Refining Security: Process Control System Protection, Misuse Detection and Attack Response
Speaker: Robert Cunningham, Information Systems Technology Group, MIT Lincoln Labs
Wednesday April 16, 2008, 3pm-5pm in 111 Cummington Street, Room 135
Co-sponsored by the Computer Science Department, the Electrical and Computer Engineering Department,
and
the Reliable Information Systems and Cyber Security Center
Boston University
Abstract:
Process Control Systems (PCS) are responsible for managing processes that manufacture goods, refine oil, light our houses, and heat our homes. If PCS are not properly configured and protected, they are vulnerable to disruption, potentially leading to business, economic and environmental losses and possibly to the loss of life. Whereas once these systems were purpose-built and isolated, increasingly they are built using commodity hardware and operating systems and becoming connected to the Internet.
Organizations are beginning to understand that these systems need to be hardened, but accomplishing this task remains difficult. For every aspect of security — from making a business case to management, to building security into PCS design and implementation to configuring, running, monitoring, and if necessary restoring systems — well-designed tools can make a tremendous difference. In this presentation I will discuss some of the threats to these systems, describe how to identify components for “security upgrades”, and explain how each device can be made more secure through automated testing of software and hardware configurations, through careful configuration of the network connections, and through monitoring for improper or unauthorized use. The members of the I3P consortium are researching, designing and commercializing some of the first tools in this area. In addition to leading this effort, the authors are developing a software testing tool designed for PCS, so this topic will be covered in detail.
This is joint work with Michael Zhivich.
Host: Ari Trachtenberg