Securing Current and Future Process Control Systems

Cunningham, R. K., Cheung, S., Fong, M., Lindqvist, U., Nicol, D. M., Pawlowski, R., Robinson, E., Sanders, W. H., Singh, S., Valdes, A., Woodworth, B., Zhivich, M.

IFIP WG 11.10 International Conference on Critical Infrastructure Protection (2007), IFIP International Federation for Information Processing Volume 253, 2008, pp 99-115.

Visit Publisher Online Entry:

Process control systems (PCSs) are instrumental to the safe, reliable and efficient operation of many critical infrastructure components. However, PCSs increasingly employ commodity information technology (IT) elements and are being connected to the Internet. As a result, they have inherited IT cyber risks, threats and attacks that could affect the safe and reliable operation of infrastructure components, adversely affecting human safety and the economy. This paper focuses on the problem of securing current and future PCSs, and describes tools that automate the task. For current systems, we advocate specifying a policy that restricts control network access and verifying its implementation. We further advocate monitoring the control network to ensure policy implementation and verify that network use matches the design specifications. For future process control networks, we advocate hosting critical PCS software on platforms that tolerate malicious activity and protect PCS processes, and testing software with specialized tools to ensure that certain classes of vulnerabilities are absent prior to shipping.

Publication Status:
Publication Type:
Publication Date:
Copyright Notice:

This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.

  1. The following copyright notice applies to all of the above items that appear in IEEE publications: "Personal use of this material is permitted. However, permission to reprint/publish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from IEEE."

  2. The following copyright notice applies to all of the above items that appear in ACM publications: "© ACM, effective the year of publication shown in the bibliographic information. This file is the author’s version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in the journal or proceedings indicated in the bibliographic data for each item."

  3. The following copyright notice applies to all of the above items that appear in IFAC publications: "Document is being reproduced under permission of the Copyright Holder. Use or reproduction of the Document is for informational or personal use only."