TUTCRIS - Tampereen teknillinen yliopisto

TUTCRIS

Security Analysis of Various Industrial Devices

Tutkimustuotos

Yksityiskohdat

AlkuperäiskieliEnglanti
OtsikkoInternational Conference on Computer Security in a Nuclear World: Expert Discussion and Exchange, 1-5 June, 2015, Vienna, Austria
KustantajaINTERNATIONAL ATOMIC ENERGY AGENCY
Sivumäärä8
TilaJulkaistu - 2015
OKM-julkaisutyyppiD3 Artikkeli ammatillisessa konferenssijulkaisussa
TapahtumaInternational Conference on Computer Security in a Nuclear World: Expert Discussion and Exchange - Vienna International Centre (VIC), Vienna, Itävalta
Kesto: 1 kesäkuuta 20155 kesäkuuta 2015

Conference

ConferenceInternational Conference on Computer Security in a Nuclear World: Expert Discussion and Exchange
MaaItävalta
KaupunkiVienna
Ajanjakso1/06/155/06/15

Tiivistelmä

Since Stuxnet, the focus of Industrial Control Systems (ICS) security audits has been in the field devices and controllers. However, the commonly use ISA-95 reference model for industrial integration contains four layers: enterprise resource planning, manufacturing execution, process control and field devices. This hierarchy usually shares network components and systems not only internally but also with various external systems like camera monitoring, premises security systems, building automation etc. From automation viewpoint these external systems create critical access path into the core automation. They have different operators and subcontractors but can share network infrastructure. The ICS security therefore should be viewed as a whole where the risk any device introduces must be considered not only by the ISA-95 level it operates on but also with the assets it shares within the company. This paper presents analysis of various ICS devices mapped against ISA- 95 levels. The analyses show that the shared components create a real security risk.

Tutkimusalat

Julkaisufoorumi-taso