towards a secure and resilient industrial control system
play

Towards a Secure and Resilient Industrial Control System Using - PowerPoint PPT Presentation

Mar 13, 2023 •328 likes •851 views

Towards a Secure and Resilient Industrial Control System Using Software-Defined Networking Dong (Kevin) Jin 1 Who am I? CS faculty, Ph.D., University of Illinois at Urbana- Champaign (UIUC), http://cs.iit.edu/~djin/ Research:

  1. Towards a Secure and Resilient Industrial Control System Using Software-Defined Networking Dong (Kevin) Jin 1

  2. Who am I? • CS faculty, Ph.D., University of Illinois at Urbana- Champaign (UIUC), http://cs.iit.edu/~djin/ • Research: cyber-security, networking, cyber-physical system security, simulation & modeling • Industrial experience at Los Alamos National Lab, IBM, Motorola • I like designing/building/deploying large-scale software systems that are grounded in strong theoretical principles 2

  3. Master of Cyber Security Program New CS master degree started at Fall 2019 • What is unique? • – From theory to practice • Data and information security • Network and system security • Software security Why join us? • – IIT is a Center of Academic Excellence in Information Assurance Education (CAE/IAE) designated by the National Security Agency – CS • Multi-millions of federal/industrial research grants in cyber security • A very strong team in the cyber security research and education How to join? • – https://science.iit.edu/programs/graduate/master-cybersecurity- mcybcode – Also available to co-terminal students 3

  4. Master of Cyber Security Program Illinois Tech Team HackIllinois 2019@UIUC 4

  5. Research Areas and Projects Looking for strong and self-motivated students to work together! More Details: http://cs.iit.edu/~djin/research/index.html 5

  6. How to Get Involved in Our Research • For all students, excellent performance in – CS 458 Information Security – CS 558 Advanced Computer Security (Semester-long project) – CSP 544 System and Network Security (Hands-on Labs) – new in Spring 2020 • Master students – CS 597 (Research Project), semester-long projects for credits – CS 591 (Master thesis), typically two-semester commitment • Undergraduate students – CS 497 (undergraduate research) with me, semester-long projects for credits More Details: http://cs.iit.edu/~djin/research/opening.html 6

  7. Industrial Control Systems (ICS) • Control many critical infrastructures • Modern ICSes increasingly adopt Internet technology to boost control efficiency DISTRIBUTION DISTRIBUTION LOADS SITES TRANSFORMER GENERATION SUBSTATION TRANSMISSION Next Generation of Power Grid 7

  8. More Efficient or More Vulnerable? Communication Path Network Markets Operations Service Providers Retailer/ RTO/ISO Ops Transmission Utility Third-Party Distribution Ops Wholesaler Ops Provider Provider Asset DMS Mgmt Retail CIS EMS EMS Energy Aggregator CIS WAMS Demand Provider MDMS Response Billing Billing Energy Market Enterprise Enterprise Home/Building Enterprise Clearing hosue Bus Manager Bus Bus Aggregator RTO ISO/RTO Transmission Metering Distribution SCADA Participation SCADA Others System SCADA Internet / Internet / e-business e-business Electric Vehicle Energy Wide Area Field Area Market Services Services Network Data Distributed Networks Interface Interface Generation Collector Plant Premises Meter Electric Field Control Substation Networks Storage Substation Device System LANs Controller Customer Equipment Appliances Generators Substation Distributed Electric Device Generation Storage Bulk Customer EMS Thermostat Transmission Distribution Customer Generation 8 Picture source: NIST Framework and Roadmap for Smart Grid Interoperability Standards

  9. Cyber Threats in Power Grids • 245 incidents, reported by ICS-CERT • 32% in energy sector Ukraine Power Grid Cyber Attack • 230,000 residents in western Ukraine • 6 hours, 73 MW power lost in Dec 2015 Picture source: 1. National Cybersecurity and Communications Integration Center (NCCIC). ICS-CERT Monitor Sep 2014 – Feb 2015 2. http://dailysignal.com/2016/01/13/ukraine-goes-dark-russia-attributed-hackers-take-down-power-grid/ 9

