Cyber-Security-Aware Network Design of Industrial Control Systems | IEEE Journals & Magazine | IEEE Xplore
Subscribe
ADVANCED SEARCH
Journals & Magazines >IEEE Systems Journal >Volume: 11 Issue: 3

Cyber-Security-Aware Network Design of Industrial Control Systems

PDF
Béla Genge; Piroska Haller; István Kiss
All Authors

Abstract:

The pervasive adoption of traditional information and communication technologies hardware and software in industrial control systems (ICS) has given birth to a unique tec...Show More

Metadata

Abstract:

The pervasive adoption of traditional information and communication technologies hardware and software in industrial control systems (ICS) has given birth to a unique technological ecosystem encapsulating a variety of objects ranging from sensors and actuators to video surveillance cameras and generic PCs. Despite their invaluable advantages, these advanced ICS create new design challenges, which expose them to significant cyber threats. To address these challenges, an innovative ICS network design technique is proposed in this paper to harmonize the traditional ICS design requirements pertaining to strong architectural determinism and real-time data transfer with security recommendations outlined in the ISA-62443.03.02 standard. The proposed technique accommodates security requirements by partitioning the network into security zones and by provisioning critical communication channels, known as security conduits, between two or more security zones. The ICS network design is formulated as an integer linear programming (ILP) problem that minimizes the cost of the installation. Real-time data transfer limitations and security requirements are included as constraints imposing the selection of specific traffic paths, the selection of routing nodes, and the provisioning of security zones and conduits. The security requirements of cyber assets denoted by traffic and communication endpoints are determined by a cyber attack impact assessment technique proposed in this paper. The sensitivity of the proposed techniques to different parameters is evaluated in a first scenario involving the IEEE 14-bus model and in a second scenario involving a large network topology based on generated data. Experimental results demonstrate the efficiency and scalability of the ILP model.
Published in: IEEE Systems Journal ( Volume: 11, Issue: 3, September 2017)
Page(s): 1373 - 1384
Date of Publication: 19 August 2015

ISSN Information:

DOI: 10.1109/JSYST.2015.2462715

Funding Agency:

References is not available for this document.
Contents

I. Introduction

The massive proliferation of traditional information and communication technologies (ICT) hardware and software into the heart of industrial control systems (ICS) has given birth to a unique technological ecosystem. Modern ICS encompass a variety of objects ranging from sensors and actuators, industrial radio-frequency identification (RFID), e.g., product tracking devices, video surveillance cameras to generic PCs, networking and security devices such as industrial Ethernet, firewall, and intrusion detection systems. These advanced ICS deliver various services and features; they improve operational benefits of control, reliability, and safety and facilitate the implementation of novel infrastructural paradigms such as smart grid.

