Abstract
Industrial Control Systems (ICS) are used for monitoring and controlling critical infrastructures such as power stations, waste water treatment facilities, traffic lights, and many more. Lately, these systems have become a popular target for cyber-attacks. Security is often an afterthought, leaving them vulnerable to all sorts of attacks. This article presents a formal approach for analysing the security of Industrial Control Systems, both during their design phase and while operational. A knowledge- based system is used to analyse a model of the control system and extract system vulnerabilities. The approach has been validated on an ICS in the design phase.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Abrams, M. and Weiss, J., Malicious Control System Cyber Security Attack Case Study, Maroochy Water Services, Australia, 2008.
Tinuade, A., The State of Industrial Control Systems Security and National Critical Infrastructure Protection: Emerging Threats, 2012.
ANSI/ISA-62443-3-3 (99.03.03)-2013 Security for Industrial Automation and Control Systems Part 3-3: System Security Requirements and Security Levels, 2013.
Bogaerts, B., De Cat, B., De Pooter, S., and Denecker, M., The IDP Framework Reference Manual, 2012.
Byres, E., Karsch, J., and Carter, J., NISCC Good Practice Guide on Firewall Deployment for SCADA and Process Control Networks, National Infrastructure Security Co-Ordination Centre, 2005.
Centre for Protection of National Infrastructure. Manage Industrial Control Systems Lifecycle: A Good Practice Guide, 2015. https://www.cpni.gov.uk/Documents/Publications/2015/12-May-2015-3.%20Manage%20 ICS%20Lifecycle%20Final %20v1.0.pdf.
Friedenthal, S., Moore, A., and Steiner, R., A Practical Guide to SysML: The Systems Modeling Language, Morgan Kaufmann, 2014.
Galloway, B. and Hancke, G.P., Introduction to industrial control networks, IEEE Commun. Surv. Tutorials, 2013, vol. 15, no. 2, pp. 860–880.
Huang, E., Ramamurthy, R., and McGinnis, L.F., System and simulation modeling using SysML, Proceedings of the 39th conference on Winter simulation: 40 years! The best is yet to come, 2007, pp. 796–803.
ISO/IEC 21827: Information Technology—Security Techniques—Systems Security Engineering—Capability Maturity Model (SSE-CMM), 2008.
Langner, R., To Kill a Centrifuge: A Technical Analysis of What Stuxnet’s Creators Tried to Achieve, 2013.
Lemaire, L., Lapon, J., De Decker, B., and Naessens, V., A SysML extension for security analysis of industrial control systems, Proceedings of the 2nd International Symposium for ICS & SCADA Cyber Security Research, 2014, p. 1.
Lemaire, L., Vossaert, J., Jansen, J., and Naessens, V., Extracting vulnerabilities in industrial control systems using a knowledge-based system, Proceedings of the 3rd International Symposium for ICS & SCADA Cyber Security Research, 2015, p. 1.
Matrosov, A., Rodionov, E., and Harley, D., Stuxnet Under the Microscope, 2011.
Oates, R., Thom, F., and Herries, G., Security-aware, model-based systems engineering with SysML, Proceedings of the 1st International Symposium on ICS & SCADA Cyber Security Research, 2013, pp. 78–87.
Stouffer, K., Lightman, S., Pillitteri, V., Abrams, M., and Hahn, A., Guide to Industrial Control Systems (ICS) Security, 2015.
Wittocx, J., Mariën, M., and Denecker, M., The IDP system: A model expansion system for an extension of classical logic, Proceedings of the 2nd Workshop on Logic and Search, 2008, pp. 153–165.
Author information
Authors and Affiliations
Corresponding author
Additional information
The article is published in the original.
About this article
Cite this article
Lemaire, L., Vossaert, J., Jansen, J. et al. A logic-based framework for the security analysis of Industrial Control Systems. Aut. Control Comp. Sci. 51, 114–123 (2017). https://doi.org/10.3103/S0146411617020055
Received:
Published:
Issue Date:
DOI: https://doi.org/10.3103/S0146411617020055