Attacks on Critical Infrastructures are increasing and becoming more sophisticated. In addition to security issues of Supervisory Control And Data Acquisition systems, new threats come from the recent adoption of Wireless Sensor Network (WSN) technologies. Traditional security solutions for solely Information Technology (IT) based infrastructures, such as the Security Information and Events Management (SIEM) systems, can be strongly enchanced to address such issues. In this paper we analyze limits of current SIEMs to protect CIs and propose a framework developed in the MASSIF Project to enhance services for data treatment. We present the Generic Event Translation and introduce the Resilient Storage modules to collect data from heterogeneous sources, improve the intelligence of the SIEM periphery, reliably store information of security breaches. Particularly, by focusing on the first two features, we illustrate how they can improve the detection of attacks targeting the WSN of a dam monitoring and control system.
|Titolo:||Protecting the WSN Zones of a Critical Infrastructure via Enhanced SIEM Technology|
|Autori interni:||ROMANO, LUIGI|
|Data di pubblicazione:||2012|
|Rivista:||LECTURE NOTES IN COMPUTER SCIENCE|
|Appare nelle tipologie:||2.1 Contributo in volume (Capitolo o Saggio)|