I will be previewing some of the papers and presentations in this year’s S4 over the next few weeks.

Digital Bond’s 4th Annual SCADA Security Scientific Symposium [S4] is being held January 20 – 21 in warm and sunny Miami Beach. S4 is a bleeding edge research event where technical papers are presented in detail to a technical audience. It is not for everyone. There are no best practice papers, standards or gov program overviews, policy or SCADA 101 presentations. But if you are craving some technical meat down to the byte, protocol, metric/mathematics, exploit, … level and want to talk to other technical and thought leaders, you should consider S4.

• See the detailed S4 agenda
• See the Advanced Training Course: Using and Customizing SCADA Security Tools
• Read the Abstracts from the past three S4 events
• Register for S4

Preview Paper: Leveraging Determinism in Industrial Control Systems for Advanced Anomaly Detection and Reliable Security Configuration

We were thrilled to see some abstracts from control system vendors research teams this year. This paper comes from a team at ABB various European locations. This paper is hard to preview because there is a lot of technical detail, but here goes:

We have had papers on anomaly detection in past S4 events and each year they get closer to practical application of a generally accepted theory that the limited and stereotypical nature of control systems, as compared to business networks, should make anomaly detection a more effective intrusion detection method.

In this paper the ABB team shows how they can derive configuration file(s) to setup different security measures based on the input from System Description Files. Second, the paper highlights an important anomaly in industrial control systems, namely the missing/tardiness of expected traffic using 61850 based substation automation as an example. Current security measures do not alert on the disappearance of the expected traffic, and this type of anomaly is as critical as the other type of anomaly.

The authors provide some serious technical meat in showing how the proposed system works by taking IEC 61850 SCD files and generating configuration files for security measures such as firewall and IDS/IPS and as well configuration for missing traffic detector. In addition, the design of the Snort IDS preprocessor to realize the detection is presented.

Other Previews:

• Security Testing, Vulnerabilities and Exploits in Operating Systems Used in Control System Field Devices
• An Analysis of White Listing Security Solutions and Their Applicability In Control Systems
• Security and Reliability of Wireless LAN Protocol Stacks Used in Control Systems
• Enabling Secure Information Exchange from a Less Secure Zone to Control System Zone in a Critical Infrastructure