Analysis of ICS and Corporate system Integration vulnerabilities, the 14th International Conference on Embedded Systems, Cyber-physical Systems, and Applications, 2016. ,
URL : https://hal.archives-ouvertes.fr/hal-01411587
A new Segmentation Method for Integrated ICS Systems, the fifteenth International Conference on Privacy, Security and Trust, 2017. ,
RIICS: Risk based IICS segmentation Method, the 13th International Conference on Risks and Security of Internet and Systems, 2018. ,
SONICS: a segmentation method for integrated ICS and Corporate System, the 14th International Conference on Information Systems Security, ICISS 2018, 1920. ,
,
DTE Access Control Model for Integrated ICS Systems, the 2nd International Workshop on Security Engineering for Cloud Computing, IWSECC 2019, 2019. ,
, Examples of IICS data flows
, Growth of networked devices [Evans 2011] and cyber-attack visibility and maliciousness trends, p.21, 2011.
, General security guides segmentation
, Functional Hierarchical model
,
, Inter-zone connection's security zone
, SONICS Tool -Functional potential zones
, SONICS Tool -Constraints levels
,
,
, The Segmented IIC test system
,
,
, Application example (1/4) -IICS System to segment, p.81
, Application example (2/4) -Geo-location Segmentation, p.82
, Application example (3/4) -Technical Segmentation, p.83
, Application example (4/4) -Risk based Segmentation, p.83
Etapes de la méthode de segmentation SONICS, p.125 ,
,
Outil de segmentation -capture 1 ,
, Outil de segmentation -capture 2, A.5
7 Les étapes de la méthode de segmentation RIICS, p.131 ,
,
,
,
,
,
, Enterprise -control system integration part 1: Models and terminology. ISA-dS95 Standard, vol.48, p.105, 1999.
, Enterprise -control system integration. part 2: Object model attributes, vol.34, p.48, 1932.
, Activity models of manufacturing operations management, vol.3, p.139, 2004.
, Architecture for secure scada and distributed control system networks, 2010.
, Security for industrial automation and control systems : Security technologies for industrial automation and control systems, Draft1, Edit1), 2012.
, Security for industrial automation and control systems: Terminology, concepts, and models, vol.87, p.139, 2013.
, Global mag security. Global Security Mag, 2007.
, The innominate security technologies mguard website, It vs ot in manufacturing: How will convergence play out? 2014. 48 [Tof, vol.36, p.48, 1932.
Did Stuxnet take out 1,000 centrifuges at the Natanz enrichment plant? Institute for Science and International Security, p.24, 2010. ,
Chapter 6 -protect the data, Building a Practical Information Security Program, p.98, 2017. ,
, Classification method and key measures, ANSSI, vol.34, p.87, 2013.
Cyber physical systems security: Analysis, challenges and solutions, Computers Security, vol.68, p.31, 2017. ,
Practical domain and type enforcement for unix, Security and Privacy, p.88, 1995. ,
A domain and type enforcement unix prototype, Computing Systems, vol.9, issue.1, p.100, 1996. ,
Design and performance analysis of a virtual ring architecture for smart grid privacy, IEEE Transactions on Information Forensics and Security, vol.9, issue.2, p.31, 2014. ,
Malware risks and mitigation report, BITS Financial Services Roundtable, vol.21, p.139, 2011. ,
Scada: Supervisory Control And Data Acquisition. International Society of Automation, vol.7, p.13, 2009. ,
Connecting scada systems to corporate it networks using security-enhanced linux, Proceedings of 34th Annual Western Protective Relay Conference, vol.88, p.90, 2007. ,
Implementing scada security policies via security-enhanced linux, proceedings of the 10th Annual Western Power Delivery Automation Conference, vol.88, p.90, 2008. ,
Scada system security: Complexity, history and new developments, 6th IEEE International Conference on Industrial Informatics, pp.569-574, 2008. ,
Detecting cyber attacks on nuclear power plants, Advances in Information and Communication Technology (AICT), vol.290, p.42, 2011. ,
Latency evaluation of a firewall for industrial networks based on the tofino industrial security solution, Proceedings of the 2014 IEEE Emerging Technology and Factory Automation, vol.36, p.88, 2014. ,
Latency evaluation of a firewall for industrial networks based on the tofino industrial security solution, Emerging Technology and Factory Automation (ETFA), p.88, 2014. ,
Review of security issues in industrial networks, IEEE Transactions on Industrial Informatics, vol.9, issue.1, pp.277-293, 2013. ,
, , 2016.
Performance impact of commercial industrial firewalls on networked control systems, 2016 IEEE 21st International Conference on Emerging Technologies and Factory Automation (ETFA), vol.39, p.87, 1930. ,
A review of cyber security risk assessment methods for scada systems, Computers & security, vol.56, p.26, 1920. ,
Sons of stuxnet, IEEE spectrum, vol.14, p.24, 2011. ,
, , 2015.
