Better Safe Than Sorry: Risk Management Based on a Safety-Augmented Network Intrusion Detection System
Interconnected industrial control system (ICS) networks based on routable protocols are susceptible to remote attacks similar to classical information technology (IT) networks. However, addressing ICS security in an isolated view is dangerous since ICSs have to ensure safety measures for people, pro...
Main Authors: | , , , , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
IEEE
2023-01-01
|
Series: | IEEE Open Journal of the Industrial Electronics Society |
Subjects: | |
Online Access: | https://ieeexplore.ieee.org/document/10187675/ |
_version_ | 1797339189040119808 |
---|---|
author | Bernhard Brenner Siegfried Hollerer Pushparaj Bhosale Thilo Sauter Wolfgang Kastner Joachim Fabini Tanja Zseby |
author_facet | Bernhard Brenner Siegfried Hollerer Pushparaj Bhosale Thilo Sauter Wolfgang Kastner Joachim Fabini Tanja Zseby |
author_sort | Bernhard Brenner |
collection | DOAJ |
description | Interconnected industrial control system (ICS) networks based on routable protocols are susceptible to remote attacks similar to classical information technology (IT) networks. However, addressing ICS security in an isolated view is dangerous since ICSs have to ensure safety measures for people, processes, and the environment. The safety and security of ICSs are often addressed separately, without considering their important interrelation. Safety measures can violate security policies (e.g., an emergency stop function accessible by anyone); likewise, a security incident can violate safety policies (e.g., by increasing reaction time). In this article, we propose a network-based intrusion detection system with the interrelation between safety and security in mind. It detects security incidents while evaluating possible safety-related consequences of both the detected attack and possible countermeasures. We evaluate our approach with a Proof of Concept (PoC). The alerts generated by the PoC prototype serve as the basis for a risk management strategy proposed in this article. Our approach provides a basis for safety-aware intrusion detection in smart factories and other cyber-physical systems. |
first_indexed | 2024-03-08T09:42:21Z |
format | Article |
id | doaj.art-083780e36b044a569708374923db9b7c |
institution | Directory Open Access Journal |
issn | 2644-1284 |
language | English |
last_indexed | 2024-03-08T09:42:21Z |
publishDate | 2023-01-01 |
publisher | IEEE |
record_format | Article |
series | IEEE Open Journal of the Industrial Electronics Society |
spelling | doaj.art-083780e36b044a569708374923db9b7c2024-01-30T00:06:10ZengIEEEIEEE Open Journal of the Industrial Electronics Society2644-12842023-01-01428730310.1109/OJIES.2023.329705710187675Better Safe Than Sorry: Risk Management Based on a Safety-Augmented Network Intrusion Detection SystemBernhard Brenner0https://orcid.org/0000-0001-9549-467XSiegfried Hollerer1https://orcid.org/0000-0002-3814-6019Pushparaj Bhosale2https://orcid.org/0000-0001-5760-2342Thilo Sauter3Wolfgang Kastner4https://orcid.org/0000-0001-5420-404XJoachim Fabini5https://orcid.org/0000-0002-8285-1591Tanja Zseby6https://orcid.org/0000-0002-5391-467XInstitute of Telecommunications, TU Wien, Vienna, AustriaInstitute of Computer Engineering, TU Wien, Vienna, AustriaInstitute of Computer Engineering, TU Wien, Vienna, AustriaInstitute of Computer Technology, TU Wien, Vienna, AustriaInstitute of Computer Engineering, TU Wien, Vienna, AustriaInstitute of Telecommunications, TU Wien, Vienna, AustriaInstitute of Telecommunications, TU Wien, Vienna, AustriaInterconnected industrial control system (ICS) networks based on routable protocols are susceptible to remote attacks similar to classical information technology (IT) networks. However, addressing ICS security in an isolated view is dangerous since ICSs have to ensure safety measures for people, processes, and the environment. The safety and security of ICSs are often addressed separately, without considering their important interrelation. Safety measures can violate security policies (e.g., an emergency stop function accessible by anyone); likewise, a security incident can violate safety policies (e.g., by increasing reaction time). In this article, we propose a network-based intrusion detection system with the interrelation between safety and security in mind. It detects security incidents while evaluating possible safety-related consequences of both the detected attack and possible countermeasures. We evaluate our approach with a Proof of Concept (PoC). The alerts generated by the PoC prototype serve as the basis for a risk management strategy proposed in this article. Our approach provides a basis for safety-aware intrusion detection in smart factories and other cyber-physical systems.https://ieeexplore.ieee.org/document/10187675/Industrial control systems (ICSs)incident responseinformation technology (IT) / operational technology (OT) convergenceOT securityrisk managementsafety |
spellingShingle | Bernhard Brenner Siegfried Hollerer Pushparaj Bhosale Thilo Sauter Wolfgang Kastner Joachim Fabini Tanja Zseby Better Safe Than Sorry: Risk Management Based on a Safety-Augmented Network Intrusion Detection System IEEE Open Journal of the Industrial Electronics Society Industrial control systems (ICSs) incident response information technology (IT) / operational technology (OT) convergence OT security risk management safety |
title | Better Safe Than Sorry: Risk Management Based on a Safety-Augmented Network Intrusion Detection System |
title_full | Better Safe Than Sorry: Risk Management Based on a Safety-Augmented Network Intrusion Detection System |
title_fullStr | Better Safe Than Sorry: Risk Management Based on a Safety-Augmented Network Intrusion Detection System |
title_full_unstemmed | Better Safe Than Sorry: Risk Management Based on a Safety-Augmented Network Intrusion Detection System |
title_short | Better Safe Than Sorry: Risk Management Based on a Safety-Augmented Network Intrusion Detection System |
title_sort | better safe than sorry risk management based on a safety augmented network intrusion detection system |
topic | Industrial control systems (ICSs) incident response information technology (IT) / operational technology (OT) convergence OT security risk management safety |
url | https://ieeexplore.ieee.org/document/10187675/ |
work_keys_str_mv | AT bernhardbrenner bettersafethansorryriskmanagementbasedonasafetyaugmentednetworkintrusiondetectionsystem AT siegfriedhollerer bettersafethansorryriskmanagementbasedonasafetyaugmentednetworkintrusiondetectionsystem AT pushparajbhosale bettersafethansorryriskmanagementbasedonasafetyaugmentednetworkintrusiondetectionsystem AT thilosauter bettersafethansorryriskmanagementbasedonasafetyaugmentednetworkintrusiondetectionsystem AT wolfgangkastner bettersafethansorryriskmanagementbasedonasafetyaugmentednetworkintrusiondetectionsystem AT joachimfabini bettersafethansorryriskmanagementbasedonasafetyaugmentednetworkintrusiondetectionsystem AT tanjazseby bettersafethansorryriskmanagementbasedonasafetyaugmentednetworkintrusiondetectionsystem |