Attacks on Critical Infrastructures are increasing and becoming more sophisticated. In addition to security issues of Supervisory Control And Data Acquisition systems, new threats come from the recent adoption of Wireless Sensor Network (WSN) technologies. Traditional security solutions for solely Information Technology (IT) based infrastructures, such as the Security Information and Events Management (SIEM) systems, can be strongly enchanced to address such issues. In this paper we analyze limits of current SIEMs to protect CIs and propose a framework developed in the MASSIF Project to enhance services for data treatment. We present the Generic Event Translation and introduce the Resilient Storage modules to collect data from heterogeneous sources, improve the intelligence of the SIEM periphery, reliably store information of security breaches. Particularly, by focusing on the first two features, we illustrate how they can improve the detection of attacks targeting the WSN of a dam monitoring and control system.
Protecting the WSN Zones of a Critical Infrastructure via Enhanced SIEM Technology
ROMANO, LUIGI;D'ANTONIO, Salvatore;FORMICOLA, Valerio;COPPOLINO, Luigi
2012-01-01
Abstract
Attacks on Critical Infrastructures are increasing and becoming more sophisticated. In addition to security issues of Supervisory Control And Data Acquisition systems, new threats come from the recent adoption of Wireless Sensor Network (WSN) technologies. Traditional security solutions for solely Information Technology (IT) based infrastructures, such as the Security Information and Events Management (SIEM) systems, can be strongly enchanced to address such issues. In this paper we analyze limits of current SIEMs to protect CIs and propose a framework developed in the MASSIF Project to enhance services for data treatment. We present the Generic Event Translation and introduce the Resilient Storage modules to collect data from heterogeneous sources, improve the intelligence of the SIEM periphery, reliably store information of security breaches. Particularly, by focusing on the first two features, we illustrate how they can improve the detection of attacks targeting the WSN of a dam monitoring and control system.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.