In the last two years an increasing number of coordinated and targeted cyber-attacks, characterized by an unprecedented level of sophistication, has been conducted against critical infrastructures. This cyber-threat generates serious concerns especially when targets of attacks are critical infrastructures, whose failure may result in death of hundreds or thousands of people, as well as in dramatic damages to the environment. The current SCADA technology is not able to cope with cyber-attacks, since it was not designed with security in mind. Protection from cyber-attacks has to be provided by additional technology, which need to be integrated with the existing SCADA systems in a seamless way. In this chapter we present the approach taken in the MASSIF project to enhance current SIEM technology in order to make it suitable for the protection of Critical Infrastructures. In particular, we focus on issues related to data collection and parsing. We propose data gathering techniques and illustrate their implementation in an enhanced SIEM platform. We do this in the context of a challenging case study, namely monitoring and control of a dam.
Advanced SIEM Technology for Critical Infrastructure Protection
D'ANTONIO, Salvatore;COPPOLINO, Luigi;ROMANO, LUIGI
2013-01-01
Abstract
In the last two years an increasing number of coordinated and targeted cyber-attacks, characterized by an unprecedented level of sophistication, has been conducted against critical infrastructures. This cyber-threat generates serious concerns especially when targets of attacks are critical infrastructures, whose failure may result in death of hundreds or thousands of people, as well as in dramatic damages to the environment. The current SCADA technology is not able to cope with cyber-attacks, since it was not designed with security in mind. Protection from cyber-attacks has to be provided by additional technology, which need to be integrated with the existing SCADA systems in a seamless way. In this chapter we present the approach taken in the MASSIF project to enhance current SIEM technology in order to make it suitable for the protection of Critical Infrastructures. In particular, we focus on issues related to data collection and parsing. We propose data gathering techniques and illustrate their implementation in an enhanced SIEM platform. We do this in the context of a challenging case study, namely monitoring and control of a dam.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.