Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Open questions:
– How to deal with security?
• policy
• standards
– Appropriate SCADA / RT technologies?
– Business culture?
• control variables as information assets
• new business and technical requirements
PI 1
PC Linux A
PI 2 Gateway
Hub/Switch A
Field
Hub/Switch
PI 3 Firewall
Hub/Switch B
LAN
... PC Linux B
Gateway
Primary Substation
Concerns:
– Industrial LAN emerging standards (IEC, UCA) neither ready for
Internet, nor security-enabled
– Typical security tools (firewalls, IDS) not designed for industrial LANs
with RT functionality
Framework:
– ISO/IEC 17799: security management in organisations
– Common Criteria (ISO/IEC 15408): security of products
– Risk-based approach:
• Understanding, analysing and managing capabilities and
potential impairments
=►need for methodology
• Linking security with business processes and engineering
=►need for common concepts: assets, vulnerabilities, threats
Risk Assessment
Risk & Management
System Threats
3. Adaptability and Manipulation Rigidity (difficult to modify the system but also to adapt)
• Developed with
Malleability (easy to modify) technical
Gullibility (easy to fool) vulnerabilities
4. Operation Near to capacity limits
Lack of recoverability
Electromagnetic susceptibility
Means
Threat
(attack,
agent
failure mode)
insider outsider IT
system
authorised non-authorised
actor actor
Security Failures
Security Security
Objectives Requirements Risk
Analysis
Security Target Methods
(CC) (CORAS)
System architecture
Protection Profile
2 An internal authorised user abuses the access privileges for modifying data
4 An internal user modifies, deletes or makes unavailable a proof of activities. The same or another user can repudiate as a consequence the commission of
information-related actions.
5 An internal user gains unauthorised access to the system or to information, breaching the access control or the authentication systems.
6
An external non-authorized actor steals the identity of an internal user to gain his/her access privileges, by electronic means or by social engineering.
7 An external non-authorized actor gains access to data read/write points by hacking the software infrastructure/ applications.
8 An external non-authorised actor gains access to data during data exchange over the communications infrastructure
12 An external actor tricks internal users into interacting with spurious external systems. Legitimate system services are spoofed.
13 An external non-authorised actor impersonates a legitimate source of information and deceives a legitimate receiver
14 Malicious software violates the integrity of the operating system or the application software.
16
Delays in the transmission of data packets during the external communication link due to accidental causes that provoke a diminution in bandwidth
17 Routing errors in the transmission of data packets during the external communication link due to accidental causes