Virtual Private Groups for Protecting Critical Infrastructure Networks

2009 Cybersecurity Applications & Technology Conference for Homeland Security Pub Date : 2009-03-03 DOI:10.1109/CATCH.2009.14

R. O'Brien, Charles N. Payne Jr.

{"title":"Virtual Private Groups for Protecting Critical Infrastructure Networks","authors":"R. O'Brien, Charles N. Payne Jr.","doi":"10.1109/CATCH.2009.14","DOIUrl":null,"url":null,"abstract":"In an era when critical infrastructure networks are increasingly less isolated and more accessible from open networks, including the Internet, the air-gap security that these critical networks once enjoyed no longer exists. Malicious individuals can exploit this network connectivity, in conjunction with security weaknesses in widely used, homogeneous, COTS (commercial off-the-shelf) products, to penetrate deep within an organization's critical networks. Such an attack on SCADA (Supervisory Control And Data Acquisition) and Process Control networks could have devastating consequences. This paper describes an approach, Virtual Private Groups (VPGs), for creating and managing a virtual air-gap between these networks and the environments in which they may operate. After a brief description of the security issues that confront these networks, we describe our approach for addressing them. Many of the ideas presented here are the result of work done while implementing a version of VPGs directed towards critical infrastructure networks. In the process of doing that work we made a number of advances in managing policy for VPG and related mechanisms.","PeriodicalId":130933,"journal":{"name":"2009 Cybersecurity Applications & Technology Conference for Homeland Security","volume":"20 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 Cybersecurity Applications & Technology Conference for Homeland Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CATCH.2009.14","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

In an era when critical infrastructure networks are increasingly less isolated and more accessible from open networks, including the Internet, the air-gap security that these critical networks once enjoyed no longer exists. Malicious individuals can exploit this network connectivity, in conjunction with security weaknesses in widely used, homogeneous, COTS (commercial off-the-shelf) products, to penetrate deep within an organization's critical networks. Such an attack on SCADA (Supervisory Control And Data Acquisition) and Process Control networks could have devastating consequences. This paper describes an approach, Virtual Private Groups (VPGs), for creating and managing a virtual air-gap between these networks and the environments in which they may operate. After a brief description of the security issues that confront these networks, we describe our approach for addressing them. Many of the ideas presented here are the result of work done while implementing a version of VPGs directed towards critical infrastructure networks. In the process of doing that work we made a number of advances in managing policy for VPG and related mechanisms.

查看原文本刊更多论文

用于保护关键基础设施网络的虚拟专用组

在一个关键基础设施网络越来越不孤立、越来越容易从包括互联网在内的开放网络中访问的时代，这些关键网络曾经享有的气隙安全性已不复存在。恶意的个人可以利用这种网络连接，结合广泛使用的、同构的、COTS(商业现货)产品中的安全弱点，深入渗透到组织的关键网络中。这种对SCADA(监控和数据采集)和过程控制网络的攻击可能会造成毁灭性的后果。本文描述了一种方法，虚拟专用组(vpg)，用于创建和管理这些网络和它们可能运行的环境之间的虚拟气隙。在简要描述了这些网络所面临的安全问题之后，我们描述了解决这些问题的方法。这里提出的许多想法都是在实现针对关键基础设施网络的vpg版本时所做的工作的结果。在这个过程中，我们在VPG的政策管理和相关机制方面取得了一些进展。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2009 Cybersecurity Applications & Technology Conference for Homeland Security

自引率

0.00%

发文量