Abstract: Although awareness is constantly rising, that industrial computer networks (in a very broad sense) can be exposed to serious cyber threats, many people still think that the same countermeasures, developed to protect general-purpose computer networks, can be effectively adopted also in those situations where a physical system is managed/controlled through some distributed Information and Communication Technology (ICT) infrastructure. Unfortunately, this is not the case, as several examples of successful attacks carried out in the last decade, and more frequently in the very recent past, have dramatically shown. Experts in this area know very well that often the peculiarities of industrial networks prevent the adoption of classical approaches to their security and, in particular, of those popular solutions that are mainly based on a detect and patch philosophy. This paper is a contribution, from the security point of view, to the assessment of the current situation of a wide class of industrial distributed computing systems. In particular, the analysis presented in this paper takes into account the process of ensuring a satisfactory degree of security for a distributed industrial system, with respect to some key elements such as the system characteristics, the current state of the art of standardization and the adoption of suitable controls (countermeasures) that can help in lowering the security risks below a predefined, acceptable threshold.
Keywords: Industrial networks, information security, network security, risk assessment, security analysis and monitoring, security countermeasures.
[1]. Security for Industrial Automation and Control Systems Part 1: Termi-nology, Concepts, Models, ANSI/ISA Std. 99.00.01-2007.
[2]. K. Stouffer, J. Falco, and K. Scarfone, ―Guide to Industrial Control Systems (ICS) Security,‖ NIST SP 800-82, 2008.
[3]. D. Dzung, M. Naedele, T. P. von Hoff, and M. Crevatin, ―Security for industrial control systems,‖ Proc. IEEE, vol. 93, no. 6, pp. 1152–1177, Jun. 2005.
[4]. G. N. Ericsson, ―Cyber security and power system communica-tion—Essential parts of a smart grid infrastructure,‖ IEEE Trans. Power Del., vol. 25, no. 3, pp. 1501–1507, Aug. 2011.
[5]. Security for Industrial Automation and Control Systems Part 1: Termi-nology, Concepts, Models, ANSI/ISA Std. 99.00.01-2007.
[6]. K. Stouffer, J. Falco, and K. Scarfone, ―Guide to Industrial Control Systems (ICS) Security,‖ NIST SP 800-82, 2008.
[7]. D. Dzung, M. Naedele, T. P. von Hoff, and M. Crevatin, ―Security for industrial control systems,‖ Proc. IEEE, vol. 93, no. 6, pp. 1152–1177, Jun. 2005.
[8]. G. N. Ericsson, ―Cyber security and power system communica-tion—Essential parts of a smart grid infrastructure,‖ IEEE Trans. Power Del., vol. 25, no. 3, pp. 1501–1507, Aug. 2010.