Integration of a System for Critical Infrastructure Protection with the OSSIM SIEM Platform: A dam case study

• Published in: Computer Safety, Reliability, and Security pp. 199 - 212
• Main Authors: Coppolino, Luigi, D’Antonio, Salvatore, Formicola, Valerio, Romano, Luigi
• Format: Book Chapter
• Language: English
• Published: Berlin, Heidelberg Springer Berlin Heidelberg 2011
• Series: Lecture Notes in Computer Science
• Subjects: Critical Infrastructure Protection; dam; OSSIM; SIEM
• ISBN: 3642242693; 9783642242694
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-642-24270-0_15

In recent years the monitoring and control devices in charge of supervising the critical processes of Critical Infrastructures have been victims of cyber attacks. To face such threat, organizations providing critical services are increasingly focusing on protecting their network infrastructures. Security Information and Event Management (SIEM) frameworks support network protection by performing centralized correlation of network asset reports. In this work we propose an extension of a commercial SIEM framework, namely OSSIM by AlienVault, to perform the analysis of the reports (events) generated by monitoring, control and security devices of the dam infrastructure. Our objective is to obtain evidences of misuses and malicious activities occurring at the dam monitoring and control system, since they can result in issuing hazardous commands to control devices. We present examples of misuses and malicious activities and procedures to extend OSSIM for analyzing new event types.