In traditional industrial control systems and critical infrastructures, security was implicitly assumed by the reliance on proprietary technologies (security by obscurity), physical access protection and disconnection from the Internet. The massive move, in the last decade, towards open standards and IP connectivity, the growing integration of Internet of Things technologies, and the disruptiveness of targeted cyber-attacks, calls for novel, designed-in, cyber security means.
Taking an holistic approach, SCISSOR designs a new generation SCADA security monitoring framework, comprising four layers:
i) a monitoring layer supporting traffic probes providing programmable traffic analyses up to layer 7, new ultra low cost/energy pervasive sensing technologies, system and software integrity verification, and smart camera surveillance solutions for automatic detection and object classification;
ii) a control and coordination layer adaptively orchestrating remote probes/sensors, providing a uniform representation of monitoring data gathered from heterogeneous sources, and enforcing cryptographic data protection, including certificate-less identity/attribute-based encryption schemes;
iii) a decision and analysis layer in the form of an innovative SIEM fed by both highly heterogeneous monitoring events as well as the native control processes’ signals, and supporting advanced correlation and detection methodologies;
iv) a human-machine layer devised to present in real time the system behavior to the human end user in a simple and usable manner. SCISSOR’s framework will leverage easy-to-deploy cloud-based development and integration, and will be designed with resilience and reliability in mind (no single point of failure). SCISSOR will be assessed via i) an off-field SCADA platform, to highlight its ability to detect and thwart targeted threats, and ii) an on-field, real world deployment within a running operational smart grid, to showcase usability, viability and deployability.