skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Mitigations for Security Vulnerabilities Found in Control System Networks

Abstract

Industry is aware of the need for Control System (CS) security, but in on-site assessments, Idaho National Laboratory (INL) has observed that security procedures and devices are not consistently and effectively implemented. The Department of Homeland Security (DHS), National Cyber Security Division (NCSD), established the Control Systems Security Center (CSSC) at INL to help industry and government improve the security of the CSs used in the nation's critical infrastructures. One of the main CSSC objectives is to identify control system vulnerabilities and develop effective mitigations for them. This paper discusses common problems and vulnerabilities seen in on-site CS assessments and suggests mitigation strategies to provide asset owners with the information they need to better protect their systems from common security flows.

Authors:
Publication Date:
Research Org.:
Idaho National Laboratory (INL)
Sponsoring Org.:
USDOE
OSTI Identifier:
911817
Report Number(s):
INL/CON-06-12001
TRN: US200801%%261
DOE Contract Number:
DE-AC07-99ID-13727
Resource Type:
Conference
Resource Relation:
Conference: 16th Annual Joint ISA POWID/EPRI Controls and Instrumentation Conference,05/08/2006
Country of Publication:
United States
Language:
English
Subject:
99 - GENERAL AND MISCELLANEOUS//MATHEMATICS, COMPUTING, AND INFORMATION SCIENCE; CONTROL SYSTEMS; MITIGATION; SECURITY; control system security; mitigation

Citation Formats

Trent D. Nelson. Mitigations for Security Vulnerabilities Found in Control System Networks. United States: N. p., 2006. Web.
Trent D. Nelson. Mitigations for Security Vulnerabilities Found in Control System Networks. United States.
Trent D. Nelson. Mon . "Mitigations for Security Vulnerabilities Found in Control System Networks". United States. doi:. https://www.osti.gov/servlets/purl/911817.
@article{osti_911817,
title = {Mitigations for Security Vulnerabilities Found in Control System Networks},
author = {Trent D. Nelson},
abstractNote = {Industry is aware of the need for Control System (CS) security, but in on-site assessments, Idaho National Laboratory (INL) has observed that security procedures and devices are not consistently and effectively implemented. The Department of Homeland Security (DHS), National Cyber Security Division (NCSD), established the Control Systems Security Center (CSSC) at INL to help industry and government improve the security of the CSs used in the nation's critical infrastructures. One of the main CSSC objectives is to identify control system vulnerabilities and develop effective mitigations for them. This paper discusses common problems and vulnerabilities seen in on-site CS assessments and suggests mitigation strategies to provide asset owners with the information they need to better protect their systems from common security flows.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {Mon May 01 00:00:00 EDT 2006},
month = {Mon May 01 00:00:00 EDT 2006}
}

Conference:
Other availability
Please see Document Availability for additional information on obtaining the full-text document. Library patrons may search WorldCat to identify libraries that hold this conference proceeding.

Save / Share:
  • The recent introduction of information technologies such as Ethernet R into nuclear industry control devices has resulted in significantly less isolation from the outside world. This raises the question of whether these systems could be attacked by malware, network hackers or professional criminals to cause disruption to critical operations in a manner similar to the impacts now felt in the business world. To help answer this question, a study was undertaken to test a representative control protocol to determine if it had vulnerabilities that could be exploited. A framework was created in which a test could express a large numbermore » of test cases in very compact formal language. This in turn, allowed for the economical automation of both the generation of selectively malformed protocol traffic and the measurement of device under test's (DUT) behavior in response to this traffic. Approximately 5000 protocol conformance tests were run against two major brands of industrial controller. More than 60 categories of errors were discovered, the majority of which were in the form of incorrect error responses to malformed traffic. Several malformed packets however, caused the device to respond or communicate in inappropriate ways. These would be relatively simple for an attacker to inject into a system and could result in the plant operator losing complete view or control of the control device. Based on this relatively small set of devices, we believe that the nuclear industry urgently needs to adopt better security robustness testing of control devices as standard practice. (authors)« less
  • No abstract prepared.
  • Abstract not provided.
  • Abstract not provided.
  • A framework for dynamic security enhancement based on area-wise preventive control is proposed. The power system is partitioned into areas for stability evaluation using the transient energy margin. Area vulnerability is evaluated based on the sensitivity of the energy margin w.r.t. controls in the given areas of the system. The areas of the system which contribute significantly to instability are labeled critical or weak areas and preventive control is applied in those areas of the system. The final control application is achieved by the use of artificial neural network (ANN) to compute the control inputs.