Abstract

Water CIs are exposed to a wide number of IT challenges that go from the cooperation and alignment between physical and cyber security teams to the proliferation of new vulnerabilities and complex cyber-attacks with potential disastrous consequences. Although novel and powerful solutions are proposed in the literature, most of them lack appropriate mechanisms to detect cyber and physical attacks in real time. We propose a Cross-Layer Analytic Platform (denoted as CLAP) developed for the correlation of Cyber and Physical security events affecting water CIs. CLAP aims to improve the detection of complex attack scenarios in real time based on the correlation of cyber and physical security events. The platform assigns appropriate severity values to each correlated alarm that will guide security analysts in the decision-making process of prioritizing mitigation actions. A series of passive and active attack scenarios against the target infrastructure are presented at the end of the paper to show the mechanisms used for the detection and correlation of cyber–physical security events. Results show promising benefits in the improvement of response accuracy, false rates reduction and real-time detection of complex attacks based on cross-correlation rules.

Highlights

  • Protecting Critical Infrastructures (CIs) is of vital importance and should depend on a list of security policies and rules

  • We present in this paper a Cross-Layer Analytic Platform, developed for the correlation of Cyber and Physical security events affecting water CIs

  • Using the built-in SIEM features, Cross-Layer Analytic Platform (CLAP) can correlate events coming from the system logs (IDS installed in the end-user infrastructure) with information from the network traffic and information from other security sensors related to jamming signals (JDet)

Read more

Summary

Introduction

Protecting Critical Infrastructures (CIs) is of vital importance and should depend on a list of security policies and rules. Human lives depend on the continuous delivery of services such as water, electricity, transportation, etc. Unlike traditional IT infrastructures, CIs include two types of technologies that do not always coexist jointly: Information Technology (IT) and Operational Technology (OT). The former includes all forms of technologies used to create, store, share and transmit information (e.g., data, voice, video, etc.), whereas the latter consists of hardware and software systems that monitor and control physical equipment and processes to manage critical infrastructures (e.g., water, gas, energy, transportation, manufacturing, etc.).

Results
Discussion
Conclusion

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.