Guillermo A. Francia
ABSTRACT
Critical infrastructures have succumbed to the demands of greater connectivity. Although the scheme of connecting these critical equipment and devices to cyberspace has brought us tremendous convenience, it also enabled certain unimaginable risks and vulnerabilities. The importance of critical infrastructure (CI) protection has never been pronounced and we are in a juncture in history where CI security is paramount. Although research in this area of national need has grown steadily, pedagogical materials in this area is slow to keep up. This paper presents the development of course modules for critical infrastructure security curriculum. Although these course modules can be used to augment an existing course in CI, they can also be utilized as bases with which to build a complete CI course. Existing laboratory setups which can be used to supplement the course are also described. The course modules and the supplemental laboratories are envisioned to be great instruments for training future information security professionals. These pedagogical materials can also be used as supplements to other courses that pertain to information security, risk management, or emergency preparedness.
- Association for Computing Machinery (ACM)/IEEE Computer Society Interim Review Task Force, "Computer Science Curriculum 2008: An Interim Revision of CS 2001," Website: http://www.acm.org//education/curricula/ComputerScience2008.pdf. December, 2008.Google Scholar
- American Gas Association, "Cryptographic Protection of SCADA Communications," Website: http://intelligrid.ipower.com/IntelliGrid_Architecture/New_Technologies/TechAGA-12_Cryptographic_Protection_of_SCADA_Communications_Gene.htm.2004Google Scholar
- Auerswald, P., Branscomb, L. M., Shirk, S., Kleeman, M., Porte, T. M., and Ellis, R. N., "Critical Infrastructure and Control Systems Security Curriculum," Department of Homeland Security, version 1.0, Washington, DC, March, 2008.Google Scholar
- Davis, C. M., Tate, J. E., Okhravi, H., Grier, C., Overbye, T. J. and Nicol, D., "SCADA Cyber Security Testbed Development," Proceedings of the 38th North American Power Symposium (NAPS 2006), Carbondale, IL, September 2006, pp. 483--488.Google Scholar
- Francia III, G. A., Bekhouche, N., and Marbut, T., "Implementation of the Critical Infrastructure Security and Assessment Laboratory (CISAL)," Proceedings of the 2011 International Conference on Security and Management (SAM'11). July 18--21, 2011, Las Vegas, NV. 2011.Google Scholar
- Franz, Matthew, "Vulnerability Testing of Industrial Network Devices", ISA Industrial Network Security Conference, October, 2003.Google Scholar
- Giani, A., Karsai, G., Roosta, T., Shah, A., Sinopoli, B., and Wiley, J., "A Testbed for Secure and Robust SCADA Systems," ACM SIGBED Review, Vol. 5, Issue 2 (July, 2008). Special Issue on the 14th IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS '06) WIP Session. Google ScholarDigital Library
- Igure, Vinay M. Security Assessment of SCADA Protocols. VDM Verlag, 2008.Google Scholar
- International Society of Automation (ISA), "ANSI/ISA-TR99.00.01-2007 Security Technologies for Industrial Automation and Control Systems." Website: http://www.isa.org/.2007.Google Scholar
- Kim, G. S. and Lee, H. H. "A Study on IEC 61850 Base Communication for Intelligent Electronic Devices," Proceedings of the IEEE 9th Russian-Korean International Symposium on Science and Technology, Vol 1, Novosibirsk, Russia, 2005, pp. 765--770.Google Scholar
- Krutz, R., Securing SCADA Systems, Wiley Publishing, Inc. Indianapolis, IN. 2006. Google ScholarDigital Library
- National SCADA Test Bed Fact Sheet. Idaho National Laboratory. Website: http://www.inl.gov/scada/factsheets/d/nstb.pdf.Google Scholar
- Naedele, M. "Standardizing Industrial IT Security---A First Look at the IEC Approach," Proc. 10th IEEE Int'l Conf. Emerging Technologies and Factory Automation (ETFA 05), IEEE Press, 2005, pp. 857--863.Google Scholar
- North American Electric Reliability Council (NERC), "Security Guidelines for the Electricity Sector: Threat and Incident Reporting." Website: http://www.nerc.com/files/Incident-Reporting.pdf.2008Google Scholar
- National Institute of Standards and Technology (NIST), SP 800-82, "Guide to Industrial Control Systems (ICS) Security," Website: http://csrc.nist.gov/publications/nistnubs/800-82/SP800-82-final.pdf. September 2008.Google Scholar
- National Institute of Standards and Technology (NIST), SP 800-14, "Generally Accepted Principles and Practices for Securing Information Technology Systems," Website: http://csrc.nist.gov/publications/nistpubs/800-14/800-14.pdf.Google Scholar
- Papa, S. M., Casper, W. D., and Nair, S. "Availability Based Risk Analysis for SCADA Embedded Computer Systems," Proceedings of the 2011 International Conference on Security and Management (SAM'11). July 18--21, 2011, Las Vegas, NV. 2011.Google Scholar
- Patel, M., Cole, G. R., Pryor, T. L., and Wilmot, N. A., "Development of a Novel SCADA System for Laboratory Testing," ISA Transactions 43 (2004). Pp. 477--490.Google Scholar
- Patel, S. C. Patel, Bhatt, G. D. and Graham. J. H. "Improving the Cyber Security of SCADA Communication Networks," Commun. ACM 52, 7 (July 2009), Pp. 139--142. DOI=10.1145/1538788.1538820 http://doi.acm.org/10.1145/1538788.1538820. Google ScholarDigital Library
- Pollet, J. "Developing a Solid SCADA Security Strategy," 2nd ISA/IEEE Sensors for Industry Conference, pp. 148--156, Nov. 19--21, 2002.Google ScholarCross Ref
- President's Commission on Critical Infrastructure Protection. "Critical Foundations-Protecting America's Infrastructures." Website: http://www.fas.org/sgp/library/pccip.pdf.Google Scholar
- President's Critical Infrastructure Protection Board and the Department of Energy "21 Steps to Improve Cyber Security of SCADA Networks." Website: http://www.oe.netl.doe.gov/docs/prepare/21stepsbooklet.pdfGoogle Scholar
- United States Department of Home land Security. "Cyber Storm Exercise Report," September 12, 2006. Website: http://www.dhs.gov/xlibrary/assets/prep_cyberstormreport_sep06.pdf.Google Scholar
- United States Government Accountability Office (GAO), "Critical Infrastructure Protection DHS Needs to Fully Address Lessons Learned from Its First Cyber Storm Exercise." Report GAO-08-825, September 2008.Google Scholar
Index Terms
- Critical infrastructure security curriculum modules
Recommendations
Cyber Security Incidents on Critical Infrastructure and Industrial Networks
ICCAE '17: Proceedings of the 9th International Conference on Computer and Automation EngineeringNational critical infrastructure and industrial processes are heavily reliant on automation, monitoring and control technologies, including the widely used Supervisory Control and Data Acquisition (SCADA) systems. The growing interconnection of these ...
Laboratory projects for embedded and control systems security
InfoSec '14: Proceedings of the 2014 Information Security Curriculum Development ConferenceThe ever-increasing trend of our nation's critical infrastructures (CIs) being connected to the Internet ushered the need for a more sophisticated cyber defense mechanism and better educated future workforce. Recognizing this need, we designed and ...
The Crutial Way of Critical Infrastructure Protection
Critical infrastructures such as the power grid are essentially physical processes controlled by computers connected by networks. They're usually as vulnerable as any other interconnected computer system, but their failure has a high socioeconomic ...
Comments