  10. Protection of Industrial Control Systems • Commercial off-the-shelf products – e.g., firewalls, anti-virus software – fine-grained protection at single device only • How to check system-wide requirements? – Security (e.g., access control) – Performance (e.g., end-to-end delay) • How to safely incorporate existing networking technologies into control systems? – Real time operations – Large-scale networks – Lack of real testbed (unlike Internet) 10

  11. Our Work: Enable a Secure and Resilient ICS in Microgrid with SDN Control Management Application Monitoring Layer Contribution I A novel SDN architecture SDN Control Layer in microgrid Communication Network Layer Power Network Layer Power Grid Component Layer ICS – industrial control system SDN – software-defined networking 11

  12. Transition to an SDN-Enabled Microgrid • Facility Communication Networks Control Center Local Controller 1 Microgrid App PMU Existing Master Controller Local Controller 2 Smart Building – DOE-funded IIT Microgrid SDN Master Controller Network App Local Controller n – First Cluster of Microgrids Major Distribution Fiber Optic Infrastructure – SDN Ring Points Fowler East Grad Lewis Gunsaulu Building Sensors Cunningha s Farr KappaASA m in US Solar PV TRI Carman E D B Gas Generator Bailey C PKS D C Charging Station B F ASP North South – SDN deployment Wind Turbine Loop 4 PKP SPE DTD A E KH Parking Loop 2 A MTCC SSV D Tower • Big data available T T Fiber Optic Infrastructure – SDN Ring CR C T N D C S C Eng PH B LS 1 AM SH SB WH D C – Processing C D E B C Library LSR TBC B A ERB Loop 1 A HH Battery Storage Loop 3 E Loop 5 Loop 6 F A Vanderco – Storage ok II N Power Heat Plant S MM Main Plant Plant Vandercook I Loop 7 Machine Faciliti B A A B es ry – Analytics ComEd ComEd Fisk Substation Pershing Substation (12.47 kV) (12.47 kV) Simulation Testbed -> Living Lab In-house research idea -> Real system deployment 12

  13. Our Work: Enable a Secure and Resilient ICS in Microgrid with SDN IDS Control Contribution II Verification Management Self-healing Innovative SDN-based Application Monitoring Network Layer SDN Application security applications SDN Control Layer Communication Network Layer Power Network Layer Power Grid Component Layer ICS – industrial control system SDN – software-defined networking 13

  14. Our Work: Enable a Secure and Resilient ICS in Microgrid with SDN IDS Control Verification Management Self-healing Application Contribution III Monitoring Network Layer SDN Application SDN-enabled microgrid SDN Control Layer testbed Parallel Simulation • Communication Network Layer (scalability) Virtual-Machine-based • Power Network Layer Emulation (fidelity) Power Grid Component Layer ICS – industrial control system SDN – software-defined networking 14

  15. Outline • SDN Background • Applications – Network Verification [1] – Self-healing PMU system [2] • Testing and Evaluation Platform [3] [1] Wenxuan Zhou, Dong Jin, Jason Croft, Matthew Caesar, and Brighten Godfrey. “ Enforcing Customizable Consistency Properties in Software-Defined Networks.” USENIX NSDI [2] Dong Jin, Zhiyi Li, Christopher Hannon, Chen Chen, Jianhui Wang, Mohammad Shahidehpour and Cheol Won Lee. "Towards a Cyber Resilient and Secure Microgrid Using Software-Defined Networking." IEEE Transactions on Smart Grid [3] Christopher Hannon, Jiaqi Yan and Dong Jin. “DSSnet: A Smart Grid Modeling Platform Combining Electrical Power Distribution System Simulation and Software Defined Networking Emulation.” ACM SIGSIM-PADS (Best Paper Finalist) 15

  16. SDN Background App App App App App App App App Open Interface Specialized Features Control Plane Specialized Control Open Interface Plane Specialized Merchant Hardware Switching Chips Closed, proprietary Open interfaces Slow innovation Rapid innovation Picture Source: Nick McKeown, Open Networking Summit 2012 16

