controller for enhancing security in ICS by achieving real time situational awareness and dynamic policy-driven decision making across the network infrastructure. In particular, CSSA can be used for establishing secure path for end-to-end communication between devices and also deal against certain specific attacks namely denial of service attacks, from unpatched vulnerable control system components and securing the communication flows from the legacy devices that do not support any security functionality. We also discuss how CSSA provides reliable paths for safety critical messages in control systems. We discuss the prototype implementation of the proposed architecture and the results obtained from our analysis.

History

Journal

ACM Transactions on Cyber-Physical Systems

Volume

8

Pagination

1-36

Location

New York, N.Y.

Open access

  • Yes

ISSN

2378-962X

eISSN

2378-9638

Language

eng

Publication classification

C1.1 Refereed article in a scholarly journal

Issue

1

Publisher

Association for Computing Machinery