Security Analysis of Various Industrial Devices

Jari Seppälä, Ari Takanen, Juha Korju, Antti Häyrynen

    Research output: Chapter in Book/Report/Conference proceedingConference contributionProfessional

    Abstract

    Since Stuxnet, the focus of Industrial Control Systems (ICS) security audits has been in the field devices and controllers. However, the commonly use ISA-95 reference model for industrial integration contains four layers: enterprise resource planning, manufacturing execution, process control and field devices. This hierarchy usually shares network components and systems not only internally but also with various external systems like camera monitoring, premises security systems, building automation etc. From automation viewpoint these external systems create critical access path into the core automation. They have different operators and subcontractors but can share network infrastructure. The ICS security therefore should be viewed as a whole where the risk any device introduces must be considered not only by the ISA-95 level it operates on but also with the assets it shares within the company. This paper presents analysis of various ICS devices mapped against ISA- 95 levels. The analyses show that the shared components create a real security risk.
    Original languageEnglish
    Title of host publicationInternational Conference on Computer Security in a Nuclear World: Expert Discussion and Exchange, 1-5 June, 2015, Vienna, Austria
    PublisherINTERNATIONAL ATOMIC ENERGY AGENCY
    Number of pages8
    Publication statusPublished - 2015
    Publication typeD3 Professional conference proceedings
    EventInternational Conference on Computer Security in a Nuclear World: Expert Discussion and Exchange - Vienna International Centre (VIC), Vienna, Austria
    Duration: 1 Jun 20155 Jun 2015

    Conference

    ConferenceInternational Conference on Computer Security in a Nuclear World: Expert Discussion and Exchange
    Country/TerritoryAustria
    CityVienna
    Period1/06/155/06/15

    Keywords

    • Security analysis
    • Industrial Control Systems
    • shared resources
    • ISA-95

    ASJC Scopus subject areas

    • Control and Systems Engineering
    • Information Systems

    Fingerprint

    Dive into the research topics of 'Security Analysis of Various Industrial Devices'. Together they form a unique fingerprint.

    Cite this