Process Control Systems-Project Overview

home > projects > Process Control Systems-Project Overview

                                                                                                                               PDF of Overview [9/06]

 

The following information describes the Process Control Systems Security Research Project supported by the I3P from 2005-2007.  Some aspects of this project are currently under further research as part of the Survivability and Recovery of Process Control Systems Project.

 

PROJECT OVERVIEW

The Process Control Systems Security Research Project is supported by the Institute for Information Infrastructure Protection (I3P). The project is focusing cyber security related research at some of the country’s top institutions on improving the robustness of the information infrastructure in the oil and gas sector. Eleven institutions from across the country have joined forces to develop new solutions and demonstrate their effectiveness to the oil and gas sector owners, operators, and vendors.

PROJECT GOALS

The team is working to deliver prototype tools and increase knowledge to accomplish the following goals:

  1. Increase the awareness of Process Control System (PCS) security risks
  2. Develop programs to educate students and stakeholders on PCS security
  3. Recommend mitigation strategies for operators and policymakers
  4. Develop and prototype technology and tools for PCS security
  5. Advance basic research in inherently secure PCS
  6. Gain national recognition for the I3P as a leading center of research, knowledge, and expertise in PCS security

PROJECT SUCCESS

The success of the project will be measured by improved robustness in the oil and gas infrastructure through the adoption of research findings and technology. The project will contribute to significantly increased awareness of security challenges and solutions for the oil and gas sector that can be applied in other infrastructure sectors as well. Since many of the project team members are located at major universities, the project will also contribute to the education of new cyber security graduates who will become knowledgeable in securing process control systems.

 

PROJECT PUBLICATIONS

 

TEAM MEMBERS

The research team is composed of researchers and engineers from the following I3P member institutions: 

Center for Information Security. University of Tulsa
Dartmouth College
I3P Administrative Office
Information Trust Institute. University of Illinois Urbana-Champaign
MIT/Lincoln Laboratories
MITRE Corporation
Institute for Civil Infrastructure Systems. New York University
Pacific Northwest National Laboratory
Sandia National Laboratories
SRI International
University of Virginia

 

RESEARCH APPROACH

  1. Understand the vulnerabilities, characterize the risk, and analyze the consequences of disruption
  2. Understand and develop metrics that can be used to measure improvement
  3. Research technical solutions
  4. Work with the stakeholders in industry, government, and the research community to transfer the knowledge gained and technology developed

 

WORKING WITH INDUSTRY

The research team is working with industry to understand their security needs and to develop appropriate scenarios for testing and evaluating the results of the project. Industry participates in project reviews and the team uses the feedback to update their work direction. The team has hosted three workshops with industry: June 2005, November 2005, and June 2006 to present and discuss the work with the key stakeholders.

 

COORDINATION WITH GOVERNMENT EFFORTS

The I3P PCS team is coordinating its work with other federal government or government-funded efforts. Coordination and information sharing has taken place with the Department of Homeland Security's Science and Technology Directorate and the National Cyber Security Division's Control System Security Program (CSSP). The I3P's work is also aligned with the Department of Energy's energy roadmap, among others.

 

ACCOMPLISHMENTS TO DATE

Prototype tools are being demonstrated in a “typical” oil and gas architecture test bed, at conferences, and at stakeholder sites. Partnerships with PCS vendors are underway to forge paths for technology transfer. Publications, technical reports, and presentations are available on the following topics: risk characterization, interdependences, metrics, tools, and secure information sharing. Classes in PCS security are being introduced in a number of the member institutions. The most recent fact sheets for tools currently under development and evaluation include:

Process Control Systems Fact Sheets [Last updated: February 2007]

 
  • DEADBOLT — Source code checking tool
  • SHARP — Security-Hardened Attach Resistant Platform (formerly called 'HSMTU')
  • SecSS — Security Services Suite
  • RiskMap — Tool for building a business case for investing in security
  • EMERALD — intrusion detection and event correlation for PCS
  • CDIS — Prototype for demonstrating secure information sharing
  • APT - Access Policy Tool
  • 21 Steps - Security Metrics Tool
  • AAC - Anonymous, Authenticated Communication
  • IIM - Inoperability Input-Output Model
  • P-STET - PCS Security Technology Evaluation Tool
  • Security Metrics - Tools for Evaluating Security Performance
  • PCS Project Progress Summary Factsheet

 

 

Points of Contact:

Project Director: John Cummings, (505) 845-9937
Project Leader: Ben Cook,  (505) 844-3795
I3P Assistant Director for Research & Analysis : ,  (603) 646-0692

Dartmouth Leaf Icon
The I3P is managed by Dartmouth College.
Copyright © 2007, the Trustees of Dartmouth College. All rights reserved.