S4 Preview - Maintaining PCS Functionality Despite an Active Cyber Exploitation
Ron Pawlowski of PNL takes a unique approach in his S4 paper. Assume the perimeter has been breached and the field device is being attacked, perhaps even successfully attacked. What security controls can be put in place “to help PCS computers right through, fight, and perhaps defeat an ongoing cyber attack”?
This is an appealing approach because availability is widely recognized as the primary security objective in control systems. Maintaining availability in a control system goes beyond checkpoint and restore functions; real time operation is required. The abstract has minimal detail so I’m looking forward to reading the paper and seeing it presented at S4. Could an attack be recognized and put the device into a locked down state? What would a locked down state be exactly?
Most of the results in the paper come from PNL’s Security Hardened Attack Resistant Platform (SHARP)
Author: Dale Peterson
Posted: November 12th, 2007 under S4.
Comments: 1
Comments
Comment from Eyal Udassin
Time: November 13, 2007, 4:56 am
It is common practice in critical IT networks to make the site as resilient as possible to an attack, under the assumption that a segment (or segments) of the network has been compromised by an attacker. This is the first time that I encountered an article dealing with the SCADA network compromise as the base assumption.
I’m really looking forward to see PNL’s work in this field, as this is obviously a very challenging task.
Write a comment