  17. Software Defined Networks control plane : distributed algorithms data plane : packet processing 17

  18. Software Defined Networks decouple control and data planes 18

  19. Software Defined Networks decouple control and data planes by providing open standard API 19

  20. (Logically) Centralized Controller Controller Platform 20

  21. Protocols è Applications Controller Application Controller Platform 21

  22. SDN Architecture … Application App 1 App 2 App n Plane • Logically centralized control Updates Control • Global view Plane Network • Direct network control Verifier Data Plane 22

  23. Outline • SDN Background • Applications – Network Verification [1] – Self-healing PMU system [2] • Testing and Evaluation Platform [3] [1] Wenxuan Zhou, Dong Jin, Jason Croft, Matthew Caesar, and Brighten Godfrey. “ Enforcing Customizable Consistency Properties in Software-Defined Networks.” USENIX NSDI [2] Dong Jin, Zhiyi Li, Christopher Hannon, Chen Chen, Jianhui Wang, Mohammad Shahidehpour and Cheol Won Lee. "Towards a Cyber Resilient and Secure Microgrid Using Software-Defined Networking." IEEE Transactions on Smart Grid [3] Christopher Hannon, Jiaqi Yan and Dong Jin. “DSSnet: A Smart Grid Modeling Platform Combining Electrical Power Distribution System Simulation and Software Defined Networking Emulation.” ACM SIGSIM-PADS (Best Paper Finalist) 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

NISTs Industrial Control System (ICS) Security Project Presented at the: Secure Manufacturing

NISTs Industrial Control System (ICS) Security Project Presented at the: Secure Manufacturing

NISTs Industrial Control System (ICS) Security Project Presented at the: Secure Manufacturing in the Age of Globalization Workshop November 28, 2007 Stuart Katzke and Keith Stouffer National Institute of Standards and Technology

767 views • 40 slides
Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and

Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and

Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and One-Time Lossy Filter Baodong Qin and Shengli Liu Shanghai Jiao Tong University ASIACRYPT 2013 Dec 5, Bangalore, India B. Qin and S. Liu LR-CCA Secure

580 views • 47 slides
Mode Estimation using Synchrophasors Arezoo Rajabi and Rakesh B. Bobba 2 nd Industrial Control

Mode Estimation using Synchrophasors Arezoo Rajabi and Rakesh B. Bobba 2 nd Industrial Control

A Resilient Algorithm for Power System Mode Estimation using Synchrophasors Arezoo Rajabi and Rakesh B. Bobba 2 nd Industrial Control System Security (ICSS) Workshop, December 6 th 2016 Outline Introduction Background and Problem

425 views • 30 slides
POST: A Secure, Resilient, Cooperative Messaging System A. Mislove, A. Post, C. Reis, P.

POST: A Secure, Resilient, Cooperative Messaging System A. Mislove, A. Post, C. Reis, P.

POST: A Secure, Resilient, Cooperative Messaging System A. Mislove, A. Post, C. Reis, P. Willmann, P. Druschel, D. S. Wallach Rice University X. Bonnaire, P. Sens, J.-M. Busca, L. Arantes-Bezerra University of Paris 6 (LIP6) HotOS 2003 1

197 views • 16 slides
Industrial Robots Industrial Robots Control Control Part 2 Control Control Part 2 Part 2

Industrial Robots Industrial Robots Control Control Part 2 Control Control Part 2 Part 2

Industrial Robots Industrial Robots Control Control Part 2 Control Control Part 2 Part 2 Part 2 Introduction to centralized control Independent joint decentralized control may prove inadequate when the user requires high task

673 views • 36 slides
Center for Secure and Resilient Maritime Commerce Developing a Resiliency Framework for Regional

Center for Secure and Resilient Maritime Commerce Developing a Resiliency Framework for Regional

Center for Secure and Resilient Maritime Commerce Developing a Resiliency Framework for Regional Freight Platforms T. Wakeman, H. Gajjar, J. Ramirez-Marquez, and H. Salloum Stevens Institute of Technology Center for Secure and Resilient

895 views • 48 slides
Industrial Control System Security Overview Peter Maynard, PhD Researcher # ?? @CSIT_QUB What

Industrial Control System Security Overview Peter Maynard, PhD Researcher # ?? @CSIT_QUB What

Industrial Control System Security Overview Peter Maynard, PhD Researcher # ?? @CSIT_QUB What is ICS and SCADA Industrial Control Systems (ICS): Chemical, water, gas processing. Transportation, electricity, nuclear systems.

