An integrated framework for control system simulation and regulatory compliance monitoring

William Mahoney, Robin A. Gandhi

Research output: Contribution to journalArticle

13 Citations (Scopus)

Abstract

This paper presents SCADASiM, an integrated framework for control system simulation and near-real-time regulatory compliance monitoring with respect to cybersecurity. With numerous legacy control system installations already in place, current approaches for highly detailed simulations demand a significant modeling effort to be useful. Furthermore, the complexity and lack of technical uniformity in legacy SCADA systems often obscures their core operational semantics, making regulatory compliance monitoring only available to personnel with intimate knowledge about the system. To address these issues, the SCADASiM framework includes two parts. First, it allows rapid recreation of message-based interactions between cyber and physical entities. The resulting simulation is geared towards facilitating the development of strategic and near-real-time security related regulatory compliance monitoring capabilities for critical infrastructure owners. Second, it includes new language utilities for collecting and monitoring the system events necessary to demonstrate regulatory compliance in real-time. In an integrated framework, the simulation facilitates policy authoring using the new language utilities, which in turn allow the observance of policy violation with its operational impact using "what-if" scenarios about coordinated attacks on the infrastructure. The two parts of the framework are synchronized by a SCADA taxonomy described using semantic web representation standards. The abstract layers of our taxonomy map to regulatory requirements that mandate security controls in the critical infrastructure, while the lower layers map to actual system components and their events that characterize actual system behavior. Here we describe the design decisions and structure of the SCADASiM framework as well as its initial feasibility using an in-lab control system simulation that replicates a water supply system.

Original languageEnglish (US)
Pages (from-to)41-53
Number of pages13
JournalInternational Journal of Critical Infrastructure Protection
Volume4
Issue number1
DOIs
StatePublished - Apr 1 2011

Fingerprint

System Simulation
Compliance
Control System
Monitoring
Control systems
Critical infrastructures
Taxonomies
Legacy Systems
Critical Infrastructure
Taxonomy
Real-time
Water supply systems
SCADA systems
Semantic Web
Simulation
Authoring
Operational Semantics
Uniformity
Semantics
Personnel

Keywords

  • Compliance
  • Regulations
  • SCADA simulation

ASJC Scopus subject areas

  • Modeling and Simulation
  • Safety, Risk, Reliability and Quality
  • Computer Science Applications
  • Information Systems and Management

Cite this

An integrated framework for control system simulation and regulatory compliance monitoring. / Mahoney, William; Gandhi, Robin A.

In: International Journal of Critical Infrastructure Protection, Vol. 4, No. 1, 01.04.2011, p. 41-53.

Research output: Contribution to journalArticle

@article{02b68f5a6d4e441a9d90b2c1a6d74ce3,
title = "An integrated framework for control system simulation and regulatory compliance monitoring",
abstract = "This paper presents SCADASiM, an integrated framework for control system simulation and near-real-time regulatory compliance monitoring with respect to cybersecurity. With numerous legacy control system installations already in place, current approaches for highly detailed simulations demand a significant modeling effort to be useful. Furthermore, the complexity and lack of technical uniformity in legacy SCADA systems often obscures their core operational semantics, making regulatory compliance monitoring only available to personnel with intimate knowledge about the system. To address these issues, the SCADASiM framework includes two parts. First, it allows rapid recreation of message-based interactions between cyber and physical entities. The resulting simulation is geared towards facilitating the development of strategic and near-real-time security related regulatory compliance monitoring capabilities for critical infrastructure owners. Second, it includes new language utilities for collecting and monitoring the system events necessary to demonstrate regulatory compliance in real-time. In an integrated framework, the simulation facilitates policy authoring using the new language utilities, which in turn allow the observance of policy violation with its operational impact using {"}what-if{"} scenarios about coordinated attacks on the infrastructure. The two parts of the framework are synchronized by a SCADA taxonomy described using semantic web representation standards. The abstract layers of our taxonomy map to regulatory requirements that mandate security controls in the critical infrastructure, while the lower layers map to actual system components and their events that characterize actual system behavior. Here we describe the design decisions and structure of the SCADASiM framework as well as its initial feasibility using an in-lab control system simulation that replicates a water supply system.",
keywords = "Compliance, Regulations, SCADA simulation",
author = "William Mahoney and Gandhi, {Robin A.}",
year = "2011",
month = "4",
day = "1",
doi = "10.1016/j.ijcip.2011.03.002",
language = "English (US)",
volume = "4",
pages = "41--53",
journal = "International Journal of Critical Infrastructure Protection",
issn = "1874-5482",
publisher = "Elsevier",
number = "1",

