SIEM: policy-based monitoring of SCADA systems
نویسندگان
چکیده
Security Information and Event Management (SIEM) systems work on SCADA systems by observing and reacting to the dynamic security-related events of the target automation system. These events are created by collecting/filtering raw logs maintained by its subcomponents. Preferably, logging items are attached with synchronized timestamps. Specific data of security-related event can be correlated and analyzed as security measures of the SCADA system. Possible correlation rules represent the power of SIEM system for handling security dynamics. A SIEM system can help to recognize security breach in a short time and optionally can react to the breach automatically. SIEM systems are able to monitor the system’s residual risks, while continuously track the deployed security controls and measure their effectiveness. In this paper, we proposed the common requirements of a SIEM system and discussed its important enhancements within the context of SCADA systems. The SIEM system can be supported by the overall security model and designed in a model-driven manner. At last, this paper proposes a preliminary model of correlation rules.
منابع مشابه
Enhancing SIEM Technology to Protect Critical Infrastructures
Coordinated and targeted cyber-attacks on Critical Infrastructures (CIs) and Supervisory Control And Data Acquisition (SCADA) systems are increasing and becoming more sophisticated. Typically, SCADA has been designed without having security in mind, which is indeed approached by reusing solutions to protect solely Information Technology (IT) based infrastructures, such as the Security Informati...
متن کاملWorkshop on new security standards for IACS/SCADA industrial systems
The IACS/SCADA-Security WS aims at Security Standards and Practice for Industrial Systems integrated by a sort of Distributed Middleware I4.0. A short tutorial into Security Standards is given by the WS Co-Chairs. In-depth aspects of this issue is discussed and presented by the invited authors from China, UK and Germany presenting: IEC 62443 Security Standards Humans, the strongest and weakest ...
متن کاملDesign and Implementation of a Hybrid Ontological-Relational Data Repository for SIEM Systems
The technology of Security Information and Event Management (SIEM) becomes one of the most important research applications in the area of computer network security. The overall functionality of SIEM systems depends largely on the quality of solutions implemented at the data storage level, which is purposed for the representation of heterogeneous security events, their storage in the data reposi...
متن کاملDesigning Security Policies for Complex SCADA Systems Protection
The management and protection of these SCADA systems must constantly evolve towards integrated decision making and policy driven by cyber security requirements. The current research stream in this domain aims, accordingly, to foster the smartness of the field equipment which exist through the generic concept of SCADA management and operation. Those components are governed by policies which depe...
متن کاملPosition Paper: Safety and Security Monitoring in ICS/SCADA Systems
Supervisory control and Data Acquisition (SCADA) systems play a core role in a nation’s critical infrastructure, overseeing the monitoring and control of systems in electricity, gas supply, logistics services, banks and hospitals. Monitoring safety and security properties in industrial control system (ICS) and SCADA environments faces unique challenges not found in typical enterprise networks. ...
متن کامل