This document summarizes the implementation of a security policy at CERN to protect its control systems from cyber threats. It discusses establishing separate network domains, centralized installation schemes for Linux and Windows systems, and user training. Authentication is based on role-based access control. Incident response involves the security team and domain administrators. The implementation uses a defense-in-depth approach across multiple levels to minimize risks to CERN's operations and assets from threats exploiting vulnerabilities in its increasingly standard IT-based control infrastructure.
This 2-part presentation, "Mission Critical Security in a Post-Stuxnet World," contains slides from the Hirschmann 2011 Mission Critical Network Design Seminar. It summarizes a lot of information about the Stuxnet malware and discusses what it means for the future of SCADA and ICS security.
The presentation is ideal for anyone needing a crash course on Stuxnet, or as a tool for informing management about the implications of it.
The document provides information about various cybersecurity incidents involving critical infrastructure systems. It summarizes past events where control systems for wastewater treatment plants, nuclear power plants, oil pipelines, and more were compromised in various ways. Each event summary includes details about the specific impacts and lessons learned about how to better secure these types of industrial control systems.
1) The FSRU Toscana is a floating storage and regasification unit anchored 22km offshore between Livorno and Pisa, Italy.
2) The initial communication link between the FSRU and shore had insufficient bandwidth and challenges due to the long distance over water.
3) The final solution installed three connection points - one onshore, one at a 900m elevation rebound point, and one on the FSRU itself - creating a 75km link instead of the initial 22km and overcoming line of sight issues.
Iaona handbook for network security - draft rfc 0.4Ivan Carmona
This document is a draft version 0.4 of The IAONA Handbook for Network Security published by IAONA e.V. It was contributed to by various parties and organizations. The handbook aims to provide guidance on securing industrial automation networks, which require high availability and have more serious consequences from disruptions than typical office networks. It covers remote access methods, defining security terms and categories, descriptions of common network protocols and services, and a security survey.
Triconex is a leading supplier of emergency shutdown (ESD) systems that protect personnel, equipment, and the environment from hazardous situations. Their ESD systems use triple modular redundancy technology to ensure extremely high reliability and availability. By choosing a Triconex ESD system, customers can feel confident that their system will safely shutdown processes in an emergency without any single point of failure.
Next Generation Network: Security and Architectureijsrd.com
Wireless sensor networks will be widely deployed in the near future. While much research has focused on making these networks feasible and useful, security has received little attention. Wireless Sensor Networks (WSN) are a most challenging and emerging technology for the Research due to their vital scope in the field coupled with their low processing power and associated low energy. As wireless sensor networks continue to grow, so does the need for effective security mechanisms. Because sensor networks may interact with sensitive data and/or operate in hostile unattended environments, it is imperative that these security concerns be addressed from the beginning of the system design staring with a brief overview of the sensor networks security, a review is made of and how to provide the security in the wireless sensor networks. This paper studies the security problems, Requirement, Architecture of WSN and different platform, characterized by severely constrained computational and energy resources, and an ad hoc operational environment.
Research of Intrusion Preventio System based on SnortFrancis Yang
This document is a graduation thesis from Beijing University of Posts and Telecommunications titled "Research of Intrusion Prevention System based on Snort". It designs and implements an intrusion prevention module based on the open-source Snort intrusion detection system. The document introduces intrusion detection systems and intrusion prevention systems. It then analyzes Snort and describes building a Snort environment. Finally, it presents two designs for transforming Snort into an intrusion prevention system using Netfilter and Netlink sockets.
Infrastructure Attacks - The Next generation, ESET LLCInfosec Europe
The document discusses the Stuxnet malware attack and its implications. It analyzes how Stuxnet used multiple zero-day vulnerabilities to target Siemens industrial control systems. While initially semi-targeted, its promiscuous spreading demonstrated how infrastructure attacks could be conceived on a massive scale. The attack highlighted vulnerabilities in critical systems and their connections to other networks. It established a template for sophisticated cyberattacks against infrastructure that governments and security professionals must address.
This 2-part presentation, "Mission Critical Security in a Post-Stuxnet World," contains slides from the Hirschmann 2011 Mission Critical Network Design Seminar. It summarizes a lot of information about the Stuxnet malware and discusses what it means for the future of SCADA and ICS security.
The presentation is ideal for anyone needing a crash course on Stuxnet, or as a tool for informing management about the implications of it.
The document provides information about various cybersecurity incidents involving critical infrastructure systems. It summarizes past events where control systems for wastewater treatment plants, nuclear power plants, oil pipelines, and more were compromised in various ways. Each event summary includes details about the specific impacts and lessons learned about how to better secure these types of industrial control systems.
1) The FSRU Toscana is a floating storage and regasification unit anchored 22km offshore between Livorno and Pisa, Italy.
2) The initial communication link between the FSRU and shore had insufficient bandwidth and challenges due to the long distance over water.
3) The final solution installed three connection points - one onshore, one at a 900m elevation rebound point, and one on the FSRU itself - creating a 75km link instead of the initial 22km and overcoming line of sight issues.
Iaona handbook for network security - draft rfc 0.4Ivan Carmona
This document is a draft version 0.4 of The IAONA Handbook for Network Security published by IAONA e.V. It was contributed to by various parties and organizations. The handbook aims to provide guidance on securing industrial automation networks, which require high availability and have more serious consequences from disruptions than typical office networks. It covers remote access methods, defining security terms and categories, descriptions of common network protocols and services, and a security survey.
Triconex is a leading supplier of emergency shutdown (ESD) systems that protect personnel, equipment, and the environment from hazardous situations. Their ESD systems use triple modular redundancy technology to ensure extremely high reliability and availability. By choosing a Triconex ESD system, customers can feel confident that their system will safely shutdown processes in an emergency without any single point of failure.
Next Generation Network: Security and Architectureijsrd.com
Wireless sensor networks will be widely deployed in the near future. While much research has focused on making these networks feasible and useful, security has received little attention. Wireless Sensor Networks (WSN) are a most challenging and emerging technology for the Research due to their vital scope in the field coupled with their low processing power and associated low energy. As wireless sensor networks continue to grow, so does the need for effective security mechanisms. Because sensor networks may interact with sensitive data and/or operate in hostile unattended environments, it is imperative that these security concerns be addressed from the beginning of the system design staring with a brief overview of the sensor networks security, a review is made of and how to provide the security in the wireless sensor networks. This paper studies the security problems, Requirement, Architecture of WSN and different platform, characterized by severely constrained computational and energy resources, and an ad hoc operational environment.
Research of Intrusion Preventio System based on SnortFrancis Yang
This document is a graduation thesis from Beijing University of Posts and Telecommunications titled "Research of Intrusion Prevention System based on Snort". It designs and implements an intrusion prevention module based on the open-source Snort intrusion detection system. The document introduces intrusion detection systems and intrusion prevention systems. It then analyzes Snort and describes building a Snort environment. Finally, it presents two designs for transforming Snort into an intrusion prevention system using Netfilter and Netlink sockets.
Infrastructure Attacks - The Next generation, ESET LLCInfosec Europe
The document discusses the Stuxnet malware attack and its implications. It analyzes how Stuxnet used multiple zero-day vulnerabilities to target Siemens industrial control systems. While initially semi-targeted, its promiscuous spreading demonstrated how infrastructure attacks could be conceived on a massive scale. The attack highlighted vulnerabilities in critical systems and their connections to other networks. It established a template for sophisticated cyberattacks against infrastructure that governments and security professionals must address.
