Securing Current and Future Process Control Systems
by Dr. Steven Cheung, Martin Fong, Dr. Ulf Lindqvist, Alfonso Valdes, Robert Cunningham (lead author), David Nicol, Ronald Pawlowski, Eric Robinson, William Sanders, Sankalp Singh, Bradley Woodworth & Michael Zhivich.
Chapter 8 in IFIP International Federation for Information Processing, Volume 253, Critical Infrastructure Protection,
eds. E. Goetz and S. Shenoi; (Boston: Springer), pp. 99-115.
Process control systems (PCSs) are instrumental to the safe, reliable and efficient operation of many critical infrastructure components. However, PCSs increasingly employ commodity information technology (IT) elements and are being connected to the Internet. As a result, they have inherited IT cyber risks, threats and attacks that could affect the safe and reliable operation of infrastructure components, adversely affecting human safety and the economy.
This paper focuses on the problem of securing current and future PCSs, and describes tools that automate the task. For current systems, we advocate specifying a policy that restricts control network access and verifying its implementation. We further advocate monitoring the control network to ensure policy implementation and verify that network use matches the design specifications. For future process control networks, we advocate hosting critical PCS software on platforms that tolerate malicious activity and protect PCS processes, and testing software with specialized tools to ensure that certain classes of vulnerabilities are absent prior to shipping.
Available for download from Springer.