2nd International Symposium for ICS & SCADA Cyber Security Research 2014 (ICS-CSR 2014) (ICSCSR)
ICS & SCADA Cyber Security Research 2014 (ICS-CSR 2014)
11-12 September 2014
The secure and reliable operation of industrial control systems is becoming more and more challenging due to the increasing size, complexity, and heterogeneity of such systems. A constant change of requirements and responsibilities results in an increased frequency of configuration and topological changes, which renders a manual verification of system security infeasible. Thus, there is a need for automatic mechanisms that allows a system to uphold a desired level of security autonomously.
In this paper, we present a framework that enables a system to harden itself periodically, i.e., the framework ensures that each device complies to a security baseline tailored to the device’s functionality and capability. The evaluation of our implementation shows that the framework effectively and efficiently corrects any deviations from the desired state at each networked device and thereby guarantees that the overall system remains compliant to pre-defined security policies. Moreover, the scalability tests conducted in a cloud infrastructure indicate that the framework is suitable for fairly large networks, with hundreds of individual devices, which makes it suitable for a wide range of practical control systems.