A Distributed IDS for Industrial Control Systems

• Published in: International journal of cyber warfare and terrorism Vol. 4; no. 2; pp. 1 - 22
• Main Authors: Cruz, Tiago, Proença, Jorge, Simões, Paulo, Aubigny, Matthieu, Ouedraogo, Moussa, Graziano, Antonio, Maglaras, Leandros
• Format: Journal Article
• Language: English
• Published: Hershey IGI Global 01.04.2014
• Subjects: Computer information security; Control systems; Cybersecurity; Cyberterrorism; Detectors; Industrial electronics; Intrusion; Intrusion detection systems; Investment analysis; Mediation; Security; Shadows; Supervisory control and data acquisition; Threats; Vulnerability
• ISSN: 1947-3435; 1947-3443
• DOI: 10.4018/ijcwt.2014040101

Cyber-threats are one of the most significant problems faced by modern Industrial Control Systems (ICS), such as SCADA (Supervisory Control and Data Acquisition) systems, as the vulnerabilities of ICS technology become serious threats that can ultimately compromise human lives. This situation demands a domain-specific approach to cyber threat detection within ICS, which is one of the most important contributions of the CockpitCI FP7 project (http://CockpitCI.eu). Specifically, this paper will present the CockpitCI distributed Intrusion Detection System (IDS) for ICS, which provides its core cyber-detection and analysis capabilities, also including a description of its components, in terms of role, operation, integration, and remote management. Moreover, it will also introduce and describe new domain-specific solutions for ICS security such as the SCADA Honeypot and the Shadow Security Unit, which are part of the CockcpitCI IDS framework.