Survivability and Recovery of Process Control Systems Project

home > projects > Survivability and Recovery of Process Control Systems Project

Survivability and Recovery of Process Control Systems (pdf)

Access Policy Tool (APT)
DEADBOLT
RiskMAP
Seurity Services Suite (SecSS)
Security-Hardened Attack Resistant Platform (SHARP)

THE CHALLENGE

Process control systems (PCS) are instrumental in the safe, reliable, and efficient operation of such critical infrastructures as gas pipelines and electrical grids. However, most PCSs on the market today include conventional information technology and are connected to the Internet, exposing critical infrastructures to established and emerging cyber threats. A successful attack against a process control system would directly affect not only the infrastructure, but also downstream systems that rely on that infrastructure. This gives cyber threats the potential to disrupt essential services and severely impact national security and the US economy.

PROJECT OVERVIEW

The Survivability and Recovery of Process Control Systems Research Project, supported by the Institute for Information Infrastructure Protection (I3P), brings together cross-disciplinary research at leading national organizations to make the control systems used in critical national infrastructures more resilient, allowing for rapid recovery in case of successful cyber attacks. This project builds on the success of the I3P’s recently completed first project in control systems security and leverages tools, methodologies, and expertise that resulted from that project. By continuing to support research in this field, the I3P enables the joint capabilities of its member institutions to be focused on this problem that is so important to the safety and well-being of our modern society.

PROJECT GOALS

This project will develop and demonstrate procedures and technologies that allow infrastructures to continue providing essential services while detecting and defending against cyber attacks, and to quickly recover from a successful attack. This research will protect not only emerging internet-based PCSs, but also already-deployed legacy systems. The research team will work closely with industry partners to meet their needs and to ensure that new security technologies fit into an infrastructure’s entire lifecycle, delivering solutions that operators will deploy and use. Researchers will collaborate with sector stakeholders to ensure that solutions are evaluated and transferred into the real-world operation of critical infrastructures, where they are urgently needed.

WHAT MAKES THIS PROJECT UNIQUE?

Many PCS security projects are aimed at providing near-term solutions, often using off-the-shelf technologies that may not have been designed to meet all the demands of an industrial environment. The I3P effort advances the state of the art through mid-term practical research. To limit overlap and to ensure a coherent government approach, this project is being coordinated with complementary academic, government, and industry research and development efforts. Periodic presentations to government and industry partners will ensure regular opportunity to refine project goals and simplify technology transfer. Previous interactions indicate that survivability and recovery of PCSs are areas of paramount importance to infrastructure operators but underserved in current PCS research efforts.

TEAM MEMBERS 

•  MIT Lincoln Laboratory
•  The MITRE Corporation
•  Pacific Northwest National Laboratory
•  Sandia National Laboratories
•  SRI International
•  Center for Information Security, University of Tulsa
•  Information Trust Institute, University of Illinois at Urbana-Champaign
•  Information Technology and Operations Center, United States Military Academy

RESEARCH APPROACH

Tools and methodologies developed by the I3P research team will identify and continuously monitor critical components, ensuring software is secure against attacks by design and by network configuration. In the event of a successful attack, solutions proposed by the research team will also facilitate incident handling and system recovery activities by ensuring that such events are identified, contained and eradicated from the system. The research is divided into seven thrusts.

Thrust 1: Track and leverage R&D efforts for government and industry. Share results, connect stakeholders and identify gaps.

Thrust 2: Identify critical assets to better plan for PCS survivability. Spotlight cases where mission critical nodes are at risk so operators can prioritize security efforts.

Thrust 3: Ensure survivability of legacy and future platforms. Enable automated security testing of future PCS product software and develop a secure operating system base.

Thrust 4: Specify, implement and enforce policy that results in survivable operations. Demonstrate tool that efficiently accomplishes this and provides human-interpretable feedback.

Thrust 5: Establish situational awareness in MODBUS networks. Develop tools to passively and actively map networks and components without affecting operations.

Thrust 6: Ensure system-level survivability and recovery. Work with industry groups to define best practices and demonstrate in a realistic setting.

Thrust 7: Work with industry to ensure research is on proper path and that technical transition is happening smoothly. Present results to community members via workshop.

FOR MORE INFORMATION

Project Leader: Robert Cunningham, (781) 981-7623
I3P Associate Director for Research: , (603) 646-0692