Select All
1.
M. Hagerott, "Stuxnet and the vital role of critical infrastructure operators and engineers", Int. J. Crit. Infrastruct. Protect., vol. 7, no. 4, pp. 244-246, Dec. 2014.
CrossRef Google Scholar
2.
"Dragonfly: Cyberespionage attacks against energy suppliers", Symantec Security Response, 2014.
Google Scholar
3.
K. Stouffer, J. Falco and K. Scarfone, NIST SP 800-82 Guide to Industrial Control Systems (ICS) Security. Revision 1, Gaithersburg, MD, USA:National Institute of Standards and Technology, 2013.
Google Scholar
4.
"IEEE Security for Industrial Automation and Control Systems: Security Risk Assessment and System Design, ISA-62443.03.02 (99.03.02)", 2014.
Google Scholar
5.
R. Berthier et al., "Reconciling security protection and monitoring requirements in advanced metering infrastructures", Proc. IEEE Int. Conf. SmartGridComm, pp. 450-455, 2013.
CrossRef Google Scholar
6.
Y. Zhang et al., "Securing vehicle-to-grid communications in the smart grid", IEEE Wireless Commun., vol. 20, no. 6, pp. 66-73, Dec. 2013.
View Article
Google Scholar
7.
H. Liu, H. Ning, Y. Zhang, Q. Xiong and L. Yang, "Role-dependent privacy preservation for secure V2G networks in the smart grid", IEEE Trans. Inf. Forensics Security, vol. 9, no. 2, pp. 208-220, Feb. 2014.
CrossRef Google Scholar
8.
D. N. Ford, "A behavioral approach to feedback loop dominance analysis", Syst. Dyn. Rev., vol. 15, no. 1, pp. 3-36, 1999.
CrossRef Google Scholar
9.
L. Carro-Calvo, S. Salcedo-Sanz, J. A. Portilla-Figueras and E. Ortiz-Garca, "A genetic algorithm with switch-device encoding for optimal partition of switched industrial ethernet networks", J. Netw. Comput. Appl., vol. 33, no. 4, pp. 375-382, Jul. 2010.
CrossRef Google Scholar
10.
Z. Zhou, B. Chen, H. Wang and Z. Fan, "Study on the evolutionary optimisation of the topology of network control systems", Enterprise Inf. Syst., vol. 4, no. 3, pp. 247-264, Aug. 2010.
CrossRef Google Scholar
11.
L. Zhang, M. Lampe and Z. Wang, "A hybrid genetic algorithm to optimize device allocation in industrial ethernet networks with real-time constraints", J. Zhejiang Univ. Science C, vol. 12, no. 12, pp. 965-975, Dec. 2011.
CrossRef Google Scholar
12.
L. Zhang, M. Lampe and Z. Wang, "Multi-objective topology design of industrial ethernet networks", Frequenz, vol. 66, no. 5/6, pp. 159-165, May 2012.
CrossRef Google Scholar
13.
K. Diao and W. Rauch, "Controllability analysis as a pre-selection method for sensor placement in water distribution systems", Water Res., vol. 47, no. 16, pp. 6097-6108, Oct. 2013.
CrossRef Google Scholar
14.
B. Genge and C. Siaterlis, "Physical process resilience-aware network design for SCADA systems", Comput. Elect. Eng., vol. 40, no. 1, pp. 142-157, Jan. 2014.
CrossRef Google Scholar
15.
S. Zahidi, F. Aloul, A. Sagahyroon and W. El-Hajj, "Optimizing complex cluster formation in MANETs using SAT/ILP techniques", IEEE Sensors J., vol. 13, no. 6, pp. 2400-2412, Jun. 2013.
View Article
Google Scholar
16.
A. Capone, J. Elias and F. Martignon, "Models and algorithms for the design of service overlay networks", IEEE Trans. Netw. Serv. Manage., vol. 5, no. 3, pp. 143-156, Sep. 2008.
View Article
Google Scholar
17.
M. Rahman and R. Boutaba, "SVNE: Survivable virtual network embedding algorithms for network virtualization", IEEE Trans. Netw. Serv. Manage., vol. 10, no. 2, pp. 105-118, Jun. 2013.
View Article
Google Scholar
18.
Q. Hu, Y. Wang and X. Cao, "Survivable network virtualization for single facility node failure: A network flow perspective", Opt. Switching Netw., vol. 10, no. 4, pp. 406-415, Oct. 2013.
CrossRef Google Scholar
19.
D. Liao, G. Sun, V. Anand and K. Xiao, "Efficient provisioning of hybrid virtual network with stochastic resource demands", IETE Tech. Rev., vol. 31, no. 5, pp. 342-352, Sep. 2014.
CrossRef Google Scholar
20.
I. B. B. Harter, D. A. Schupke, M. Hoffmann and G. Carle, "Optimal design of resilient virtual networks", J. Opt. Commun. Netw., vol. 7, no. 2, pp. A218-A234, Feb. 2015.
View Article
Google Scholar
21.
G. Nan et al., "Stackelberg game for bandwidth allocation in cloud-based wireless live-streaming social networks", IEEE Syst. J., vol. 8, no. 1, pp. 256-267, Mar. 2014.
View Article
Google Scholar
22.
D. Kundur, X. Feng, S. Liu, T. Zourntos and K. Butler-Purry, "Towards a framework for cyber attack impact analysis of the electric smart grid", Proc. 1st IEEE Int. Conf. SmartGridComm, pp. 244-249, Oct. 2010.
CrossRef Google Scholar
23.
K. Sgouras, A. Birda and D. Labridis, "Cyber attack impact on critical smart grid infrastructures", Proc. IEEE PES ISGT, pp. 1-5, Feb. 2014.
View Article
Google Scholar
24.
S. Sridhar and M. Govindarasu, "Model-based attack detection and mitigation for automatic generation control", IEEE Trans. Smart Grid, vol. 5, no. 2, pp. 580-591, Mar. 2014.
View Article
Google Scholar
25.
E. Bilis, W. Kroger and C. Nan, "Performance of electric power systems under physical malicious attacks", IEEE Syst. J., vol. 7, no. 4, pp. 854-865, Dec. 2013.
View Article
Google Scholar
26.
M. Krotofil, A. Cárdenas, J. Larsen and D. Gollmann, "Vulnerabilities of cyber-physical systems to stale data-determining the optimal time to launch attacks", Int. J. Crit. Infrastruct. Protect., vol. 7, no. 4, pp. 213-232, Dec. 2014.
CrossRef Google Scholar
27.
J. Slay and M. Miller, "Lessons learned from the maroochy water breach" in Critical Infrastructure Protection, New York, NY, USA:Springer-Verlag, vol. 253, pp. 73-82, 2008.
CrossRef Google Scholar
28.
B. Galloway and G. Hancke, "Introduction to industrial control networks", IEEE Commun. Surveys Tuts., vol. 15, no. 2, pp. 860-880, 2013.
View Article
Google Scholar
29.
J.-P. Thomesse, "Fieldbus technology in industrial automation", Proc. IEEE, vol. 93, no. 6, pp. 1073-1101, Jun. 2005.
View Article
Google Scholar
30.
P. Derler, E. A. Lee, S. Tripakis and M. Törngren, "Cyber-physical system design contracts", Proc. ACM/IEEE 4th Int. Conf. Cyber-Phys. Syst., pp. 109-118, 2013.
CrossRef Google Scholar
Contact IEEE to Subscribe
More Like This
CHASE: A Configurable Hardware-Assisted Security Extension for Real-Time Systems

2019 IEEE/ACM International Conference on Computer-Aided Design (ICCAD)

Published: 2019

Protecting Security-Critical Real-Time Systems against Fault Attacks in Many-Core Platforms

2022 CPSSI 4th International Symposium on Real-Time and Embedded Systems and Technologies (RTEST)

Published: 2022

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.