Improving network security monitoring for in-BIBLIOGRAPHY dustrial control systems, IFIP/IEEE International Symposium on Integrated Network Management (IM), vol.19, p.20, 2015. ,
Recommended proctice: Improving industrial control systems cybersecurity with defense-in-depth strategies. US-CERT Defense In Depth, vol.45, p.48, 2009. ,
High-speed intrusion detection in support of critical infrastructure protection, Critical Information Infrastructures Security, p.42, 2006. ,
Ebios-expression des besoins et identification des objectifs de sécurité, méthode de gestion des risques, vol.50, p.74, 2010. ,
An approach to cyber-physical vulnerability assessment for intelligent manufacturing systems, Journal of Manufacturing Systems, vol.43, p.23, 2017. ,
An approach to cyber-physical vulnerability assessment for intelligent manufacturing systems, Journal of Manufacturing Systems, vol.43, p.25, 2017. ,
A cloud-based openflow firewall for mitigation against ddos attacks in smart grid ami networks, IEEE PES, vol.30, p.41, 2017. ,
Quantitative analysis of firewall security under ddos attacks in smart grid ami networks, 2017 IEEE 3rd International Conference on Electro-Technology for National Development, vol.30, p.41, 2017. ,
Analysis of cyber security for industrial control systems, 2015 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), vol.20, p.25, 2015. ,
Cyber-critical infrastructure protection using real-time BIBLIOGRAPHY 155, 2010. ,
, Critical Information Infrastructures Security, p.42, 2010.
Cpac: securing critical infrastructure with cyber-physical access control, Proceedings of the 32nd Annual Conference on Computer Security Applications, p.26, 2016. ,
The internet of things: How the next evolution of the internet is changing everything, vol.1, p.139, 2011. ,
Role-based access control (rbac): Features and motivations, Proceedings of 11th annual computer security application conference, p.89, 1995. ,
, FireEye 2015] FireEye. M-trends 2015: a view from the front line. Mandiant, 2015.
, Force and T. Initiative. Security and privacy controls for federal information systems and organizations, NIST Special Publication, vol.800, issue.53, p.87, 2013.
Modbus/dnp3 state-based intrusion detection system, 24th IEEE International Conference on Advanced Information Networking and Applications, AINA 2010, vol.20, p.39, 2010. ,
Introduction to industrial control networks, IEEE Communications Surveys and Tutorials, vol.15, issue.2, p.40, 2013. ,
Smart grid data integrity attacks, IEEE Transactions on Smart Grid, vol.4, issue.3, p.31, 2013. ,
Secure authentication for dnp3, IEEE Power and Energy Society General Meeting -Conversion and Delivery of Electrical Energy in the 21st Century, p.41, 2008. ,
A digraph model for risk identification and mangement in scada systems, Proceedings of 2011 IEEE BIBLIOGRAPHY International Conference on Intelligence and Security Informatics, vol.24, pp.150-155, 2011. ,
An algorithm for optimal firewall placement. iec61850 substations, Journal of Power and Energy Engineering, p.41, 2015. ,
Towards a new generation of industrial firewalls: Operational-process aware filtering, 14th Annual Conference on Privacy, Security and Trust (PST), p.41, 2016. ,
URL : https://hal.archives-ouvertes.fr/hal-01660553
Domain and type enforcement for linux, Annual Linux Showcase & Conference, p.89, 2000. ,
Domain and type enforcement for linux, Annual Linux Showcase & Conference, p.100, 2000. ,
Securing modbus transactions using hash-based message authentication codes and stream transmission control protocol, 2013 Third International Conference on Communications and Information Technology (ICCIT), p.40, 2013. ,
Cyber security risk management in the scada critical infrastructure environment, Engineering Management Journal, vol.25, issue.2, p.24, 2013. ,
Security for critical infrastructure scada systems, SANS Reading Room, GSEC Practical Assignment, Version, vol.1, pp.498-506, 1921. ,
Smart grid mesh network security using dynamic key distribution with merkle tree 4-way handshaking, IEEE Transactions on Smart Grid, vol.5, issue.2, p.31, 2014. ,
, , 2009.
Understanding the physical and economic consequences of attacks on control systems, International Journal of Critical Infrastructure Protection, vol.2, issue.3, p.7, 2009. ,
Securing the operations in scada-iot platform based industrial control system using ensemble of deep belief networks, Applied Soft Computing, vol.71, issue.26, p.31, 2018. ,
Attack taxonomies for the modbus protocols, IJCIP, vol.1, p.39, 2008. ,
, CERT 2015] ICS-CERT. Ics-cert monitor newsletters november-december, p.24, 2015.
