193 research outputs found
Protecting PROFINET cyclic real-time traffic : a performance evaluation and verification platform
PROFINET is a widely adopted, real-time capable Industrial Ethernet standard, that as other automation system technologies, is subject to an increasing level of vertical integration into companyâs existing IT infrastructure. This integration exposes automation systems to well-known cyber attacks, which leads to a growing need for suitable security solutions. The challenge in protecting PROFINET automation systems is ensuring the suitability of solutions for use with minimal PROFINET cycle times of 250 Îźs needed to fulfill high-speed motion control market expectations. We develop a prototype of a transparent security switch, designed to apply protection mechanisms on-the-fly. We use this platform to test an initial implementation of a protection system, present preliminary results and further work
POET: A Self-learning Framework for PROFINET Industrial Operations Behaviour
Since 2010, multiple cyber incidents on industrial infrastructure, such as Stuxnet and CrashOverride, have exposed the vulnerability of Industrial Control Systems (ICS) to cyber threats. The industrial systems are commissioned for longer duration amounting to decades, often resulting in non-compliance to technological advancements in industrial cybersecurity mechanisms. The unavailability of network infrastructure information makes designing the security policies or configuring the cybersecurity countermeasures such as Network Intrusion Detection Systems (NIDS) challenging. An empirical solution is to self-learn the network infrastructure information of an industrial system from its monitored network traffic to make the network transparent for downstream analyses tasks such as anomaly detection. In this work, a Python-based industrial communication paradigm-aware framework, named PROFINET Operations Enumeration and Tracking (POET), that enumerates different industrial operations executed in a deterministic order of a PROFINET-based industrial system is reported. The operation-driving industrial network protocol frames are dissected for enumeration of the operations. For the requirements of capturing the transitions between industrial operations triggered by the communication events, the Finite State Machines (FSM) are modelled to enumerate the PROFINET operations of the device, connection and system. POET extracts the network information from network traffic to instantiate appropriate FSM models (Device, Connection or System) and track the industrial operations. It successfully detects and reports the anomalies triggered by a network attack in a miniaturized PROFINET-based industrial system, executed through valid network protocol exchanges and resulting in invalid PROFINET operation transition for the device
Advancing Protocol Diversity in Network Security Monitoring
With information technology entering new fields and levels of deployment, e.g., in areas of energy, mobility, and production, network security monitoring needs to be able to cope with those environments and their evolution. However, state-of-the-art Network Security Monitors (NSMs) typically lack the necessary flexibility to handle the diversity of the packet-oriented layers below the abstraction of TCP/IP connections. In this work, we advance the software architecture of a network security monitor to facilitate the flexible integration of lower-layer protocol dissectors while maintaining required performance levels. We proceed in three steps: First, we identify the challenges for modular packet-level analysis, present a refined NSM architecture to address them and specify requirements for its implementation. Second, we evaluate the performance of data structures to be used for protocol dispatching, implement the proposed design into the popular open-source NSM Zeek and assess its impact on the monitor performance. Our experiments show that hash-based data structures for dispatching introduce a significant overhead while array-based approaches qualify for practical application. Finally, we demonstrate the benefits of the proposed architecture and implementation by migrating Zeek\u27s previously hard-coded stack of link and internet layer protocols to the new interface. Furthermore, we implement dissectors for non-IP based industrial communication protocols and leverage them to realize attack detection strategies from recent applied research. We integrate the proposed architecture into the Zeek open-source project and publish the implementation to support the scientific community as well as practitioners, promoting the transfer of research into practice
Industrial Fieldbus Improvements in Power Distribution and Conducted Noise Immunity With No Extra Costs
Industrial distributed control continues the move
toward networks at all levels. At lower levels, control networks
provide flexibility, reliability, and low cost, although perhaps the
simplest but most important advantage is the reduced volume
of wiring. Powered fieldbuses offer particular notable benefits in
system wiring simplification. Nevertheless, very few papers are
dealing with the potentials and limitations in power distribution
through the bus cable. Only a few of the existent fieldbus standards
consider this possibility but often simply as an option without
enough technical specifications. In fact, nobody talks about it, but
power distribution through the bus and conducted noise disturbances
are strongly related. This paper points out and analyzes
these limitations and proposes a new low-cost fieldbus physical
layer that enlarges power distribution capability of the bus and
improves system robustness. We show an industrial application
on water desalination plants and the very good results obtained
owing to the fieldbus. Finally, we present electromagnetic compatibility
test results that verify improvements against electrical fast
transients on the sensor/actuator connection side as disturbances
usually encountered in harsh-environment industrial applications
Ethernet - a survey on its fields of application
