Valerio Formicola

Vincenzo Giuliano, Valerio Formicola

Maintenance staff of Industrial Control Systems (ICS) is generally not aware about information technologies, and even less about cyber security problems. The scary impact of cyber attacks in the industrial world calls for tools to train defensive skills and test effective security measures. Cyber range offers this opportunity, but current research is lacking cost-effective solutions verticalized for the industrial domain. This work proposes ICSrange, a simulation-based cyber range platform for Industrial Control Systems. ICSrange adopts Commercial-Off-The-Shelf (COTS) technologies to virtualize an enterprise network connected to Industrial Control Systems. ICSrange is the outcome of a preliminary study intended to investigate challenges and opportunities to build a configurable and extensible cyber range with simulated industrial processes. Literature shows that testbeds based on realistic mock-ups are effectively employed to develop complex exploits like Advanced Persistent Threats (APTs), hence motivating their usage to train and test security in ICS. We prove the effectiveness of ICSrange through the execution of a multi-staged attack that breaches an enterprise network and progressively intrudes a simulated ICS with water tanks. The attack mimics lateral movements as observed in APTs.

Alessia Garofalo, Cesario Di Sarno, Ilaria Matteucci et al.

Critical Infrastructure Protection is one of the main challenges of last years. Security Information and Event Management (SIEM) systems are widely used for coping with this challenge. However, they currently present several limitations that have to be overcome. In this paper we propose an enhanced SIEM system in which we have introduced novel components to i) enable multiple layer data analysis; ii) resolve conflicts among security policies, and discover unauthorized data paths in such a way to be able to reconfigure network devices. Furthermore, the system is enriched by a Resilient Event Storage that ensures integrity and unforgeability of events stored.

Gianfranco Cerullo, Valerio Formicola, Pietro Iamiglio et al.

Coordinated and targeted cyber-attacks to Critical Infrastructures (CIs) are becoming more and more frequent and sophisticated. This is due to: i) the recent technology shift towards Commercial Off-The-Shelf (COTS) products, and ii) new economical and socio-political motivations. In this paper, we discuss some of the most relevant security issues resulting from the adoption in CIs of heterogeneous network infrastructures (specifically combining wireless and IP trunks), and suggest techniques to detect, as well as to counter/mitigate attacks. We claim that techniques such as those we propose here should be integrated in future SIEM (Security Information and Event Management) solutions, and we discuss how we have done so in the EC-funded MASSIF project, with respect to a real-world CI scenario, specifically a distributed system for power grid monitoring.