}

TY - JOUR

T1 - An integrated framework for control system simulation and regulatory compliance monitoring

AU - Mahoney, William

AU - Gandhi, Robin A.

PY - 2011/4/1

Y1 - 2011/4/1

N2 - This paper presents SCADASiM, an integrated framework for control system simulation and near-real-time regulatory compliance monitoring with respect to cybersecurity. With numerous legacy control system installations already in place, current approaches for highly detailed simulations demand a significant modeling effort to be useful. Furthermore, the complexity and lack of technical uniformity in legacy SCADA systems often obscures their core operational semantics, making regulatory compliance monitoring only available to personnel with intimate knowledge about the system. To address these issues, the SCADASiM framework includes two parts. First, it allows rapid recreation of message-based interactions between cyber and physical entities. The resulting simulation is geared towards facilitating the development of strategic and near-real-time security related regulatory compliance monitoring capabilities for critical infrastructure owners. Second, it includes new language utilities for collecting and monitoring the system events necessary to demonstrate regulatory compliance in real-time. In an integrated framework, the simulation facilitates policy authoring using the new language utilities, which in turn allow the observance of policy violation with its operational impact using "what-if" scenarios about coordinated attacks on the infrastructure. The two parts of the framework are synchronized by a SCADA taxonomy described using semantic web representation standards. The abstract layers of our taxonomy map to regulatory requirements that mandate security controls in the critical infrastructure, while the lower layers map to actual system components and their events that characterize actual system behavior. Here we describe the design decisions and structure of the SCADASiM framework as well as its initial feasibility using an in-lab control system simulation that replicates a water supply system.

AB - This paper presents SCADASiM, an integrated framework for control system simulation and near-real-time regulatory compliance monitoring with respect to cybersecurity. With numerous legacy control system installations already in place, current approaches for highly detailed simulations demand a significant modeling effort to be useful. Furthermore, the complexity and lack of technical uniformity in legacy SCADA systems often obscures their core operational semantics, making regulatory compliance monitoring only available to personnel with intimate knowledge about the system. To address these issues, the SCADASiM framework includes two parts. First, it allows rapid recreation of message-based interactions between cyber and physical entities. The resulting simulation is geared towards facilitating the development of strategic and near-real-time security related regulatory compliance monitoring capabilities for critical infrastructure owners. Second, it includes new language utilities for collecting and monitoring the system events necessary to demonstrate regulatory compliance in real-time. In an integrated framework, the simulation facilitates policy authoring using the new language utilities, which in turn allow the observance of policy violation with its operational impact using "what-if" scenarios about coordinated attacks on the infrastructure. The two parts of the framework are synchronized by a SCADA taxonomy described using semantic web representation standards. The abstract layers of our taxonomy map to regulatory requirements that mandate security controls in the critical infrastructure, while the lower layers map to actual system components and their events that characterize actual system behavior. Here we describe the design decisions and structure of the SCADASiM framework as well as its initial feasibility using an in-lab control system simulation that replicates a water supply system.

KW - Compliance

KW - Regulations

KW - SCADA simulation

UR - http://www.scopus.com/inward/record.url?scp=79954421663&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=79954421663&partnerID=8YFLogxK

U2 - 10.1016/j.ijcip.2011.03.002

DO - 10.1016/j.ijcip.2011.03.002

M3 - Article

AN - SCOPUS:79954421663

VL - 4

SP - 41

EP - 53

JO - International Journal of Critical Infrastructure Protection

JF - International Journal of Critical Infrastructure Protection

SN - 1874-5482

IS - 1

ER -