Article ID Journal Published Year Pages File Type
6747683 International Journal of Critical Infrastructure Protection 2015 15 Pages PDF
Abstract
This paper surveys and provides experimental results related to network design techniques focused on enhancing the security of industrial control systems. It analyzes defense-in-depth strategies, network segmentation, network firewall configurations and the role of intrusion prevention systems, intrusion detection systems and anomaly detection systems. The paper also studies the applicability of emerging technologies in the area of IP networks, including software-defined networking, network functions virtualization and next generation firewalls in securing industrial control systems. The main contribution of this paper is the experimental assessment of existing and future network design approaches in the presence of real malware (e.g., Stuxnet) and synthetic attacks (e.g., denial-of-service attacks). The experimental results confirm the importance of defense-in-depth strategies and also highlight the embryonic state of software-defined networking security, which requires profound transformation and validation in order to be embraced by the industrial control system community.
Related Topics
Physical Sciences and Engineering Computer Science Computer Networks and Communications
Authors
, , ,