Abstract
Although existing control systems have been developed and operated independently, the development of information technology has made access to control systems easier. Note, however, that such advancement of control systems gave rise to many security vulnerabilities; thus, the threat of cyber-attack is increasing as well. Since availability is the most critical factor in a control system, independent network security technology is most appropriate. The leading security device in such form is the firewall system. Therefore, this paper discusses the design and application of the IndusCAP-Gate (Industrial Cyber Attack Prevention—Gate) system, an industrial firewall system that fundamentally prevents unauthorized access to a control system. It applies access control filters of various levels to provide flexible and clear access control functionality. Most of all, the proposed system—unlike an IT firewall that implements access control to an unspecified mass—has a structure that facilitates the provision of security policy specific to each zone of the control system intranet used for access control of the specific system and service.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Yoon J, Kim W, Seo J (2012) Control system network security technology trend. 22(5):22–27
Yoo H, Yoon J, Sohn T (2013) Whitelist-based technique to detect abnormal situation for control system security. J Korea Inf Commun Soc 38B(08):641–653
Yoon J, Kim W, Seo J (2012) Study on technology requirement using the technological trend of security products concerning the industrial control system. J Korea Inst Inform Secur Crytology 22(5):22–26
Zhu B, Joseph A, Sastry S (2011) A taxonomy of cyber attacks on SCADA systems. In: Proceedings of IEEE international conference on internet things (iThings/CPSCom), pp 308–388. Dalian, China, Oct 2011
Guide to Industrial Control Systems (ICS) Security. NIST Special Publication 800(82), Jun 2011
Huitsing P, Chandia R, Papa M, Shenoi S (2008) Attack taxonomies for the Modbus protocol. Int J Crit Infrastruct Prot 1:37–44
Cheon Y (2009) Network design and architecture for industrial control system security. J Inf Process 19(5):60–67
Tofino Security Appliance. http://www.tofinosecurity.com/products
SCADA Firewall. http://www.bayshorenetworks.com/singlekey-scada-firewall.php
Scalance S. http://www.automation.siemens.com
Modbus IDA (2004) Modbus application protocol specification v1.1a. North Grafton, Massachusetts
DigitalBond’s Basecamp Project. http://www.digitalbond.com/tools/basecamp
Acknowledgments
This work was supported by the IT R&D program of MSIP/KEIT. [010041560, A development of anomaly detection and a multi-layered response technology to protect an intranet of a control system for the availability of pipeline facilities].
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer Science+Business Media Dordrecht
About this paper
Cite this paper
Kim, B., Kang, DH., Na, JC., Chang, BH., Chung, TM. (2014). Design of Industrial Firewall System Based on Multiple Access Control Filter. In: Park, J., Zomaya, A., Jeong, HY., Obaidat, M. (eds) Frontier and Innovation in Future Computing and Communications. Lecture Notes in Electrical Engineering, vol 301. Springer, Dordrecht. https://doi.org/10.1007/978-94-017-8798-7_64
Download citation
DOI: https://doi.org/10.1007/978-94-017-8798-7_64
Published:
Publisher Name: Springer, Dordrecht
Print ISBN: 978-94-017-8797-0
Online ISBN: 978-94-017-8798-7
eBook Packages: EngineeringEngineering (R0)