Abstract
The secure and reliable operation of industrial control systems is becoming more and more challenging due to the increasing size, complexity, and heterogeneity of such systems. A constant change of requirements and responsibilities results in an increased frequency of configuration and topological changes, which renders a manual verification of system security infeasible. Thus, there is a need for automatic mechanisms that allows a system to uphold a desired level of security autonomously. In this paper, we present a framework that enables a system to harden itself periodically, i.e., the framework ensures that each device complies to a security baseline tailored to the device’s functionality and capability. The evaluation of our implementation shows that the framework effectively and efficiently corrects any deviations from the desired state at each networked device and thereby guarantees that the overall system remains compliant to pre-defined security policies. Moreover, the scalability tests conducted in a cloud infrastructure indicate that the framework is suitable for fairly large networks, with hundreds of individual devices, which makes it suitable for a wide range of practical control systems.
Highlights
Today’s industrial control systems, which are responsible for the monitoring and control of, e.g., power grids, emergency communication systems, or industrial production processes, are becoming increasingly complex
In order to be able to use the approach for a large system, the efficiency of the proposed framework is important
We have analyzed the performance of the three different execution modes of our hardening system, i.e., agent-based, SSH, and PowerShell, and identified potential optimizations
Summary
Today’s industrial control systems, which are responsible for the monitoring and control of, e.g., power grids, emergency communication systems, or industrial production processes, are becoming increasingly complex. As a result of the growing complexity and size, the management and control of such systems is continuously becoming a harder and more time-consuming task. Hardening large systems is a challenging task because the systems are growing, and because the proliferation of networked devices has caused a substantial increase in the rate of network changes, which further exacerbates the management and control problem. Frequent changes in the configuration necessitate a periodic validation of the security settings at all devices. Given a set of potentially changing security policies, we present a mechanism that allows a heterogeneous system to harden itself periodically. The implementation of our framework is evaluated with respect to various metrics such as bandwidth and CPU consumption, and the time required to harden all devices. The scalability of the implementation is analyzed as well by emulating hundreds of devices in Amazon’s Elastic Computing Cloud
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
