Tampere University of Technology

TUTCRIS Research Portal

Security Analysis of Various Industrial Devices

Research output: Chapter in Book/Report/Conference proceedingConference contributionProfessional

Standard

Security Analysis of Various Industrial Devices. / Seppälä, Jari; Takanen, Ari; Korju, Juha; Häyrynen, Antti.

International Conference on Computer Security in a Nuclear World: Expert Discussion and Exchange, 1-5 June, 2015, Vienna, Austria . INTERNATIONAL ATOMIC ENERGY AGENCY, 2015. 132.

Research output: Chapter in Book/Report/Conference proceedingConference contributionProfessional

Harvard

Seppälä, J, Takanen, A, Korju, J & Häyrynen, A 2015, Security Analysis of Various Industrial Devices. in International Conference on Computer Security in a Nuclear World: Expert Discussion and Exchange, 1-5 June, 2015, Vienna, Austria ., 132, INTERNATIONAL ATOMIC ENERGY AGENCY, International Conference on Computer Security in a Nuclear World: Expert Discussion and Exchange, Vienna, Austria, 1/06/15.

APA

Seppälä, J., Takanen, A., Korju, J., & Häyrynen, A. (2015). Security Analysis of Various Industrial Devices. In International Conference on Computer Security in a Nuclear World: Expert Discussion and Exchange, 1-5 June, 2015, Vienna, Austria [132] INTERNATIONAL ATOMIC ENERGY AGENCY.

Vancouver

Seppälä J, Takanen A, Korju J, Häyrynen A. Security Analysis of Various Industrial Devices. In International Conference on Computer Security in a Nuclear World: Expert Discussion and Exchange, 1-5 June, 2015, Vienna, Austria . INTERNATIONAL ATOMIC ENERGY AGENCY. 2015. 132

Author

Seppälä, Jari ; Takanen, Ari ; Korju, Juha ; Häyrynen, Antti. / Security Analysis of Various Industrial Devices. International Conference on Computer Security in a Nuclear World: Expert Discussion and Exchange, 1-5 June, 2015, Vienna, Austria . INTERNATIONAL ATOMIC ENERGY AGENCY, 2015.

Bibtex - Download

@inproceedings{bfe8f7a387614c7ba955e2b7cb8d214d,
title = "Security Analysis of Various Industrial Devices",
abstract = "Since Stuxnet, the focus of Industrial Control Systems (ICS) security audits has been in the field devices and controllers. However, the commonly use ISA-95 reference model for industrial integration contains four layers: enterprise resource planning, manufacturing execution, process control and field devices. This hierarchy usually shares network components and systems not only internally but also with various external systems like camera monitoring, premises security systems, building automation etc. From automation viewpoint these external systems create critical access path into the core automation. They have different operators and subcontractors but can share network infrastructure. The ICS security therefore should be viewed as a whole where the risk any device introduces must be considered not only by the ISA-95 level it operates on but also with the assets it shares within the company. This paper presents analysis of various ICS devices mapped against ISA- 95 levels. The analyses show that the shared components create a real security risk.",
keywords = "Security analysis, Industrial Control Systems, shared resources, ISA-95",
author = "Jari Sepp{\"a}l{\"a} and Ari Takanen and Juha Korju and Antti H{\"a}yrynen",
year = "2015",
language = "English",
booktitle = "International Conference on Computer Security in a Nuclear World: Expert Discussion and Exchange, 1-5 June, 2015, Vienna, Austria",
publisher = "INTERNATIONAL ATOMIC ENERGY AGENCY",

}

RIS (suitable for import to EndNote) - Download

TY - GEN

T1 - Security Analysis of Various Industrial Devices

AU - Seppälä, Jari

AU - Takanen, Ari

AU - Korju, Juha

AU - Häyrynen, Antti

PY - 2015

Y1 - 2015

N2 - Since Stuxnet, the focus of Industrial Control Systems (ICS) security audits has been in the field devices and controllers. However, the commonly use ISA-95 reference model for industrial integration contains four layers: enterprise resource planning, manufacturing execution, process control and field devices. This hierarchy usually shares network components and systems not only internally but also with various external systems like camera monitoring, premises security systems, building automation etc. From automation viewpoint these external systems create critical access path into the core automation. They have different operators and subcontractors but can share network infrastructure. The ICS security therefore should be viewed as a whole where the risk any device introduces must be considered not only by the ISA-95 level it operates on but also with the assets it shares within the company. This paper presents analysis of various ICS devices mapped against ISA- 95 levels. The analyses show that the shared components create a real security risk.

AB - Since Stuxnet, the focus of Industrial Control Systems (ICS) security audits has been in the field devices and controllers. However, the commonly use ISA-95 reference model for industrial integration contains four layers: enterprise resource planning, manufacturing execution, process control and field devices. This hierarchy usually shares network components and systems not only internally but also with various external systems like camera monitoring, premises security systems, building automation etc. From automation viewpoint these external systems create critical access path into the core automation. They have different operators and subcontractors but can share network infrastructure. The ICS security therefore should be viewed as a whole where the risk any device introduces must be considered not only by the ISA-95 level it operates on but also with the assets it shares within the company. This paper presents analysis of various ICS devices mapped against ISA- 95 levels. The analyses show that the shared components create a real security risk.

KW - Security analysis

KW - Industrial Control Systems

KW - shared resources

KW - ISA-95

M3 - Conference contribution

BT - International Conference on Computer Security in a Nuclear World: Expert Discussion and Exchange, 1-5 June, 2015, Vienna, Austria

PB - INTERNATIONAL ATOMIC ENERGY AGENCY

ER -