331 views • 7 slides
Industrial Control System (ICS) Security: An Overview of Emerging Standards, Guidelines, and

Industrial Control System (ICS) Security: An Overview of Emerging Standards, Guidelines, and

Industrial Control System (ICS) Security: An Overview of Emerging Standards, Guidelines, and Implementation Activities . Joe Weiss, PE, CISM Executive Consultant Applied Control Solutions, LLC (408) 253-7934 joe.weiss@realtimeacs.com Stuart

947 views • 49 slides
Towards a Provably Secure DoS-Resilient Key Exchange Protocol with PFS 1 L. Kuppusamy * J.

Towards a Provably Secure DoS-Resilient Key Exchange Protocol with PFS 1 L. Kuppusamy * J.

Introduction Contributions Conclusion Towards a Provably Secure DoS-Resilient Key Exchange Protocol with PFS 1 L. Kuppusamy * J. Rangasamy * D. Stebila * C. Boyd * J.M. Gonzlez Nieto * * Information Security Institute Queensland

943 views • 22 slides
Network Anomaly Detection in Modbus TCP Industrial Control Systems RP1 #52: Industrial Control

Network Anomaly Detection in Modbus TCP Industrial Control Systems RP1 #52: Industrial Control

Network Anomaly Detection in Modbus TCP Industrial Control Systems RP1 #52: Industrial Control Systems Research Philipp Mieden & Rutger Beltman, 2020 Supervisor: Bartosz Czaszynski, Deloitte Industrial Network VS Corporate Network 2

379 views • 35 slides
Take Control Automated Control Industrial Engineering Industrial I.T. C/ Halcn n 20, 6H

Take Control Automated Control Industrial Engineering Industrial I.T. C/ Halcn n 20, 6H

Programming and Automation Ltd. www.proconingenieros.com Take Control Automated Control Industrial Engineering Industrial I.T. C/ Halcn n 20, 6H Granada. info@proconingenieros.com Automation and control Industrial I.T. - Industrial

304 views • 19 slides
DEVELOPING INDUSTRIAL ROBOT USING POLYMERIC MATERIALS & ADAPTIVE SYSTEM CONTROL GENERAL

DEVELOPING INDUSTRIAL ROBOT USING POLYMERIC MATERIALS & ADAPTIVE SYSTEM CONTROL GENERAL

DEVELOPING INDUSTRIAL ROBOT USING POLYMERIC MATERIALS & ADAPTIVE SYSTEM CONTROL GENERAL INFORMATION: Studying and developing of an industrial robot-manipulator using polymeric materials and adaptive system control. Cybernation and

194 views • 15 slides
system in one or both of the following two periods: 1880-1914 or 1914-1939. Across the political

system in one or both of the following two periods: 1880-1914 or 1914-1939. Across the political

1 Manufacturing and Government It can be argued that Britains industrial decline should be attributed (in part at least) to the failure of industrial capitalism to secure the support of the state for a programme of protection and modernisation.

457 views • 23 slides
Fault-Resilient In-Band Control Plane Ermin Sakic, Amaury Van Bemten, Mirza Avdic, Wolfgang

Fault-Resilient In-Band Control Plane Ermin Sakic, Amaury Van Bemten, Mirza Avdic, Wolfgang

Automated Bootstrapping of A Fault-Resilient In-Band Control Plane Ermin Sakic, Amaury Van Bemten, Mirza Avdic, Wolfgang Kellerer Technical University Munich & Siemens Germany ACM SOSR 2020 San Jose, March 3, 2020 INTRODUCTION Industrial

597 views • 44 slides
G r o w i n g C o m p l e x i t y Source: Obregon, L. (2015). Secure

G r o w i n g C o m p l e x i t y Source: Obregon, L. (2015). Secure

G r o w i n g C o m p l e x i t y Source: Obregon, L. (2015). Secure architecture for industrial control systems. SANS Institute InfoSec Reading Room . Source:

739 views • 26 slides
Legacy-Compliant Data Authentication for Industrial Control System Traffic John Henry

Legacy-Compliant Data Authentication for Industrial Control System Traffic John Henry

Legacy-Compliant Data Authentication for Industrial Control System Traffic John Henry Castellanos, Daniele Antonioli, Nils Ole Tippenhauer and Martn Ochoa Singapore University of Technology and Design 15 th International Conference on Applied

679 views • 45 slides
IT Service Management Research and Education: A Global View Prof. Dr. Ali Yazc (1) and Paul

IT Service Management Research and Education: A Global View Prof. Dr. Ali Yazc (1) and Paul

IT Service Management Research and Education: A Global View Prof. Dr. Ali Yazc (1) and Paul Kontogiorgis (2) 1 Atilim University, Software Engineering Department, Ankara, Turkey 2 IBM IT Services Curriculum Program Director, USA Agenda

568 views • 22 slides
Comparison of congestion management techniques: nodal, zonal and discriminatory pricing

Comparison of congestion management techniques: nodal, zonal and discriminatory pricing

Comparison of congestion management techniques: nodal, zonal and discriminatory pricing Thomas-Olivier Lautier (thomas.leautier@iae-toulouse.fr) Toulouse, June 2014 Unconstrained dispatch c I q c E q I E p U P I q

590 views • 9 slides
Coalition Spring Training Conference The Federal Marketplace Initiative May 16, 2019

Coalition Spring Training Conference The Federal Marketplace Initiative May 16, 2019

Coalition Spring Training Conference The Federal Marketplace Initiative May 16, 2019 Keystone Members Welcome Remarks Roger Waldron, President, Coalition for Government Procurement Title Sponsor e-Commerce Panel: Section 846 Phase II

1.1k views • 95 slides
Retaliation, Punishment and Sanction. Cognitive Modelling and Experimental Data* Rosaria Conte

Retaliation, Punishment and Sanction. Cognitive Modelling and Experimental Data* Rosaria Conte

Retaliation, Punishment and Sanction. Cognitive Modelling and Experimental Data* Rosaria Conte LABSS (Laboratory for Agent-Based Social Simulation) Institute of Cognitive Sciences and Technologies Italy SIntelNet Workshop May 31- June 01,

320 views • 28 slides
Comparison between Different Transport Models Pawel Danielewicz National Superconducting

Comparison between Different Transport Models Pawel Danielewicz National Superconducting

Introduction Successes & Failures Comparison Project Impacts: TuQMD Example Conclusions Comparison between Different Transport Models Pawel Danielewicz National Superconducting Cyclotron Laboratory Michigan State University Probing

534 views • 34 slides
A General Theory of Backward Stochastic Difference Equations Robert J. Elliott and Samuel N.

A General Theory of Backward Stochastic Difference Equations Robert J. Elliott and Samuel N.

A General Theory of Backward Stochastic Difference Equations A General Theory of Backward Stochastic Difference Equations Robert J. Elliott and Samuel N. Cohen University of Adelaide and University of Calgary July 2, 2009 A General Theory of

605 views • 31 slides
Regularity of Bound States Jeremy Faupin Institut de Math ematiques de Bordeaux

Regularity of Bound States Jeremy Faupin Institut de Math ematiques de Bordeaux

Regularity of Bound States Jeremy Faupin Institut de Math ematiques de Bordeaux Universit e de Bordeaux 1 France Jacob Schach Mller Erik Skibsted Department of Mathematical Sciences Aarhus University Denmark March 8,

702 views • 68 slides
Logic-based test coverage Basic approach Clauses and predicates Basic coverage criteria: CC, PC,

Logic-based test coverage Basic approach Clauses and predicates Basic coverage criteria: CC, PC,

Logic-based test coverage Basic approach Clauses and predicates Basic coverage criteria: CC, PC, CoC Structural logic coverage of source code Logic coverage of specifications Active clause coverage criteria (GACC, CACC, RACC) Verificao e

829 views • 34 slides

More recommend