During the last decades, Ethernet progressively became the most widely used local area networking (LAN) technology. Apart from LAN installations, Ethernet became also attractive for many other fields of application, ranging from industry to avionics, telecommunication, and multimedia. The expanded application of this technology is mainly due to its significant assets like reduced cost, backward-compatibility, flexibility, and expandability. However, this new trend raises some problems concerning the services of the protocol and the requirements for each application. Therefore, specific adaptations prove essential to integrate this communication technology in each field of application. Our primary objective is to show how Ethernet has been enhanced to comply with the specific requirements of several application fields, particularly in transport, embedded and multimedia contexts. The paper first describes the common Ethernet LAN technology and highlights its main features. It reviews the most important specific Ethernet versions with respect to each application fieldâs requirements. Finally, we compare these different fields of application and we particularly focus on the fundamental concepts and the quality of service capabilities of each proposal
Applying Lessons from Cyber Attacks on Ukrainian Infrastructures to Secure Gateways onto the Industrial Internet of Things
Previous generations of safety-related industrial control systems were âair gappedâ. In other words, process control
components including Programmable Logic Controllers (PLCs) and smart sensor/actuators were disconnected and
isolated from local or wide area networks. This provided a degree of protection; attackers needed physical access to
compromise control systems components. Over time this âair gapâ has gradually been eroded. Switches and
gateways have subsequently interfaced industrial protocols, including Profibus and Modbus, so that data can be
drawn from safety-related Operational Technology into enterprise information systems using TCP/IP. Senior
management uses these links to monitor production processes and inform strategic planning. The Industrial Internet
of Things represents another step in this evolution â enabling the coordination of physically distributed resources
from a centralized location. The growing range and sophistication of these interconnections create additional
security concerns for the operation and management of safety-critical systems. This paper uses lessons learned
from recent attacks on Ukrainian critical infrastructures to guide a forensic analysis of an IIoT switch. The intention
is to identify and mitigate vulnerabilities that would enable similar attacks to be replicated across Europe and North
America
Securing the Participation of Safety-Critical SCADA Systems in the Industrial Internet of Things
In the past, industrial control systems were âair gappedâ and
isolated from more conventional networks. They used
specialist protocols, such as Modbus, that are very different
from TCP/IP. Individual devices used proprietary operating
systems rather than the more familiar Linux or Windows.
However, things are changing. There is a move for greater
connectivity â for instance so that higher-level enterprise
management systems can exchange information that helps
optimise production processes. At the same time, industrial
systems have been influenced by concepts from the Internet
of Things; where the information derived from sensors and
actuators in domestic and industrial components can be
addressed through network interfaces. This paper identifies a
range of cyber security and safety concerns that arise from
these developments. The closing sections introduce potential
solutions and identify areas for future research
Recommended from our members
Modern human machine interface in industrial wireless networks
This paper presents several existing experimental setups on latest industrial systems and provide comparison of advantages and disadvantages of different HMI implementation. It proposes a simple and low cost HMI system for automation by using remote software application. The method does not required specific software package from vendors, hence provide a low cost and easily available solutions for control. We have examined their switching on various wireless technologies including Bluetooth, Infrared, Wi-Fi and Cellular Mobile Systems. The presented HMI provide effective and inexpensive control of automation systems by using remote software packages on the mobile phone, tablet and laptop. This paper presents several experiments on HMIs. The first set of experiments are related existing HMI systems on latest Siemens TIA Portal software and hardware. The second set of experiments presents the developed method of HMI switching and control by using remote communication software; Vectir and Teamviewer over different industrial wireless technologies
Cybersecurity of Industrial Cyber-Physical Systems: A Review
Industrial cyber-physical systems (ICPSs) manage critical infrastructures by
controlling the processes based on the "physics" data gathered by edge sensor
networks. Recent innovations in ubiquitous computing and communication
technologies have prompted the rapid integration of highly interconnected
systems to ICPSs. Hence, the "security by obscurity" principle provided by
air-gapping is no longer followed. As the interconnectivity in ICPSs increases,
so does the attack surface. Industrial vulnerability assessment reports have
shown that a variety of new vulnerabilities have occurred due to this
transition while the most common ones are related to weak boundary protection.
Although there are existing surveys in this context, very little is mentioned
regarding these reports. This paper bridges this gap by defining and reviewing
ICPSs from a cybersecurity perspective. In particular, multi-dimensional
adaptive attack taxonomy is presented and utilized for evaluating real-life
ICPS cyber incidents. We also identify the general shortcomings and highlight
the points that cause a gap in existing literature while defining future
research directions.Comment: 32 pages, 10 figure
- âŚ