This document summarizes a proposed robust campus wide network defender system. It begins with an introduction to network security and the role of firewalls and intrusion detection systems. It then describes various attack generation and detection algorithms proposed as part of the system. These include algorithms for generating and detecting ICMP floods, SYN floods, LAND attacks, and XMAS attacks. The system is intended to integrate firewall and IDS capabilities to better defend against known attacks. The document concludes with discussions of the software development process and programming tools used to implement the proposed system.
Cyber-Defensive Architecture for Networked Industrial Control SystemsIJEACS
This paper deals with the inevitable consequence of the convenience and efficiency we benefit from the open, networked control system operation of safety-critical applications: vulnerability to such system from cyber-attacks. Even with numerous metrics and methods for intrusion detection and mitigation strategy, a complete detection and deterrence of internal code flaws and outside cyber-attacks has not been found and would not be found anytime soon. Considering the ever incompleteness of detection and prevention and the impact and consequence of mal-functions of the safety-critical operations caused by cyber incidents, this paper proposes a new computer control system architecture which assures resiliency even under compromised situations. The proposed architecture is centered on diversification of hardware systems and unidirectional communication from the proposed system in alerting suspicious activities to upper layers. This paper details the architectural structure of the proposed cyber defensive computer control system architecture for power substation applications and its validation in lab experimentation and on a cybersecurity testbed.
As the Supervisory Control and Data Acquisition (SCADA) system are deployed in infrastructures which are critical to the survival of a nation, they have emerged as a potential terrain for cyber-war, thus attracting the considered attention of ‘nation-states’. The analysis of worms like ‘stuxnet’ ‘flame’ and ‘duqu’ reveals the hand of a ‘nation-state’ in their design and deployment. Hence, the necessity to understand various issues in the defence of SCADA systems arises. The forensics of the SCADA system provide deep insight into the design and deployment of the worm (the malware) once the system is attacked. This is precisely the scope of this essay.
Network Architecture review in context of Information security helps to understand how to actually review the components of network with respect to best practices.
The Radiflow-NEC solution uses two-factor authentication and firewall rules enforced by Radiflow routers to securely limit industrial control system access during remote or on-site maintenance to specific devices and commands. NEC's physical security solutions combine with Radiflow's ruggedized routers to authenticate technicians' identities and continuously monitor their locations, only granting access to the devices and areas necessary to perform maintenance tasks. Any violations of the rules are instantly blocked and alerts are sent to the control center along with network traffic logs and video footage.
The document discusses securing industrial control systems (ICS) infrastructure for compliance with NERC CIP standards and beyond. It outlines the network security challenges for bulk power systems in meeting compliance standards while balancing performance and costs. Real-world security vulnerabilities are described from assessments done by the GAO and Department of Energy. The paper then explains how a unified threat management approach using a single security platform can help simplify NERC compliance by providing firewall, VPN, antivirus, IPS, and authentication capabilities required without needing separate point products. This integrated solution secures the infrastructure while maintaining performance.
This document introduces CoreTrace's BOUNCER application whitelisting solution. It discusses challenges with traditional endpoint security approaches and how BOUNCER addresses them through a whitelisting model that only allows approved applications and enables automatic updates to the whitelist. The document provides an overview of BOUNCER's technical capabilities and benefits, and includes a case study of its use by a utility to help meet NERC compliance requirements.
This document discusses honeypot security and provides an overview of honeypots. It defines a honeypot as a computer system set up to appear like a legitimate system in order to attract and monitor cyber attackers. Honeypots are used to gather information about attack techniques and patterns without exposing real systems to risk. The document outlines different types of honeypots based on interaction level and placement. It also discusses legal and privacy issues to consider when implementing honeypots and analyzes their usefulness as security tools compared to other techniques like firewalls and intrusion detection systems.
IRJET- Data Security in Local Network for Mobile using Distributed FirewallsIRJET Journal
Distributed firewalls provide data security in local networks by filtering network traffic according to security policies defined at a central management server. Distributed firewalls are host-resident software installed on endpoints that protect the entire network from internal and external threats. The central management server defines and distributes security policies to endpoints using pull or push techniques. Distributed firewalls offer advantages over traditional firewalls like topological independence and ability to filter protocols like FTP at endpoints. However, distributed firewalls also have disadvantages like reduced effectiveness of intrusion detection if the central management server is compromised and difficulty implementing intrusion detection across the entire network.
IRJET- Data Security in Local Network through Distributed Firewalls: A ReviewIRJET Journal
This document discusses distributed firewalls as an improvement over conventional firewalls. Distributed firewalls secure networks by protecting endpoints with individual firewall policies that are centrally managed. They overcome issues with conventional firewalls, which rely on network topology and single entry points. The document outlines the architecture of distributed firewalls, which consists of a management center that creates and distributes security policies to policy actuators on endpoints. These actuators enforce the policies and communicate with the management center. Distributed firewalls use policy languages, distribution schemes, and IPSec to securely manage and enforce individualized firewall policies throughout networks in a scalable way.
ZONeSEC is an EU project that developed an early warning framework for security in wide zones. It ran from 2014 to 2018. The framework integrates various sensors like radar, acoustic, and video analytics to detect physical and cyber threats. It uses distributed processing and data fusion to analyze signals from numerous scalable sensors. Three pilot demonstrations tested the integrated system in different environments and scenarios. The final pilot will integrate legacy systems, detect cyber and physical intrusions, and use drones for remote monitoring.
This document summarizes a technical seminar on security in embedded systems. It begins by defining an embedded system and network security. It then discusses reasons for hacking and a survey of security issues. It proposes both a hardware and hybrid hardware-software solution to security challenges and compares the proposed solutions to existing software solutions. Finally, it discusses future scopes like developing cryptographic chips and integrating security features into existing devices.
This document discusses correlating industrial control system (ICS) network behaviors and vulnerabilities to process performance trends in order to improve reliability. It proposes monitoring ICS network health indicators such as latency, packet loss, and protocol usage and associating abnormal conditions with process key performance indicators and failures. Analyzing this network and process data together over time could help identify problems earlier and better quantify return on security investments for ICS.
ZONeSEC is a European project that ran from 2014 to 2018 to develop an open framework for enhancing the cybersecurity of wide area surveillance systems that monitor critical infrastructure. The project involved 19 partners from 9 countries. It developed novel sensors, integrated legacy sensors, and implemented a system of systems architecture with distributed processing units and a common operational picture. Three on-site integration pilots were conducted to test the system on highways, water pipelines, and gas pipelines. The final user conference in October 2017 aimed to create awareness of the solution and collect feedback from critical infrastructure operators.
This document provides an overview and agenda for a presentation on the CCNA Security career path option. The presentation covers topics such as attack methodologies, security policies, cryptography, firewalls, VPNs, IPS, and layer 2 security. It aims to discuss security issues and relevant Cisco technologies at the associate level, using demonstrations of attacks and their mitigation. The goals are to supplement but not replace the CCNA Security certification course, and include both conceptual discussions and practical examples.
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...Area41
The talk will show you the techical details of Stuxnet in their full glory and make you appreciate this work of engineering more. Based on a code-level analysis of the Stuxnet PLC payload, the presentation will explain techniques therein that can be used for industrial espionage and sabotage by copycat attackers against competitor's production facilities. Currently recommended defenses, their shortcomings and alternative approaches will also be discussed.
Bio: Felix 'FX' Lindner is founder and technical lead of the Recurity Labs GmbH consulting and research team. He is also the leader of the Phenoelit group and loves to hack pretty much everything with a CPU and some communication, preferably networked. He looks back at 15+ years of (legal) hacking with only a couple Cisco IOS and SAP remote exploits, tools for hacking HP printers and protocol attacks lining the road.
IEEE Standard for Securing Legacy Scada Protocols (Sequi, Inc)sequi_inc
Presentation for Industrial Control Systems Joint Working Group (ICSJWG).
This presentation will lend insight to IEEE 1711-2010, a standard for securing substation serial-based SCADA assets, and its applicability across industry sectors: electric, oil, gas, water, and chemical. Also addressed are the benefits of its implementation on legacy retrofits, SCADA link management, and integrating legacy systems and Ethernet IP SCADA networks.
The document proposes an approach for automated defense against rootkit attacks through early detection and containment. It tracks dependencies between files and processes to automatically undo any damage caused by intrusions. The approach detects intrusions when malicious processes illegally access protected system zones. A prototype was developed demonstrating detection of a user-level rootkit, kernel-level rootkit, and stealth worm. Future work includes intrusion detection through system call and network anomalies.
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive functioning. Exercise causes chemical changes in the brain that may help boost feelings of calmness, happiness and focus.
This document summarizes a proposed robust campus wide network defender system. It begins with an introduction to network security and the role of firewalls and intrusion detection systems. It then describes various attack generation and detection algorithms proposed as part of the system. These include algorithms for generating and detecting ICMP floods, SYN floods, LAND attacks, and XMAS attacks. The system is intended to integrate firewall and IDS capabilities to better defend against known attacks. The document concludes with discussions of the software development process and programming tools used to implement the proposed system.
Cyber-Defensive Architecture for Networked Industrial Control SystemsIJEACS
This paper deals with the inevitable consequence of the convenience and efficiency we benefit from the open, networked control system operation of safety-critical applications: vulnerability to such system from cyber-attacks. Even with numerous metrics and methods for intrusion detection and mitigation strategy, a complete detection and deterrence of internal code flaws and outside cyber-attacks has not been found and would not be found anytime soon. Considering the ever incompleteness of detection and prevention and the impact and consequence of mal-functions of the safety-critical operations caused by cyber incidents, this paper proposes a new computer control system architecture which assures resiliency even under compromised situations. The proposed architecture is centered on diversification of hardware systems and unidirectional communication from the proposed system in alerting suspicious activities to upper layers. This paper details the architectural structure of the proposed cyber defensive computer control system architecture for power substation applications and its validation in lab experimentation and on a cybersecurity testbed.
As the Supervisory Control and Data Acquisition (SCADA) system are deployed in infrastructures which are critical to the survival of a nation, they have emerged as a potential terrain for cyber-war, thus attracting the considered attention of ‘nation-states’. The analysis of worms like ‘stuxnet’ ‘flame’ and ‘duqu’ reveals the hand of a ‘nation-state’ in their design and deployment. Hence, the necessity to understand various issues in the defence of SCADA systems arises. The forensics of the SCADA system provide deep insight into the design and deployment of the worm (the malware) once the system is attacked. This is precisely the scope of this essay.
Network Architecture review in context of Information security helps to understand how to actually review the components of network with respect to best practices.
The Radiflow-NEC solution uses two-factor authentication and firewall rules enforced by Radiflow routers to securely limit industrial control system access during remote or on-site maintenance to specific devices and commands. NEC's physical security solutions combine with Radiflow's ruggedized routers to authenticate technicians' identities and continuously monitor their locations, only granting access to the devices and areas necessary to perform maintenance tasks. Any violations of the rules are instantly blocked and alerts are sent to the control center along with network traffic logs and video footage.
The document discusses securing industrial control systems (ICS) infrastructure for compliance with NERC CIP standards and beyond. It outlines the network security challenges for bulk power systems in meeting compliance standards while balancing performance and costs. Real-world security vulnerabilities are described from assessments done by the GAO and Department of Energy. The paper then explains how a unified threat management approach using a single security platform can help simplify NERC compliance by providing firewall, VPN, antivirus, IPS, and authentication capabilities required without needing separate point products. This integrated solution secures the infrastructure while maintaining performance.
This document introduces CoreTrace's BOUNCER application whitelisting solution. It discusses challenges with traditional endpoint security approaches and how BOUNCER addresses them through a whitelisting model that only allows approved applications and enables automatic updates to the whitelist. The document provides an overview of BOUNCER's technical capabilities and benefits, and includes a case study of its use by a utility to help meet NERC compliance requirements.
This document discusses honeypot security and provides an overview of honeypots. It defines a honeypot as a computer system set up to appear like a legitimate system in order to attract and monitor cyber attackers. Honeypots are used to gather information about attack techniques and patterns without exposing real systems to risk. The document outlines different types of honeypots based on interaction level and placement. It also discusses legal and privacy issues to consider when implementing honeypots and analyzes their usefulness as security tools compared to other techniques like firewalls and intrusion detection systems.
IRJET- Data Security in Local Network for Mobile using Distributed FirewallsIRJET Journal
Distributed firewalls provide data security in local networks by filtering network traffic according to security policies defined at a central management server. Distributed firewalls are host-resident software installed on endpoints that protect the entire network from internal and external threats. The central management server defines and distributes security policies to endpoints using pull or push techniques. Distributed firewalls offer advantages over traditional firewalls like topological independence and ability to filter protocols like FTP at endpoints. However, distributed firewalls also have disadvantages like reduced effectiveness of intrusion detection if the central management server is compromised and difficulty implementing intrusion detection across the entire network.
IRJET- Data Security in Local Network through Distributed Firewalls: A ReviewIRJET Journal
This document discusses distributed firewalls as an improvement over conventional firewalls. Distributed firewalls secure networks by protecting endpoints with individual firewall policies that are centrally managed. They overcome issues with conventional firewalls, which rely on network topology and single entry points. The document outlines the architecture of distributed firewalls, which consists of a management center that creates and distributes security policies to policy actuators on endpoints. These actuators enforce the policies and communicate with the management center. Distributed firewalls use policy languages, distribution schemes, and IPSec to securely manage and enforce individualized firewall policies throughout networks in a scalable way.
ZONeSEC is an EU project that developed an early warning framework for security in wide zones. It ran from 2014 to 2018. The framework integrates various sensors like radar, acoustic, and video analytics to detect physical and cyber threats. It uses distributed processing and data fusion to analyze signals from numerous scalable sensors. Three pilot demonstrations tested the integrated system in different environments and scenarios. The final pilot will integrate legacy systems, detect cyber and physical intrusions, and use drones for remote monitoring.
This document summarizes a technical seminar on security in embedded systems. It begins by defining an embedded system and network security. It then discusses reasons for hacking and a survey of security issues. It proposes both a hardware and hybrid hardware-software solution to security challenges and compares the proposed solutions to existing software solutions. Finally, it discusses future scopes like developing cryptographic chips and integrating security features into existing devices.
This document discusses correlating industrial control system (ICS) network behaviors and vulnerabilities to process performance trends in order to improve reliability. It proposes monitoring ICS network health indicators such as latency, packet loss, and protocol usage and associating abnormal conditions with process key performance indicators and failures. Analyzing this network and process data together over time could help identify problems earlier and better quantify return on security investments for ICS.
ZONeSEC is a European project that ran from 2014 to 2018 to develop an open framework for enhancing the cybersecurity of wide area surveillance systems that monitor critical infrastructure. The project involved 19 partners from 9 countries. It developed novel sensors, integrated legacy sensors, and implemented a system of systems architecture with distributed processing units and a common operational picture. Three on-site integration pilots were conducted to test the system on highways, water pipelines, and gas pipelines. The final user conference in October 2017 aimed to create awareness of the solution and collect feedback from critical infrastructure operators.
This document provides an overview and agenda for a presentation on the CCNA Security career path option. The presentation covers topics such as attack methodologies, security policies, cryptography, firewalls, VPNs, IPS, and layer 2 security. It aims to discuss security issues and relevant Cisco technologies at the associate level, using demonstrations of attacks and their mitigation. The goals are to supplement but not replace the CCNA Security certification course, and include both conceptual discussions and practical examples.
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...Area41
The talk will show you the techical details of Stuxnet in their full glory and make you appreciate this work of engineering more. Based on a code-level analysis of the Stuxnet PLC payload, the presentation will explain techniques therein that can be used for industrial espionage and sabotage by copycat attackers against competitor's production facilities. Currently recommended defenses, their shortcomings and alternative approaches will also be discussed.
Bio: Felix 'FX' Lindner is founder and technical lead of the Recurity Labs GmbH consulting and research team. He is also the leader of the Phenoelit group and loves to hack pretty much everything with a CPU and some communication, preferably networked. He looks back at 15+ years of (legal) hacking with only a couple Cisco IOS and SAP remote exploits, tools for hacking HP printers and protocol attacks lining the road.
IEEE Standard for Securing Legacy Scada Protocols (Sequi, Inc)sequi_inc
Presentation for Industrial Control Systems Joint Working Group (ICSJWG).
This presentation will lend insight to IEEE 1711-2010, a standard for securing substation serial-based SCADA assets, and its applicability across industry sectors: electric, oil, gas, water, and chemical. Also addressed are the benefits of its implementation on legacy retrofits, SCADA link management, and integrating legacy systems and Ethernet IP SCADA networks.
The document proposes an approach for automated defense against rootkit attacks through early detection and containment. It tracks dependencies between files and processes to automatically undo any damage caused by intrusions. The approach detects intrusions when malicious processes illegally access protected system zones. A prototype was developed demonstrating detection of a user-level rootkit, kernel-level rootkit, and stealth worm. Future work includes intrusion detection through system call and network anomalies.
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive functioning. Exercise causes chemical changes in the brain that may help boost feelings of calmness, happiness and focus.
The document discusses the conflicting views of the world expressed in regional economic development policies and how to deal with them when developing territorial intelligence systems. It outlines a three-stage method: 1) Identifying representations (views of the world) through analysis of policy texts, 2) Building "polydoxical ontologies" to clarify concepts and make alternative views explicit, 3) Implementing ontologies in decision support tools to help clarify economic policies and indicator definitions in a way that respects different views. The goal is for territorial intelligence systems to consider diverse views rather than seek consensus, to avoid biases and enable coordination.
The document contains seating arrangements for multiple examination rooms (SJT301 through SJT324) for a CAT-I examination being held on August 22, 2012 from 9:30-11:00. Each room layout lists student roll numbers assigned to seats in rows and columns.
This document outlines a proposed ticket sharing platform called TicketShare. It notes current problems with buying and selling tickets like a lack of a centralized hub and mobile options. It provides a basic use case flowchart showing how a user could add a ticket for sale, search for available tickets, and purchase a listed ticket. Next steps are identified as linking tickets to users, filtering search results, enabling user interaction, and enhancing the user interface.
Ik ben de schrijfster van drie mystieke boeken met een fantasy inslag. Op mijn website http://ordevandelotus.nl/
leg ik uit hoe ik tot het schrijven van mijn verhaal ben gekomen en dat heeft geresulteerd in drie boeken. Die kunt u vinden door een willekeurig boek aan te klikken en dan 'Over mij' te kiezen.
Toen ik begon wist ik weinig van schrijven af, gaandeweg leerde ik wel het een en ander. Ik merk ook dat ik kritisch ben geworden, kritisch op mijn eigen werk en ik ben bezig met het verbeteren van het eerste boek, dat hopelijk zal kunnen worden uitgegeven als tweede druk. Desalniettemin ben ik vreselijk trots op mijzelf dat ik zulk werk heb mogen maken. Ik ben echter niet gewend om mijn eigen werk aan te prijzen, ook een leerproces voor mij, omdat het wel aandacht verdiend.
Ik noem ze mystieke boeken met een fantasy inslag omdat er, zoals ik het zie, niet een genre passend is. Ik doe niet aan elven, koningen, tovenaars en oorlog. Het gaat over mensen als jij en ik die een bepaalde keus hebben gemaakt hoe ze hun leven willen doorbrengen en daarin worden gedwarsboomd. Wat velen voor magie aan zien in de boeken is voor mij persoonlijk een stap in de onze evolutie in ons proces naar Lichtwezen. Dat neemt niet weg dat de energie
1. The document discusses how big data is transforming market research by providing more data sources that were previously scarce or limited.
2. It describes different forms of big data like metadata, paradata, social media data, and how machine learning techniques like neural networks and genetic algorithms can be used to analyze these complex data sources.
3. The use of big data and these advanced analytical techniques will allow market researchers to better predict consumer behavior and take a "whole respondent" view by fusing together different data sources like surveys and behavioral data.
Similar to Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic). S. LüDers On Behalf Of The Cnic Wg, Cern, Geneva, Switzerland.
This document provides an overview of how Fortinet solutions can help secure industrial control systems (ICS) in accordance with IEC 62443 standards. It describes common ICS vulnerabilities and challenges, and recommends implementing network segmentation, access controls, and multi-layered security using Fortinet products to monitor traffic and enforce security policies across different ICS zones. Specific Fortinet products mentioned include the FortiGate firewall, FortiAuthenticator for authentication, and FortiAnalyzer for logging and reporting.
The document summarizes the NetTop project, which aimed to allow commercial off-the-shelf (COTS) technology to be used safely in high assurance applications. The project developed an architecture using virtual machine monitors (VMMs) to encapsulate and constrain the end-user operating system. It identified the VMware virtualization product as suitable for this due to its efficient operation on x86 hardware. The initial capability developed was a secure remote access solution over the internet. The architecture suggests a near-term approach that can address user requirements like multi-network access and data transfer between isolated networks.
This presentation explains the ANSI/ISA-99 and IEC 62443 standards for industrial control systems (ICS). It describes the Zone and Conduit security model and how it is used in an plant or factory. As well, the issues of security configuration errors are discussed. A case history of zone security deployment for a Safety Integrated System in a refinery is provided. For additional information see www.tofinosecurity.com.
Standards based security for energy utilitiesNirmal Thaliyil
The document discusses standards for cybersecurity in the energy sector. It notes that threats are increasing as energy infrastructure becomes more connected and data-driven. The document outlines some key cybersecurity standards for the energy industry including NERC CIP, IEEE1686, and IEC 62351. It maps these standards based on their level of technical detail and completeness. The document also discusses best practices for cybersecurity including technological and operational controls and how standards relate to controls for protection, detection and response.
NetSpi Whitepaper: Hardening Critical Systems At Electrical UtilitiesCoreTrace Corporation
Whitepaper Abstract
Securing our nation's critical power infrastructure has never been more important. Utilities systems are vulnerable to cyber threats, which can be malicious attacks from hackers or terrorists, as well as unintentional damage done by employees.
In response, industry regulators have implemented a number of regulations and standards to address these weaknesses and ensure the continued safe and reliable generation of electricity.
This NetSpi whitepaper discusses the options — including application whitelisting — that are available to harden critical systems and meet key regulatory requirements. In particular, the paper identifies options for addressing NERC Critical Infrastructure Protection standards CIP-002 through CIP-009.
The document summarizes a security solution called OTPS that is designed to protect utility control systems from vulnerabilities. It notes that control systems have become more vulnerable as they integrate with corporate networks and use commercial operating systems. The OTPS solution uses security event management, intrusion detection, and other tools to monitor systems for breaches, protect critical infrastructure, and detect and prevent security issues across networks, protocols, processes and system health. It is presented as a customizable, scalable solution to implement security best practices for utility control environments.
Investigation, Design and Implementation of a SecureFiras Alsayied
1) The document outlines a network design project for the University of Tripoli that involves designing the network infrastructure and implementing security policies and protocols.
2) The design includes VLANs, firewalls, VPN access, and wireless access across multiple engineering departments.
3) The implementation phase focuses on secure configuration of network devices, access control lists, firewall rules, encrypted management access, and a captive portal for wireless users.
New Threats, New Approaches in Modern Data CentersIben Rodriguez
New Threats, New Approaches in Modern Data Centers - A Presentation by NPS at CENIC conference 11:00 am - 12:00 pm, Wednesday, March 22, 2017 – in San Diego, California
The standard approach to securing data centers has historically emphasized strong perimeter protection to keep threats on the outside of the network. However, this model is ineffective for handling new types of threats—including advanced persistent threats, insider threats, and coordinated attacks. A better model for data center security is needed: one that assumes threats can be anywhere and probably are everywhere and then, through automation, acts accordingly. Using micro-segmentation, fine-grained network controls enable unit-level trust, and flexible security policies can be applied all the way down to a network interface. In this joint presentation between customer, partner, and VMware, the fundamental tenants of micro-segmentation will be discussed. Presenters will describe how the Naval Postgraduate School has incorporated these principles into the architecture and design of a multi-tenant Cybersecurity Lab environment to deliver security training to national and international government personnel.
Edgar Mendoza, IT Specialist, Information Technology and Communications Services (ITACS) Naval Postgraduate School
Eldor Magat, Computer Specialist, ITACS, Naval Postgraduate School
Mike Monahan, Network Engineer, ITACS, Naval Postgraduate School
Iben Rodriguez, Brocade Resident SDN Delivery Consultant, ITACS, Naval Postgraduate School
Brian Recore, NSX Systems Engineer, VMware, Inc.
https://youtu.be/mYBbIbfKkGU?t=1h7m16s
Copied from the program with corrections - https://adobeindd.com/view/publications/b9fbbdf0-60f1-41dc-8654-3d2141b0bf54/nh4h/publication-web-resources/pdf/Conference_Agenda_2017_v1.pdf
This document provides an overview of Nathan Wallace's background and experience in power engineering and cybersecurity. It discusses some of the challenges in implementing cybersecurity for power systems, including identifying critical cyber assets, determining responsibilities between IT and OT departments, and addressing compliance needs versus best practices. It also outlines major hurdles to improving cybersecurity such as overclassification of information, viewing it only as an IT issue or in defending only against threats. The document advocates for an engineering-based approach and standardization to help drive the field forward.
Industrial control systems (ICS) are used to control industrial processes and manufacturing equipment. They face unique security challenges compared to traditional IT systems due to their real-time operation and custom hardware and software. This document discusses several past ICS cyber attacks and identifies vulnerabilities in ICS security architecture, configuration management, patch management, and change testing. Proper ICS security requires a cross-functional team approach and careful management of the specialized ICS environment.
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADAcsandit
Supervisory control and data acquisition (SCADA) systems have their own constrains and specifications. These systems control many of our critical industrial infrastructures, yet they are hardly secured. The biggest problem in securing these systems is the lack of cryptography support especially that most SCADA systems work in real-time which is not compatible with most cryptography algorithms. Additionally, a SCADA network may include a huge amount of embedded devices with little computational powers which adds to the cost of any security improvement. In this paper we present a new approach that would secure SCADA communications by coding information without the need of the complex cryptography algorithms. The reconfigurable information transmitter agent (RITA) protocol that we present does not need the already installed devices to be modified nor replaced, it only needs to add costless electrical chips to these devices. This approach can also be used to secure any type of communication that respects the protocol's constraints.
This document describes a method for qualifying IT infrastructure in a way that can scale to organizations of different sizes. It defines what constitutes IT infrastructure, including servers, networks, desktops, and management applications. The method aims to minimize validation effort through a risk-based and layered approach while still meeting regulatory requirements. IT infrastructure is expected to be fault-free, continuously available, and compliant with processes and procedures like critical utilities. Regulations surrounding IT infrastructure are discussed, noting the need to demonstrate control over infrastructure through a planned qualification process and ongoing compliance procedures.
How stuxnet spreads – a study of infection paths in best practice systemsYury Chemerkin
The document analyzes how the Stuxnet worm could spread from an infected computer on a corporate network to compromise an isolated industrial control system (ICS) following best security practices. It describes a hypothetical high-security ICS site and proposes several pathways Stuxnet could use to migrate internally and sabotage the system. Key findings include that completely preventing infection is impossible and ICS security must focus on containment, segmentation, diversity, and improving security culture.
This presentation discusses why cybersecurity is an issue for safety instrumented systems and will examine example architectures when communicating with the SIS.
This PhD proposal outlines a system to provide rapid recovery from attacks and increased resistance to malware, viruses, and system errors. The system uses virtualization techniques to isolate user data, applications, and system components. User data is stored in a file system virtual machine to protect it from corruption. Applications are isolated in separate virtual machine appliances to limit their ability to interfere with other components. A network virtual machine incorporates intrusion detection and firewalls. The proposal discusses the design, implementation, and evaluation of the system to improve both performance and security compared to existing approaches.
This document introduces TinySec, a link layer security architecture designed for wireless sensor networks. TinySec aims to provide security such as message authentication and encryption with minimal overhead of bandwidth, latency, and energy consumption. The document discusses the design goals and challenges of sensor network security given constraints of memory, processing power, bandwidth and energy of sensor nodes. It argues that link layer security is better suited than end-to-end security for sensor networks where traffic is often many-to-one and in-network processing is used.
This document introduces TinySec, a link layer security architecture designed for wireless sensor networks. TinySec aims to provide security such as message authentication and encryption with minimal overhead of bandwidth, latency, and energy consumption. The document discusses the design goals and challenges of sensor network security given constraints of memory, processing power, bandwidth and energy of sensor nodes. It argues that link layer security is better suited than end-to-end security for sensor networks where data aggregation is common. TinySec implements message authentication codes and encryption entirely in software to add security with less than 10% overhead.
1. Cloud computing provides flexibility and economies of scale but introduces new security risks as sensitive data and infrastructure are placed outside traditional secure perimeters.
2. Traditional security measures like firewalls and intrusion detection become more difficult in cloud environments where virtual machines are dynamically allocated across shared physical servers.
3. Ensuring data integrity, updating security software, complying with regulations, and monitoring administrator access require new solutions to prove security and respond to vulnerabilities in cloud infrastructure and virtual environments.
A Network Intrusion Detection System (NIDS) monitors a network for malicious activities or policy violations [1]. The Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on x86 hardware virtualization extensions [2]. We design and implement a back-propagation network intrusion detection system in KVM. Compared to traditional Back Propagation (BP) NIDS, the Particle Swarm Optimization (PSO) algorithm is applied to improve efficiency. The results show an improved system in terms of recall and precision along with missing detection rates.
In Quest of Benchmarking Security Risks to Cyber-Physical SystemsDETER-Project
DeterLab provides the capability to conduct risk evaluations of cyber-physical systems where the controllable variables range from IP level dynamics to introduction of malicious entities such as DDoS attacks. I recently co-authored an article published in the IEEE Magazine that discusses how the cyber aspects and the physical aspects of such systems can be integrated together to provide a CPS risk assessment environment.
In our article, titled "In the Quest of Benchmarking Security Risks to Cyber-Physical Systems" we present a generic yet practical framework for assessing security risks to cyber-physical systems. Our framework can be used to benchmark security risks when information is less than perfect, and interdependencies of physical and computational components may result in correlated failures. We focus on the risks that arise from interdependent reliability failures (faults) and security failures (attacks).
We advocate that a sound assessment of these risks requires explicit modeling of the effects of both technology-based defenses and institutions necessary for supporting them. Our game-theoretic approach to estimate security risks allows designing defenses that consider fault-tolerant control along with institutional structures.
Alefiya Hussain, University of Southern California
For information on DeterLab, visit: http://www.deter-project.org/deterlab-cyber-security-science-facility
Similar to Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic). S. LüDers On Behalf Of The Cnic Wg, Cern, Geneva, Switzerland. (20)
ESS-Bilbao Initiative Workshop. SNS Studies towards a rotating solid target.ESS BILBAO
The proposed SNS target includes several layers of defense for cooling and safety, including primary cooling, independent backup cooling, and passive radiation cooling. Thermal and stress modeling was performed to validate the target design can withstand normal operating conditions. The target is designed for hands-on maintenance access after a few days of radioactive decay.
ESS-Bilbao Initiative Workshop. Overview of cryo-modules for proton acceleratorsESS BILBAO
The document provides an overview of cryomodule design for proton accelerators. Cryomodule design is optimized based on factors like the accelerated particle properties, beam energy requirements, and operating mode (pulsed or CW). Two main cryomodule concepts are discussed - the TESLA cryostring concept, which integrates many cavities and magnets into long cryomodule units to maximize efficiency, and the SNS concept of independent, replaceable cryomodule units. The TESLA design rationale aims for high filling factor, moderate costs, effective alignment, and reproducible assembly. Consequences include integrating the cryomodule and cryogenic distribution to minimize thermal losses and employing long cryomodule strings supplied by a central cryogenic
ESS-Bilbao Initiative Workshop. Spokes vs. Elliptical cavities for medium-hig...ESS BILBAO
Sebastien Bousson presented on spoke vs elliptical cavities for medium-high energy applications at the ESS Bilbao Initiative Workshop in March 2009. He discussed test results that showed spoke cavities can achieve acceleration gradients of 5.8-7.65 MV/m at 4.2K, while elliptical cavities achieved 15-17 MV/m at 2K. However, elliptical cavities have a larger acceptance of beta and can operate with higher beta values like 0.61. Spoke cavities are limited to beta around 0.5. In the end, elliptical cavities generally have a higher achievable acceleration gradient than spoke cavities, but spokes provide more flexibility in beta values.
ESS-Bilbao Initiative Workshop. Concept and Technology of the PbBi-Target for...ESS BILBAO
This document discusses the MYRRHA project, which aims to develop a multi-purpose irradiation facility and accelerator-driven system (ADS) for nuclear applications. The MYRRHA project will utilize a particle accelerator, spallation target, and subcritical reactor assembly to produce neutrons for materials testing, radioisotope production, and nuclear waste transmutation research. It provides diagrams of the proposed facility layout and experimental areas. The project is currently in the conceptual design phase through the EUROTRANS collaboration of 48 partners, with the goal of further developing the designs from 2009 to 2013.
ESS-Bilbao Initiative Workshop. Status of JSNS and R&D on mercury target.ESS BILBAO
The document summarizes the status of the JSNS neutron source and research and development on mercury targets at J-PARC. It provides details on the mercury target system at JSNS, including the target vessel design, maintenance procedures in a hot cell, and dose estimation. It also discusses observations of vibrational signals related to pressure waves in the mercury target and R&D efforts to understand and mitigate cavitation bubbles and pitting damage in mercury that can reduce the fatigue strength and lifetime of the target vessel.
ESS-Bilbao Initiative Workshop.Review of SC spokes cavities for low-medium en...ESS BILBAO
The document contains technical information about superconducting radio frequency cavities, including:
1) Plots and data on the performance of various spoke and elliptical cavities in terms of peak magnetic field, acceleration gradient, and quality factor as a function of beta.
2) Tables listing several cavities from different laboratories around the world specifying frequency, beta, and institution.
3) Diagrams of cavity designs including single spoke, multi-spoke, and elliptical cavities along with limited descriptions.
ESS-Bilbao Initiative Workshop. High duty cycle RF Power CouplersESS BILBAO
The document discusses particle accelerator couplers. It begins by outlining the talk and primary functions of couplers. It then provides examples of various couplers used at different particle accelerators, including traveling wave and pulsed couplers. Details are given on coupler options, port locations, and examples from TTF-III/XFEL, Cornell ERL injector, TRISTAN/KEKB, and SNS. Operational experience with SNS couplers is also summarized.
ESS-Bilbao Initiative Workshop. RF structure comparison for low energy accele...ESS BILBAO
This document compares different radio frequency (RF) structures that can be used for particle acceleration in the low energy range of 3 MeV to 200 MeV. It discusses figures of merit like shunt impedance and beam dynamics constraints for different structure types, including drift tube linacs (DTLs), coupled cavity drift tube linacs (CCDTLs), separated drift tube linacs (SDTLs), spoke cavities, and traveling wave structures. A comparison performed by the HIPPI collaboration assessed the performance of these structures based on factors like shunt impedance, beam dynamics acceptance, and mechanical complexity. Overall, no consensus structure exists for the low energy range, and the optimal design depends on project-specific parameters and future technology developments.
ESS-Bilbao Initiative Workshop. Front Ends for High IntensityESS BILBAO
The document discusses challenges in front ends for high intensity particle accelerators. It describes key components of front ends including ion sources, low energy beam transports (LEBTs), radio frequency quadrupoles (RFQs), medium energy beam transports (MEBTs), choppers, and funnels. H- ion sources can deliver over 60 mA of current but have performance issues compared to H+ sources. LEBTs and RFQs must handle strong space charge effects. Choppers are needed in MEBTs to inject bunched beams into rings. Diagnostics are challenging due to the beam power. Ongoing and future projects aim to push front end intensities and reliability.
ESS-Bilbao Initiative Workshop. Low Energy Transport and space-charge compens...ESS BILBAO
The document discusses low energy transport and space charge compensation schemes. It describes the main components of a front end, including the ion source extraction system, the low energy beam transport (LEBT) line, and radio frequency quadrupoles (RFQs). Theoretical models are presented for ion extraction and beam dynamics in the LEBT. Electrostatic lenses and solenoids are commonly used in LEBT lines, but space charge effects can lead to beam distortions. Various techniques are discussed to compensate space charge, such as plasma lenses that take advantage of residual gas ionization to trap electrons in the beam.
ESS-Bilbao Initiative Workshop. Beam Dynamics Codes: Availability, Sophistica...ESS BILBAO
Beam Dynamics Codes: Availability, Sophistication, Limitations. P.N. Ostroumov and B. Mustapha Argonne National Laboratory, J.-P. Carneiro Fermi National Accelerator Laboratory
ESS-Bilbao Initiative Workshop. Beam dynamics: Simulations of high power linacsESS BILBAO
The document discusses how well particle simulation codes predict beam performance in linear accelerators. It finds that codes generally agree at the few percent level for core beam properties but differ more in details. While codes provide initial validation of machine designs, real machines have unknown errors, so the most important use of codes is showing how beams change with machine parameters. Code limitations include inaccurate initial beam distributions and transient field errors. Simulations can predict beam properties diagnostics cannot measure like halo distributions with large particle counts.
ESS-Bilbao Initiative Workshop. SNS Linac experienceESS BILBAO
This document discusses the history and operation of the Spallation Neutron Source (SNS), a neutron scattering facility located at Oak Ridge National Laboratory (ORNL). It describes the various components of the SNS including the ion source, radio frequency quadrupole, drift tube linac, coupled cavity linac, and superconducting linac. It provides timelines showing the construction and commissioning of the different components from 2002 to 2008. Charts are included showing beam power and accumulated fluence for different parts of the accelerator.
ESS-Bilbao Initiative Workshop. Charge to working group: accelerator componen...ESS BILBAO
This document outlines the goals and scope of the "Accelerator Components" working group session at the ESS-B initiative workshop in March 2009. The goals of the workshop were to bring together experts working on key topics for high-power spallation sources, identify challenges for next-generation machines, propose necessary R&D programs, and find areas for potential collaboration. The working group was tasked with discussing challenges related to high-power front-ends, high-intensity light ion linacs, performance and reliability of existing machines, and synergies with other projects. Key questions were outlined covering topics like beam dynamics limits, linac design constraints, instrumentation, reliability, cryomodules, RF components, and front-end
ESS-Bilbao Initiative Workshop. Charge to working group: accelerator componen...
Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic). S. LüDers On Behalf Of The Cnic Wg, Cern, Geneva, Switzerland.
1. UPDATE ON THE CERN
COMPUTING AND NETWORK INFRASTRUCTURE FOR CONTROLS
(CNIC)
S. Lüders on behalf of the CNIC WG, CERN, Geneva, Switzerland
Abstract However, some means of security incorporated into
standard IT equipment cannot be directly applied to
Over the last few years modern accelerator and
controls equipment since both differ in hardware but also
experiment control systems have increasingly been based
in the concepts of availability and manageability.
on commercial-off-the-shelf products (VME crates, PLCs,
At CERN, control systems are used for the operation of
SCADA systems, etc.), on Windows or Linux PCs, and on
the whole accelerator complex, including the Large
communication infrastructures using Ethernet and TCP/IP.
Hadron Collider (LHC), for the LHC experiments, as well
Despite the benefits coming with this (r)evolution, new
as for the technical infrastructure (e.g. electricity, cooling
vulnerabilities are inherited too: Worms and viruses
& ventilation) and for fixed-target experiments.
spread within seconds via the Ethernet cable, and
In order to cope with the growing usage of standard IT
attackers are becoming interested in control systems.
technologies in control systems at CERN, the
Unfortunately, control PCs cannot be patched as fast as
corresponding operation principles have been reviewed
office PCs. Even worse, vulnerability scans at CERN
taking the aspect of security into account. This paper will
using standard IT tools have shown that commercial
give an update on the implementation of the Security
automation systems lack fundamental security
Policy presented by the CERN Computing and Network
precautions: Some systems crashed during the scan,
Infrastructure for Controls (CNIC) working group two
others could easily be stopped or their process data be
years ago [2].
altered [1]. During the two years following the
presentation of the CNIC Security Policy at
CNIC SECURITY POLICY
ICALEPCS2005 [2], a “Defense-in-Depth” approach has
been applied to protect CERN’s control systems. This The CNIC Security Policy gives directions on how to
presentation will give a review of its thorough secure CERN control systems. It is necessary to reduce
implementation and its deployment. Particularly, the overall risk to a minimum in order to obtain maximum
measures to secure the controls network and tools for security, where “risk” is defined as:
user-driven management of Windows and Linux control
PCs will be discussed. Risk = Threat × Vulnerability × Consequence
INTRODUCTION The major part of the factor “threat” originates from
The enormous growth of the worldwide outside CERN and cannot be significantly reduced. Thus,
interconnectivity of computing devices (the “Internet”) protective measures have to be implemented to prevent
during the last decade offers computer users new means external threats like viruses & worms or attackers
to share and distribute information and data. In industry, penetrating CERN control systems. These protective
this results in an adoption of modern Information measures should also prevent insiders from (deliberate or
Technologies (IT) to their plants and, subsequently, in an accidental) unauthorized access.
increasing integration of the production facilities, i.e. their The “consequences” are inherent to the design of
process control and automation systems, and the data CERN’s accelerators and the affiliated experiments. All
warehouses. Thus, information from the factory floor is are running a wide variety of control systems, some of
now directly available at the management level (“From them complex, some of them dealing with personnel
Shop-Floor to Top-Floor”) and can be manipulated from safety, some of them controlling or protecting very
there. expensive or irreplaceable equipment. Thus, CERN’s
Unfortunately, the adoption of standard modern IT in assets and their proper operation are at stake. A security
distributed process control and automation systems* also incident can lead to loss of beam time and physics data, or
exposes their inherent vulnerabilities to the world [1]. — even worse — damage to or destruction of unique
Furthermore, this world is by far more hostile than a local equipment and hardware.
private controls network as the number and power of The “vulnerability” factor can be either minimized by
worms and viruses increase, and attackers start to become guaranteeing a prompt fixing of published or known
interested in control systems. Partial protection can be vulnerabilities, and/or by adding pro-active measures to
obtained through the usage of properly configured secure the unknown, potential or not-fixable
firewalls and through well-defined network architectures. vulnerabilities.
In order to protect such vulnerabilities against being
*
exploited (either because there is no patch available or a
Commonly denoted in the following as “control systems”, where a
“system expert” has the expertise in its configuration. patch could not be applied), the Security Policy follows
2. the recommendations of the U.K. CPNI [3]. It is based on configuration of the PCs of his system ― and full
a “Defense-in-Depth” approach, where pro-active security responsibility for securing it. Such a scheme will also
measures must be applied to every possible level: help the expert to recover e.g. from a security incident.
• …of the security of the device itself; Schemes for the central installation of CERN Scientific
Linux and of Windows, respectively, have been created.
• …of the firmware and operating system;
• …of the network connections & protocols;
Linux For Controls (L4C)
• …of the software applications;
L4C is based on a bottom-up approach to the
• …of third party software;
configuration of the PCs in a hierarchical manner, and
• …together with users, developers, and operators.
uses the same techniques having proven to be successful
“Defense-in-Depth” is, thus, based on four major
for managing Linux clusters in the CERN Computing
pillars: “Network Security”, “Central Installation
Centre, i.e. using Quattor (http://quattor.web.cern.ch) for
Schemes”, “Authorization & Authentication”, and “User
configuring PCs (“the nodes”). Settings that are specific
Training”.
to a node are defined in so-called “node templates”. The
However, sufficient protection should not provide false
individual nodes join sets of PCs with a common
security. Incidents will happen. Therefore, the Security
configuration. These sets in turn can join super-sets. L4C
Policy also defines rules to deal with “Incident Response
supports CERN Scientific Linux 3 and 4, including all
& System Recovery”, as well as with regular security
regular security updates and enhancements. Basic
audits. The next chapters will outline the major
templates are maintained by L4C support, all other
implementations in detail.
templates by the system experts allowing him full
flexibility. The templates can be hosted in central or user
NETWORK SECURITY owned configuration databases (CDBs).
