Critical Infrastructure Protection: having SIEM technology cope with network heterogeneity
This work addresses security problems for critical infrastructure operators, but it appears incremental as it builds on existing SIEM technology with specific adaptations.
The paper tackles the challenge of protecting critical infrastructures from sophisticated cyber-attacks by addressing security issues in heterogeneous networks, proposing techniques for detection and mitigation, and integrating these into SIEM solutions as demonstrated in the MASSIF project for a power grid monitoring system.
Coordinated and targeted cyber-attacks to Critical Infrastructures (CIs) are becoming more and more frequent and sophisticated. This is due to: i) the recent technology shift towards Commercial Off-The-Shelf (COTS) products, and ii) new economical and socio-political motivations. In this paper, we discuss some of the most relevant security issues resulting from the adoption in CIs of heterogeneous network infrastructures (specifically combining wireless and IP trunks), and suggest techniques to detect, as well as to counter/mitigate attacks. We claim that techniques such as those we propose here should be integrated in future SIEM (Security Information and Event Management) solutions, and we discuss how we have done so in the EC-funded MASSIF project, with respect to a real-world CI scenario, specifically a distributed system for power grid monitoring.