58-65

UDC 004.7
DOI: 10.15350/2306-2819.2017.4.58

PROBLEMS WITH THE USE OF SIEM- SYSTEMS IN INDUSTRIAL INFORMATION CONTROL SYSTEMS

I. I. Bezukladnikov, A. A. Mironova, A. A. Yuzhakov,
Perm National Research Polytechnic University,
29, Komsomolsky pr., Perm, 614990, Russian Federation
E-mail: igor.i.bezukladnikov@ieee.org

ABSTRACT

Introduction. Industrial information control systems (ICS) are often used at critically important objects, such as atomic power stations, chemical enterprises etc. In this connection any successful cyber attack on systems of that kind can cause not only economic, social and ecological damage but also give rise to negative effects on human health and life. Consequently, problems of timely detection and prevention of cyber attacks on ICS become increasingly important. Modern ICS have a complex network infrastructure. They also have such features as near-real-time industrial process control, a continuous mode of operation, a missing operator, specific reliability, checkout, construction etc requirements. One of the approaches to providing the information security of such systems is the use of composite systems of control and the analysis of information security events (of SIEM systems). The purpose of this work is the analysis of the resultant level of the information security of the link ICS+ SIEM, in particular with regard to non-traditional threats to information security, which have become popular lately – attacks using covert channels. The example of the covert channel (which is not detected with the help of SIEM), operating within the framework of the ICS wireless segment is given in the article. Conclusion. The conducted research shows, that the features of SIEM- systems implementation and their orientation to the behavior analysis does not allow detecting the most dangerous kinds of malicious actions (zero-day attacks, attacks by means of covert channels) because of insufficient integration with ICS components as well as the lack of corresponding sensors/sniffers. Nevertheless, by means of the supplementary configuration of the SIEM-system considering the specific character of information control systems operation, some problems, described above, can be solved. Recommendations for the modification both the SIEM-system and the components of the protected industrial information control system are given in the article.

KEYWORDS

industrial systems; information security; wireless networks; covert channels; SIEM-systems.

FULL TEXT (pdf)

REFERENCES

1.   Bezukladnikov I. I., Mironova A. A., Yuzhakov A. A. Targetirovannye ataki v promyshlennykh informatsionno-upravlyayushchikh sistemakh [Targeted Attacks in Industrial Information and Control Systems]. Vestnik Povolzhskogo gosudarstvennogo tekhnologicheskogo universiteta. Ser.: Radiotekhnicheskie i infokommunikatsionnye sistemy [Vestnik of Volga State University of Technology. Ser.: Radio Engineering and Infocommunication Systems]. 2017. No 2 (34). Pp. 54-66. (In Russ.).
2.   Dave McMillen. Attacks Targeting Industrial Control Systems (ICS) Up 110 Percent. [Electronic resource]. URL: https://securityintelligence.com/attacks-targeting-industrial-control-systems-ics-up-110-percent/ (Reference date: 02.07.2017).
3.   SP 800-82 Revision 2, Guide to Industrial Control Systems (ICS) Security (May 2015). [Electronic resource]. URL: http://dx.doi.org/10.6028/NIST.SP.800-82r2 (Reference date: 02.07.2017).
4. Spiridonov S. V. Ob odnom podkhode k monitoringu kiberugroz v ASU TP transporta gaza [About One Approach to Cyber Threat Monitoring in Gas Transport CAM]. Materialy XIV Vserossiyskoy shkoly-konferentsii molodykh uchenykh «Upravlenie bol'shimi sistemami. UBS-2017» [Proceedings of XIV All-Russian School-Conference for Young Scientists «Control of Large Systems»] Perm: Perm National Research Polytechnic University, 2017. Issue XX. Pp. 528-534. (In Russ.).
5.   Bezukladnikov I. I., Mironova A. A. Metody skrytoy peredachi informatsii na setevom urovne telekommunikatsionnykh sistem [Methods of Secure Information Transfer at the Network Level of Telecommunication Systems]. Vestnik UrFO. Bezopasnost' v informatsionnoy sfere [Bulletin of Ural Federal District. Security in the Information Sphere]. 2016. No 4 (22). Pp. 11 – 15. (In Russ.).
6.   Gemalto Releases Findings of 2014 Breach Level Index. 2015 [Online]. Available: http://www.gemalto.com/press/Pages/Gemalto-Relea-ses-Findings-of-2014-Breach-Level-Index.aspx.
7. Shpunt Ya. Targetirovannye ataki i kak s nimi borot'sya [Targeted Attacks and How to Fight Them] [Electronic resource]. URL: https://www.iemag.ru/analitics/detail.php?ID=32831 (reference date: 02.07.2017). (In Russ.).
8. Levtsov V., Demidov N. Anatomiya targetirovannoy ataki [Anatomy of a Targeted Attack] Part 4. Informatsionnaya bezopasnost' [Information Security]. 2016. No 6. Pp. 18-233. (In Russ.).
9. OSSIM – razvorachivaem kompleksnuyu opensource sistemu upravleniya bezopasnost'yu [Deploying an Integrated Open Source Security Control System] [Electronic resource]. URL: https://habrahabr.ru/post/255433/ (reference date: 13.11.2017).

For citation: Bezukladnikov I. I., Mironova A. A., Yuzhakov A. A. Problems with the Use of Siem- Systems in Industrial Information Control Systems. Vestnik of Volga State University of Technology. Ser.: Radio Engineering and Infocommunication Systems. 2017. No 4 (36). Pp. 58-65. DOI: 10.15350/2306-2819.2017.4.58