In order to contain and control the network traffic, the The Linux installation of a PC from scratch uses
CERN network has been separated into defined “Network CERN’s “Automated Installation Management System”
Domains”. For example, each of the LHC experiments is (AIMS) service and is based on RedHat’s “Kickstart”
now using such a dedicated Domain. CERN’s accelerator software. Booting a Linux PC via the network using PXE
complex and the control systems which monitor and Boot (Preboot Execution Environment) pulls the
control the technical infrastructure (e.g. electricity “Kickstart” and configuration profile from the CDB.
distribution, cooling & ventilation, facility management From this information, Quattor is able to perform a full
as well as safety and access control systems) use another. automatic installation.
“Domain Administrators” were assigned to take full From here, the CDB informs a node about any new
responsibility for a Domain. In particular, they supervise changes in the configuration profile. Triggered by CDB, a
the stringent rules for connecting devices to it. Additional local daemon then downloads the modified profile and
network segregation allows a system expert further to subsequently applies the changes. For each node in the
protect vulnerable devices like Programmable Logic CDB, a webpage shows the names, versions, hardware
Controllers (PLCs). architecture and the repository from which all the
Each Domain is interconnected with CERN’s “General packages for a node are to be installed. However, in order
Purpose Network” used for office computing, and other to verify that all packages are installed as foreseen the
Domains via dedicated network routers. The traffic system expert has to log onto that node.
crossing any two Domains is restricted to a minimum by
Computer Management Framework (CMF)
the usage of routing tables, with only mandatory traffic
passing such boundaries. A large fraction of this traffic is CMF [4], on the other hand, has implemented a top-
either dedicated data exchange with CERN’s Computing down structure, focussing on sets of PCs with a defined
Centre, or currently inevitable due to the ongoing configuration. The installation of PCs is handled through
commissioning of the LHC accelerator. a top-down tree of so-called “Named Sets of Computers”
Windows Terminal Servers (WTS), and to a lesser (NSCs). Each NSC assigns a list of applications to its
extent Linux-based application gateways, have become members, where these members can be individual PCs or
the only means for remote user access. other, nested NSCs. A PC that is member of different
NSCs will receive the applications from any of them.
CENTRAL INSTALLATION SCHEMES CMF is taking care of clashes. Depending on the type of
NSC, the administrator of the NSC, i.e. the system expert
From experience at CERN, only centrally managed and
who maintains that NSC, has full autonomy of his
patched PCs have shown to be secure in the long run.
configuration (“locally managed”), or CERN’s IT
However, since control PCs are very different in handling
department is still providing a basic configuration (i.e.
than office PCs, a more flexible installation and
that of an office PC), and takes care of patches.
management scheme was needed. While the operating
A long list of basic applications has been provided as
systems, antivirus software, and basic software
CMF “packages”. Packages can be applications but also
applications should continue to be managed and
group policy settings, regular scheduled tasks, or Visual
maintained by the IT service providers, it is up to the
Basic scripts. NSC administrators can easily create
system expert to take over full flexibility of the
3. additional packages using the CMF web-interface and dependent upon and/or whose responsibility it is to
simple scripting. The installation of a package can be improve the security of SCADA and Control Systems.
either forced (“applied”), such that it is installed
automatically after a small notification period, “denied”, INCIDENT RESPONSE &
such that it cannot be installed at all, or offered SYSTEM RECOVERY
(“published”) to the interactive user. In the latter case, the
Even with a stringent Security Policy incidents can
interactive user can use the CMF web-interface to
never be prevented completely. Therefore, handling
select/deselect packages he wants to install/de-install.
incidents on a Domain have been and will be jointly
The installation of these packages is controlled via a
performed by CERN’s Computer Security Team and the
small local program (the “CMF Agent”), being installed
corresponding Domain Administrator. The acting
on every CMF Windows PC. It handles all pending
Computer Security Officer has the right to take
(de)installation tasks, interacts with the user, and
appropriate actions in justified emergency cases.
performs regular inventory checks which are passed back
After incident analysis, the central installation schemes
to a central CMF configuration management database.
CMF and L4C allow for a rapid system recovery by the
The initial installation from scratch is based on the
corresponding system expert.
Windows pre-installation environment and PXE Boot.
The preferred operating system (Windows XP SP2 or
SUMMARY
Windows 2003 terminal server) can either be chosen from
a list, or predefined for automatic installation on the CMF Due to the continuing integration of common IT
web-interface. After the operating system has been technology into control systems, the corresponding IT
installed, the CMF Agent controls the subsequent security vulnerabilities and cyber-attackers end up
installation of all packages being applied to that particular threatening control systems, and, thus, CERN’s operation
PC. and assets. However, control systems demand a different
With PXE Boot and the proper configuration of his approach to security than office systems do.
NSCs, the system expert has full liberty to install sets of This paper has presented a thorough rule-set to secure
PCs in parallel or to run pilot installations prior to mass CERN’s control systems. Its implementation uses a
deployment. CMF ensures that all members of a NSC are “Defense-in-Depth” approach based on network
identically configured, and that corrections or segregation, central installation schemes, authentication &
modifications are propagated accordingly. The authorization, user training, incident response & system
configuration database provides always an up-to-date recovery, and security auditing.
status (e.g. PC hardware, operating system version, patch
levels, installed applications and their versions) via the ACKNOWLEGDMENTS
CMF web-page. Queries can be run to assess a particular
The author would like to thank all his colleagues at
situation (e.g. listing all PCs missing patch XYZ).
CERN involved in the realization of CNIC making it such
a success; in particular A. Bland, P. Charrue, I. Deloose,
AUTHENTICATION & AUTHORIZATION M. Dobson, U. Epting, N. Høimyr, S. Poulsen, and M.
Several dedicated authentication & authorization Schröder.
schemes have been developed at CERN serving the
accelerator complex [5] and LHC experiments [6]. These REFERENCES
are based mainly on general standards like Role-Based
[1] S. Lüders, “Control Systems Under Attack ?”,
Access Control [5] or on commercial solutions [6].
ICALEPCS, Geneva, October 2005.
Details can be found in these proceedings [5][6].
[2] U. Epting et al., “Computing and Network
Major challenges still to be overcome are the
Infrastructure for Controls”, ICALEPCS, Geneva,
generalization to one common central scheme at CERN.
October 2005.
[3] Centre for the Protection of the National
USER TRAINING Infrastructure (CPNI), “Good Practice Guidelines
A series of awareness campaigns and training sessions Parts 1-7”, London, 2006.
have been held for users, operators, and system experts at [4] I. Deloose, “The Evolution of Managing Windows
CERN. Monthly CNIC meetings provide a forum for Computers at CERN”, HEPix, Rome, April 2006.
questions and discussions. [5] S. Gysin et al., “Role-Based Access Control for the
Furthermore, CERN has raised aspects of Control Accelerator Control System at CERN”; K. Kostro et
System Cyber Security at several conferences and al., “Role-Based Authorization in Equipment Access
workshops (e.g. at the CS2/HEP workshop [7]), interacted at CERN”; and A. Petrov et al., “User Authentication
with major vendors of control systems, and is now for Role-Based Access Control”, these proceedings.
leading the “EuroSCSIE”, the European Information [6] P. Chocula, “Cyber Security in ALICE”, these
Exchange on SCADA (Supervisory Control And Data proceedings.
Acquisition) Security, with members from European [7] S. Lüders, “Summary of the Control System Cyber-
governments, industry, and research institutions that are Security CS2/HEP Workshop”, these proceedings.