CONTROL SYSTEM CYBER-SECURITY
#1

Abstract

Over the last few years modern accelerator and experiment control systems have increasingly been based on commercial-off-the-shelf products (VME crates, PLCs, SCADA systems, etc.), on Windows or Linux PCs, and on communication infrastructures using Ethernet and TCP/IP. Despite the benefits coming with this ®evolution, new vulnerabilities are inherited, too: Worms and viruses spread within seconds via the Ethernet cable, and attackers are becoming interested in control systems. Unfortunately, control PCs cannot be patched as fast as office PCs. Even worse, vulnerability scans at CERN using standard IT tools have shown that commercial automation systems lack fundamental security precautions: Some systems crashed during the scan, others could easily be stopped or their process data be altered . The (CS)2/HEP workshop [2] held the weekend before ICALEPCS2007 was intended to present, share, and discuss countermeasures deployed in HEP laboratories in order to secure control systems. This presentation will give a summary of the solutions planned, deployed and the experience gained.

Presented By
S. Lüders*, CERN, Geneva, Switzerland


INTRODUCTION
The enormous growth of the worldwide interconnectivity of computing devices (the Internet) during the last decade offers computer users new means to share and distribute information and data. In industry, this results in an adoption of modern Information Technologies (IT) to their plants and, subsequently, in an increasing integration of the production facilities, i.e. their process control and automation systems, and the data warehouses. Thus, information from the factory floor is now directly available at the management level (From Shop-Floor to Top-Floor) and can be manipulated from there. However, with a thorough inter-connection of business and controls network, the risk of suffering from a security breach in distributed process control and automation systems# increases. This risk can be expressed as in the following formula: Risk = Threat × Vulnerability × Consequence The different factors are explained in the following. Threats This interconnected world is by far more hostile than a local private controls network. The number of potential threats increases as worms and viruses can now easily propagate to control systems and attackers start to become interested in control systems too. Additional threats can be operators or engineers who download configuration data to the wrong device, or broken controls devices that flood the controls network and, thus, bring it to a halt. The major part of the factor threat originates from outside and cannot be significantly reduced. Thus, protective measures have to be implemented to prevent external threats penetrating control systems. These protective measures should also prevent insiders from (deliberate or accidental) unauthorized access.

Vulnerabilities
The adoption of standard modern IT in control systems also exposes their inherent vulnerabilities to the world. Programmable Logic Controllers (PLCs) and other controls devices (even valves or temperature sensors) are nowadays directly connected to Ethernet, but often completely lack security protections [1]. Control PCs are based on Linux and Microsoft Windows operating systems, where the latter is not designed for control systems but for office usage. Even worse, control PCs can not be patched that easily, as this has to be scheduled beforehand. In addition, controls applications may either not be compliant with a particular patch or software licenses to run controls applications may become invalid. Finally, using emailing or web servers has become normal on control systems today; even web cameras and laptops can now be part of them. The vulnerability factor can either be minimized by guaranteeing a prompt fix of published or known vulnerabilities, and/or by adding pro-active measures to secure the unknown, potential or not-fixable vulnerabilities.

Consequences
Within the High-Energy Physics (HEP) community, control systems are used for the operation of the large and complex accelerators and beam lines, the attached experiments, as well as for the technical infrastructure (e.g. power & electricity, cooling & ventilation). All are running a wide variety of control systems, some of them complex, some of them dealing with personnel safety, some of them controlling or protecting very expensive or irreplaceable equipment. Thus, the consequences from suffering a security incident are inherent to the design of e.g. accelerators at stake. A security incident can lead to loss of beam time and physics data, or ” even worse ” damage to, or destruction of, unique equipment and hardware.

Control System Cyber-Security in HEP
In order to cope with the growing usage of standard IT technologies in control systems, several HEP laboratories worldwide have reviewed their operation principles by taking the aspect of security into account. This paper will give a summary on the Control System Cyber-Security
Reply

Important Note..!

If you are not satisfied with above reply ,..Please

ASK HERE

So that we will collect data for you and will made reply to the request....OR try below "QUICK REPLY" box to add a reply to this page
Popular Searches: 7th annual cyber security seminar, cyber security seminar report, cyber security hindi pdf, indeterminate hep c, ppt on cyber security topic, cyber security ppt download, latest seminar topics for cyber security,

[-]
Quick Reply
Message
Type your reply to this message here.

Image Verification
Please enter the text contained within the image into the text box below it. This process is used to prevent automated spam bots.
Image Verification
(case insensitive)

Possibly Related Threads...
Thread Author Replies Views Last Post
  Home appliance & pc Cursor control by mobile phone (DTMF) smart paper boy 3 3,553 21-05-2015, 03:16 PM
Last Post: seminar report asees
  MICRO CONTROLLER BASED SECURITY SYSTEM USING SONAR ajukrishnan 5 7,146 31-01-2015, 11:55 PM
Last Post: Guest
  Android Mobile Security – An Issue of Future computer girl 2 2,390 24-08-2013, 10:26 AM
Last Post: computer topic
  APPLE – A Novel Approach for Direct Energy Weapon Control project topics 13 6,990 04-03-2013, 11:43 AM
Last Post: seminar details
  Implementation of Obstacle Avoidance and ZigBee Control Functions for Omni Directiona seminar class 3 2,832 12-02-2013, 09:16 AM
Last Post: Guest
  GLOBAL SYSTEM FOR MOBILE COMMUNICATIONS & SECURITY full report seminar presentation 1 2,729 06-02-2013, 10:02 AM
Last Post: seminar details
  Automatic Power Factor Control seminar class 4 4,691 25-01-2013, 11:38 AM
Last Post: seminar details
  DISTRIBUTED CALL ADMISSION CONTROL SCHEME FOR MOBILE MICRO-CELLULAR NETWORKS project topics 2 2,934 24-01-2013, 09:31 PM
Last Post: fake_lover01
  ADVANCED COMPUTER ANALYSIS OF POWER SYSTEM CONTROL AND POWER ELECTRONICS TRANSIENTS seminar class 1 1,843 01-12-2012, 01:40 PM
Last Post: seminar details
  Design & Development of a GSM Based Vehicle Theft Control System seminar class 9 11,418 29-11-2012, 01:15 PM
Last Post: seminar details

Forum Jump: