skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Emerging Techniques for Field Device Security

Abstract

Critical infrastructure, such as electrical power plants and oil refineries, rely on embedded devices to control essential processes. State of the art security is unable to detect attacks on these devices at the hardware or firmware level. We provide an overview of the hardware used in industrial control system field devices, look at how these devices have been attacked, and discuss techniques and new technologies that may be used to secure them. We follow three themes: (1) Inspectability, the capability for an external arbiter to monitor the internal state of a device. (2) Trustworthiness, the degree to which a system will continue to function correctly despite disruption, error, or attack. (3) Diversity, the use of adaptive systems and complexity to make attacks more difficult by reducing the feasible attack surface.

Authors:
 [1];  [2];  [2];  [2]
  1. Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Bechtel Corp. (United States)
  2. Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)
Publication Date:
Research Org.:
Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Sandia National Laboratories, Livermore, CA
Sponsoring Org.:
USDOE Office of Electricity Delivery and Energy Reliability (OE), Infrastructure Security and Energy Restoration (ISER) (OE-30)
OSTI Identifier:
1183104
Report Number(s):
SAND-2014-17095J
Journal ID: ISSN 1540-7993; 537058
Grant/Contract Number:  
AC04-94AL85000
Resource Type:
Journal Article: Accepted Manuscript
Journal Name:
IEEE Security & Privacy
Additional Journal Information:
Journal Volume: 12; Journal Issue: 6; Journal ID: ISSN 1540-7993
Publisher:
IEEE
Country of Publication:
United States
Language:
English
Subject:
97 MATHEMATICS AND COMPUTING

Citation Formats

Schwartz, Moses, Mulder, John, Chavez, Adrian R., and Allan, Benjamin A. Emerging Techniques for Field Device Security. United States: N. p., 2014. Web. doi:10.1109/MSP.2014.114.
Schwartz, Moses, Mulder, John, Chavez, Adrian R., & Allan, Benjamin A. Emerging Techniques for Field Device Security. United States. doi:10.1109/MSP.2014.114.
Schwartz, Moses, Mulder, John, Chavez, Adrian R., and Allan, Benjamin A. Sat . "Emerging Techniques for Field Device Security". United States. doi:10.1109/MSP.2014.114. https://www.osti.gov/servlets/purl/1183104.
@article{osti_1183104,
title = {Emerging Techniques for Field Device Security},
author = {Schwartz, Moses and Mulder, John and Chavez, Adrian R. and Allan, Benjamin A.},
abstractNote = {Critical infrastructure, such as electrical power plants and oil refineries, rely on embedded devices to control essential processes. State of the art security is unable to detect attacks on these devices at the hardware or firmware level. We provide an overview of the hardware used in industrial control system field devices, look at how these devices have been attacked, and discuss techniques and new technologies that may be used to secure them. We follow three themes: (1) Inspectability, the capability for an external arbiter to monitor the internal state of a device. (2) Trustworthiness, the degree to which a system will continue to function correctly despite disruption, error, or attack. (3) Diversity, the use of adaptive systems and complexity to make attacks more difficult by reducing the feasible attack surface.},
doi = {10.1109/MSP.2014.114},
journal = {IEEE Security & Privacy},
issn = {1540-7993},
number = 6,
volume = 12,
place = {United States},
year = {2014},
month = {11}
}

Journal Article:
Free Publicly Available Full Text
Publisher's Version of Record

Citation Metrics:
Cited by: 1 work
Citation information provided by
Web of Science

Save / Share:

Works referencing / citing this record:

Anomaly Detection as a Service: Challenges, Advances, and Opportunities
journal, October 2017

  • Yao, Danfeng (Daphne); Shu, Xiaokui; Cheng, Long
  • Synthesis Lectures on Information Security, Privacy, and Trust, Vol. 9, Issue 3
  • DOI: 10.2200/s00800ed1v01y201709spt022