Using detection in depth to counter SCADA-specific advanced persistent threats
Date
2014-04-01
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
A heavy focus has recently been placed on the current state of each country’s critical
infrastructure security. Unfortunately, widely deployed supervisory control and data
acquisition (SCADA) protocols provide little to no inherent security controls while
traditional security mechanisms prove largely ineffective in industrial control
environments. Moreover, the recent advent of advanced persistent threats (APTs) has
highlighted the relative ineffectiveness of existing SCADA-centric security solutions.
In this thesis I will identify various algorithmic strategies for detecting and mitigating
common APT attack vectors impacting SCADA environments. Primarily, the integration
of flow-based intrusion detection systems, passive device fingerprinting, low-
interaction honeypots, and traditional signature-
based intrusion detection technologies provides a highly effective capacity for detecting
common attack vectors used by APTs. Finally I will show how the integration of these
technologies into a single security solution has provided a verifiably robust and effective
solution for the problem at hand.
Description
Keywords
Industrial control security, SCADA security, Advanced persistent threats, Intrusion detection, Intrusion prevention, Critical infrastructure security