Erik HJELMVIKJens-Tobias ZERBST. Zoning principles in electricity distribution and energy production environments, 20th International Conference on Electricity Distribution, vol.25, p.48, 2006. ,
A survey on web application vulnerabilities (sqlia, xss) exploitation and security engine for sql injection, 2012 International Conference on Communication Systems and Network Technologies, p.20, 2012. ,
Guide to industrial control systems (ics) security, NIST special publication, vol.800, issue.82, p.49, 2015. ,
A new segmentation method for integrated ics, 15th International Conference International Conference on Privacy, Security and Trust, vol.3, p.47, 2017. ,
Risk based iics segmentation method, 13th International Conference on Risks and Security of Internet and Systems, 2018. ,
Sonics: a segmentation method for integrated ics and corporate system, 14th International Conference on Information Systems Security, (ICISS'2018), 2018. ,
, Analysis of ics and corporate system integration vulnerabilities. 14th International Conference on Embedded Systems, Cyber-physical Systems, and Applications (ESCS'2016), 2016.
Security technology by using firewall for smart grid, Bulletin of Electrical Engineering and Informatics, p.41, 2016. ,
Security and vulnerability of scada systems over ip-based wireless sensor networks, International Journal of Distributed Sensor Networks, 2012. ,
Sel-3021-1 serial encrypting transceiver. Pullman, p.40, 2007. ,
Sel-3620 ethernet security gateway, p.40 ,
Evaluation of security solutions in the scada environment, ACM SIGMIS Database: the DATABASE for Advances in Information Systems, vol.45, p.42, 2014. ,
Evaluation of security solutions in the scada environment, ACM SIGMIS Database, vol.45, issue.1, p.33, 2014. ,
Identification and application of security measures for petrochemical industrial control systems, Journal of Loss Prevention in the Process Industries, vol.26, p.23, 1920. ,
Quantitatively assessing and visualising industrial system attack surfaces, vol.21, p.33, 2011. ,
Scadawall: A cpi-enabled firewall model for scada security, Computers Security, vol.80, p.88, 2018. ,
Securing the internet of things, p.31, 2017. ,
Cyber attack and defense on industry control systems, 2017 IEEE Conference on Dependable and Secure Computing, p.42, 2017. ,
Analyzing the cyber-physical impact of cyber events on the power grid, IEEE Transactions on Smart Grid, vol.6, issue.5, p.31, 2015. ,
Denial-of-service (dos) attacks on load frequency control in smart grids, 2013 IEEE PES Innovative Smart Grid Technologies Conference (ISGT), p.31, 2013. ,
Internet of things (iot) cybersecurity research: A review of current research topics, IEEE Internet of Things Journal, p.31, 2019. ,
Secure data transfer guidance for industrial control and scada systems, p.32, 2011. ,
Dnpsec: Distributed network protocol version 3 (dnp3) security framework, Advances in Computer, Information, and Systems Sciences, and Engineering, p.41, 2006. ,
A survey scada of and critical infrastructure incidents, vol.12, p.28, 2012. ,
A generic role based access control model for wind power systems, Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications -JoWUA, p.40, 2010. ,
, (NDIA). Cybersecurity for advanced manufacturing, 2014.
, , 2012.
Scada security in the light of cyber-warfare, Computers & Security, vol.31, issue.4, p.28, 2012. ,
A linux-based firewall for the dnp3 protocol, 2016 IEEE Symposium on Technologies for Homeland Security (HST), p.41, 2016. ,
Cooperative transmission for meter data collection in smart grid, p.12, 2012. ,
Secure architecture for industrial control systems, SANS Institute, InfoSec Reading Room, vol.35, p.53, 2015. ,
Energy, I. Security, and Energy. 21 steps to improve cyber security of scada networks, p.27, 2007. ,
, C. A. France. Detailed measures. ANSSI, vol.32, p.48, 2013.
