Smart solution to out-smart cyberthreats
Security in industrial control systems and critical infrastructures can no longer be taken for granted. Ever increasing interconnectivity, open systems and the Internet of Things (IoT) highlight the need for incorporating cybersecurity in system design. The EU-funded project SCISSOR has responded with a security framework for supervisory control and data acquisition (SCADA) architectures. The SCISSOR solution comprises a number of components, each important in their own right and together representing a strong security monitoring framework. Smart cameras detect events and convert them in a log based on Intrusion Detection Message Exchange Format (IDMEF). This is a data format used in computer security for reporting and exchanging of incidents. Other layers include a traffic probe that detects malicious traffic in a network with an industrial protocol and attribute-based encryption. The last two developments have to do with building edge agents and logs transfer through IDMEF, and autonomous and wireless sensors that can be charged by a remote energy source. The latter feature is very important for hiding countermeasures. A global architecture for global needs Designed for smart grids in particular, “the SCISSOR framework produces a large quantity of heterogeneous logs coming from our industrial probes, our camera events, sensors, SCADA, etc.,” notes Mr Cédric Tavernier, project coordinator and Technical Expert in Cyber Security at Assystem. “It was a challenge to translate it in a standard format such as the IDMEF,” he states. However, the project’s security information and event management (SIEM) is based on correlation and behavioural detection. This represents a strong result as behavioural detection is realised from a Bayesian network, which offers several advantages for data analysis. Importantly, the overall result is a positive one, with the project coordinator noting that the global architecture is absolutely realistic for most industries. As per Tavernier, one important Assystem customer reports, “SCISSOR represents the architecture that we expect for the future.” Working wonders with existing tools SCISSOR partners relied on available methodologies such as EBIOS risk analysis and the defence in depth and isolation approaches. The research produced new results and promises enhanced security monitoring. “We have customised the Prelude (using SIEM) interfaces in order to efficiently manage cameras and take into account specific equipment like sensors,” says Tavernier. Project work, research and deliverables have been communicated through publications and presentations and through different media in various countries. The latest event SCISSOR participated in was FIC 2018 – the International Forum on Cybersecurity held in France. 24/7 cybersecurity: No sleep for the wicked, or those guarding against them Ensuring cybersecurity means following – and advancing – developments, and so SCISSOR partners will too. Research around authentication systems and especially on attribute-based encryption pushed them to extend their agenda in this field. The project team will continue through the Irt-SystemX initiative. This is an IoT project targeting an efficient method for the protection of sensors, and also providing the possibility to accommodate the OpenSCISSOR initiative. “The principles used in SCISSOR correspond to the need in industry to protect production line, smart grids, IoTs, etc.,” Tavernier underlines, adding: “Thus of course Assystem will continue to promote SCISSOR and will try to sell this architecture.” Although SCISSOR was dedicated to SCADA and smart grid protection, the project coordinator emphasises that it was clearly an IoT project supporting very interesting ideas on the IoT of tomorrow. In this context, the partners have also carefully worked on the scalability of the project-developed architecture for very large smart grids.
Keywords
SCISSOR, IoT, smart grid, SCADA, cybersecurity, security monitoring, Intrusion Detection Message Exchange Format (IDMEF), SIEM, data acquisition
