Professional Documents
Culture Documents
CDIS UCV.T.3 Next Gen ICS Security
CDIS UCV.T.3 Next Gen ICS Security
Conceção e Devolvimento
de Infraestruturas Seguras
Shadow
RTU
HIDS (OSSEC)
IT Workstation
...
Master Station N
RTU 1
Sensors/Actuators
...
Mon. Port/ Bridged
NIDS
NIDS
NIDS
HIDS (OSSEC)
HMI Client
HoneyPot Fieldbus Honeypot
Field Network
IT Network
HIDS (OSSEC)
NIDS
HIDS (OSSEC)
Fieldbus honeypot
Watchdog
implementations of services Event
Port Scan
Assembly
commonly found on modern
PLCs (SNMP, FTP, etc.) FTPD Redutor
analysis layer.
Modbus Honeypot
Events
https://www.theregister.co.uk/2015/05/11/smart_grid_security_worse_than_we_thought/
https://www.darkreading.com/perimeter/smart-meter-hack-shuts-
off-the-lights/d/d-id/1316242?
Read theUNICV
CDIS paper at:©https://eprint.iacr.org/2015/428.pdf
2023 Paulo Simões -
What do you get…
When you marry ICS with IoT?
l VLANs,
l Software-defined Networks.
You may check the slides about IEC 62443 standards, from Dan DesRuisseaux,
that are available on Moodle (CDIS.T.3.1_IEC-62443.pdf)
https://www.atena-h2020.eu/
6
Offline6/6Slow6control6loop
Online6/6Fast6control6loop
Orchestrator,
Composer,(COMP) comp'mm6 Mi#ga#on mm'orch6 (ORCH)
Module,(MM) [ROMA3]
[CRAT]
[ROMA3'CRAT] mm'adp6
rp'mm 6
6
vms'comp
Risk,Predictor,
(RP)
adp'rp 6
[ROMA3]
Cert CSIRT
rant'rp 6
6
orch'adp
orch'ict
Vulnerability,management, Risk,Analysis,
Other ext'vms 6 system,(VMS)
vms'rant 6 Tool,(RANT)
ATENA Tool [ITRUST] [ITRUST]
6
amng'comp
6
amng'vms
iads'rant
6
iads'rp
amng'mm 6
Assets,Management,Module, Intrusion,and,Anomaly,
Adaptors,(ADP),
(AMNG) Assets amng'iads 6 Detec#on,System,(IADS)
adp'iads 6 [LEONARDO]
CI,Management, [ITRUST] DB [COIMBRA]
Team
iads'probes 6 6
iads'ict adp'scada 6
ATENA,Tools
Distributed6Probes Network6Controller
SDN integration:
l Centralized network view
l Granular Security
Figure
CDIS UNICV 2023 © Paulo Simões5.17:
- Distributed control plane node architecture
A few SDN-enabled applications
l Software-based Data-diode
l Virtualized NIDS
(e.g. instant deployment of virtualized and scalable SNORT service
for a specific network link or specific network flows)
l vHoneypot
(instant deployment of virtualized Honeypots)
The Cyber Detection and Analysis Layer departs from the conventional
ICT IDS paradigm to offer a complete solution to deal with ICS cyber-security.
It is able to detect both known and rogue threats, thanks to the use of
analysis strategies based on machine learning and rule-based techniques.