Domain and type enforcement firewalls, DARPA Information Survivability Conference and Exposition, 2000. DISCEX'00. Proceedings, vol.1, p.90, 2000. ,
Advanced approach to information security management system model for industrial control system, The Scientific World Journal, p.26, 2014. ,
Implementation of deep packet inspection in smart grids and industrial internet of things: Challenges and opportunities, vol.30, p.87, 2019. ,
Supervisory control and data acquisition remote terminal unit testbed. Intelligent Systems Research Laboratory technical report, vol.24, p.26, 2005. ,
Security aspects of scada and corporate network interconnection: An overview, IEEE International Conference on Dependability aof computer Systems, vol.35, p.36, 2006. ,
Innovative defense strategies for securing scada and control systems, PlantData Technologies, vol.34, p.35, 2006. ,
Ex-employee fingered in texas power company hack, 1921. ,
Security and privacy in the internet-of-things under time-and-budget-limited adversary model, IEEE Wireless Communications Letters, vol.4, issue.3, p.31, 2015. ,
Cyber security risk assessment for scada and dcs networks, ISA transactions, vol.46, issue.4, p.34, 2007. ,
Role-based access control model supporting regional division in smart grid system, 2013 Fifth International Conference on Computational Intelligence, Communication Systems and Networks, p.40, 2013. ,
Smart grid security: Iec 62351 and other relevant standards, Standardization in Smart Grids, p.15, 2013. ,
Detecting cyber attacks on nuclear power plants, Critical Infrastructure Protection II, p.42, 2008. ,
Man pleads guilty to attempting to shut down california's power grid, United States Attorney: Eastern District of California, p.21, 2007. ,
Performance modeling and analysis of network firewalls, IEEE Transactions on Network and Service Management, p.41, 2012. ,
Cyber security framework for internet of things-based energy internet, Future Generation Computer Systems, vol.93, p.32, 2019. ,
Cyber security for cyber physcial systems: A trust-based approach, J Theor Appl Inf Technol, vol.71, issue.2, p.32, 2015. ,
Authentication and authorization scheme for various user roles and devices in smart grid, IEEE Transactions on Information Forensics and Security, vol.11, issue.5, p.31, 2016. ,
Real time modbus transmissions and cryptography security designs and enhancements of protocol sensitive information, vol.30, p.40, 2015. ,
From ics attacks' analysis to the safe approach: Implementation of filters based on behavioral models and critical state distance for ics cybersecurity, 2nd Cyber Security In Networking Conference, p.25, 2018. ,
URL : https://hal.archives-ouvertes.fr/hal-01905511
Guide to industrial control systems (ics) security. NIST special publication, vol.800, p.28, 2011. ,
, , 2014.
Cyber-physical vunerabilities in additive manufacturing systems, Context, vol.7, issue.8, 2014. ,
Cybersecurity for critical infrastructures: attack and defense modeling, IEEE Transactions on Systems, Man, and Cybernetics-Part A: Systems and Humans, vol.40, issue.4, pp.853-865, 2010. ,
Ken GeislerThierry Godart. How the distribution management system (dms) is becoming a core function of the smart grid, p.12, 2012. ,
IEC 61131-3: Programming industrial automation systems, p.14, 1995. ,
Low-energy security: Limits and opportunities in the internet of things, IEEE Security Privacy, vol.13, issue.1, p.31, 2015. ,
The cyberattack on ukraine's power grid is a warning of what's to come. The Conversation, p.24, 2016. ,
Enhancing security in cyberphysical systems through cryptographic and steganographic techniques, 2014 IEEE International Conference on Automation, Quality and Testing, Robotics, vol.30, p.32, 2014. ,
Idaho national laboratory supervisory control and data acquisition intrusion detection system (scada ids), 2008 IEEE Conference on Technologies for Homeland Security, p.42, 2008. ,
Trojan detection and side-channel analyses for cyber-security in cyber-physical manufacturing systems, Procedia Manufacturing, vol.1, p.25, 2015. ,
Design and implementation of industrial firewall for modbus/tcp, JcP, p.41, 2016. ,
Drbac based access control method in substation automation system, 2008 IEEE International Conference on Industrial Technology, p.40, 2008. ,
Security issues and challenges for cyber physical system, 2010. ,
, IEEE/ACM Int'l Conference on Green Computing and Communications & Int'l Conference on Cyber, Physical and Social Computing, p.32, 2010.
Prospective analysis on trends in cybercrime from 2011 to 2020. National Gendarmerie, vol.21, p.139, 2011. ,
Application layer security proxy for smart grid substation automation systems, 2013 IEEE PES Innovative Smart Grid Technologies Conference (ISGT), p.40, 2013. ,
Protecting smart grid automation systems against cyberattacks, IEEE Transactions on Smart Grid, p.40, 2011. ,
Cyber-physical security challenges in manufacturing systems, Manufacturing Letters, vol.2, issue.2, p.23, 2014. ,
An item-level access control framework for inter-system security in the internet of things, Applied mechanics and materials, vol.548, pp.1430-1432, 2014. ,
Q-learning-based vulnerability analysis of smart grid against sequential topology attacks, IEEE Transactions on Information Forensics and Security, vol.12, issue.1, p.31, 2017. ,
Toward a gaussian-mixture model-based detection scheme against data integrity attacks in the smart grid, IEEE Internet of Things Journal, vol.4, issue.1, p.31, 2017. ,
Statistical similarity of critical infrastructure network traffic based on nearest neighbor distances, Research in Attacks, Intrusions, and Defenses, p.42, 2018. ,
Evaluation of industrial firewall performance issues in automation and control networks, 29th Biennial Symposium on Communications (BSC), vol.30, p.87, 2018. ,