Virtual incident response functions in control systems

In the past decade the security of industrial control systems has emerged as a research priority in order to safeguard our critical infrastructures. A large number of research efforts have focused on intrusion detection in industrial networks, however, few of them discuss what to do after an intrusi...

Full description

Saved in:
Bibliographic Details
Published inComputer networks (Amsterdam, Netherlands : 1999) Vol. 135; pp. 147 - 159
Main Authors Piedrahita, Andrés F. Murillo, Gaur, Vikram, Giraldo, Jairo, Cardenas, Alvaro A., Rueda, Sandra Julieta
Format Journal Article
LanguageEnglish
Published Amsterdam Elsevier B.V 22.04.2018
Elsevier Sequoia S.A
Subjects
Automatic control
Cloud computing
Control systems
Cybersecurity
Defense industry
Industrial electronics
Intrusion detection systems
Response functions
Virtual networks
Online AccessGet full text

Cover

More Information
Summary:In the past decade the security of industrial control systems has emerged as a research priority in order to safeguard our critical infrastructures. A large number of research efforts have focused on intrusion detection in industrial networks, however, few of them discuss what to do after an intrusion has been detected. Because the safety of most of these control systems is time-sensitive, we need new research on automatic incident response. In this article we show how software-defined networks, and network-function virtualization can facilitate automatic incident response to a variety of attacks against industrial networks. We also prototype an incident response solution that detects and responds automatically to sensor attacks and controller attacks. Our work shows the promise that cloud-enabled software-defined networks and virtual infrastructures hold as a way to provide novel defense-in-depth solutions for industrial systems.
ISSN:1389-1286
1872-7069
DOI:10.1016/j.comnet.2018.01.040