| | |  |
Attacks and failure in SCADA systems may result in complex processes of interconnected
events. Our goal is to detect these processes and track their evolution. An effective approach
involves accurate process modelling. A model is an abstract description of how the system
evolves in time. In particular, the situation in complex environments (such as a SCADA
system integrated with other IT systems and the physical process) is even more complex,
since all the information to infer the actual state of the system is not available at any single
node. There are in fact cases in which the observable data from SCADA system does not
represent the state of the physical system. Previous work has been done to identify the real
state of the system given a set of observations [Cybenko et al., 2004]. A correlation engine
has been successfully applied to different environments such as vehicle tracking, plum
detection, dynamic social network analysis, and computer network security [Giani, 2005].
Critical infrastructure monitoring and protection is a complex environment, and its state is
only partially observable. Consequently, the correlation engine can be also successfully
applied.
The VIKING project enables an integrated study of both SCADA-specific architectural
factors affecting information security and factors related to the increasing integration of
SCADA systems with other enterprise information systems. By creating modelling
semantics for SCADA system components and linking the corresponding enterprise-wide
security metrics, a system-wide security assessment becomes possible. These developments
are a continuation and refinement of previous work in the field, now being extended into the
SCADA system domain [Johnsson et al., 2007; Johansson and Johnsson, 2005]. This
integrative approach further serves to highlight the importance of introducing state-of-the-art
solutions into existing distribution system operator (DSO) and transmission system operator
(TSO) IT infrastructures.
|
| |
|
|
|
