Method for Policy Scheme Identification from SCADA Component Metamodel
On Designing Automatic Reaction Strategy for Critical Infrastructure SCADA System
Christophe Feltus and Djamel Khadraoui Service Science & Innovation, Public Recherche Centre Henri Tudor, 29, avenue J.F. Kennedy L-1855 Luxembourg, LUXEMBOURG
Background
The huge amount of information managed by Critical Infrastructure (CI) argues for the support of SCADA systems which behave as very complex and sophisticated tools. These latter support CI operators in monitoring and governing the system security by elaborating the operational policies amongst the architecture components. In [1] and [2] we have exploited enterprise architecture management tool to construct an integrated SCADA metamodel dedicated to these components artefacts and structured according to (1) three layers of abstraction, namely: Organization, Application, and Technical layer and (2) two semantically consistent types of policies: the Permissive Policy and the Cognitive Policy. The results of the SCADA modelling and policy engineering approach constitute, as illustrated through the CockpitCI project case study, a global analytical tool for the SCADA operators which may rely on a rational and unified component security based architecture to continuously monitor and manipulate the policy attributes acknowledging their impact on the whole CI system. In this poster, we illustrate how the metamodel for SCADA components is used together with the method for policy scheme identification to support automatic reaction strategy.
Conclusions - Automatic Reaction Strategy in 3 functions
References
[1] Jonathan Blangenois, Guy Guemkam, Christophe Feltus, Djamel Khadraoui, Organizational Security Architecture for Critical Infrastructure, 8 th FARES 2013 IEEE, Germany. [2] Djamel Khadraoui, Christophe Feltus, Critical Infrastructures Governance - Exploring SCADA Cybernetics through Architectured Policy Semantic, IEEE SMC 2013, United Kingdom. [3] Lankhorst, M. ArchiMate language primer, 2004.
Acknowledgment
The research is funded by the CockpitCI project within the 7th framework Programme of the European Union (topic SEC-2011.2.5-1 Cyber-attacks against critical infrastructures).
Approach
Automatic Reaction Strategy Architecture
Practionners of the critical infrastructures call for an integrated approach for the architecture components management. However, up to date, the automatic reaction strategy has been perceived and addressed as an isolated system. Its integration with the reaction CI components such as antivirus, firewall, IDS, RTU, correlation engine and so forth has remained lacunar mainly due to the lack of a common available representation language. The SCADA component metamodel, supported by the method for policy scheme identification, allows facing this intgeration by considering the ARS as an integral part of the SCADA architecture. Amongst the main artefacts swhich construct the ARS architecture, we denote: At the ogranizational layer The Main CI Investigator which acts as the guarantor of the component RPo and RPa deployment based on the Expected Automatization Levels whichi is a specialization of a business object [3] The Organizational Automatic Reaction Strategy, defines by the rule, is, hence, modelled by means of a business function. At the application layer The Application Automatic Reaction Strategy, also defined by the rule, is modelled by means of an application function. The Application ARS is associated with the Detection/correlation collaboration which facilitates the information exchanges between the CI application modules and realizes the application policy deployement to the CI component application artefacts. The Application ARS is also guarantee by the Main CI Investigator.
The Automatic Reaction Strategy is function of the following specialization and realization Objects:
SCADA component metamodel [1] Cognitive and Permissive Policies design [2] Automatic Reaction Design Policy Reaction Engine Policy scheme identification steps: I. Identification of the structure of the CI architecture in terms of unitary modules (components) including their 3 abstraction layers build upon the SCADA metamodel (i.e., organization, application and technical) II. Identification of the external parameters of the CI such as potential threat probes and indicators that may impact the CI normal functioning (flood, hijacking, ), the physical environment, the contractual SLA (service level agreement) III. A. Identification of the Cognitive Policies artefact of a CI component which needs information from succeeding artefacts (see [2]) III. B. Identification of the Permissive Policies artefact of a CI component which needs permission upon the succeeding lower layer artefacts (see [2])
Policy scheme formalisation steps: I. Depict artefacts Master-Slave communication couple (organization-organization, organization-technical, technical-technical) II. Identification of cognitive behaviour and permissive behaviour based on the automatic reaction strategy III- 1. If Cognitive policy, alignment of the reaction strategy with the inter-artefacts knowledge requirement, external probes and monitoring tools. III- 2. If Permissive policy, alignment of the reaction strategy with the requirement of access to artefacts
CI monitoring Policy scheme Identification Formalization steps
The reaction strategy (ARS) is defined by the rules (r 1n ) uses by the Main CI Investigator to choose between the available reaction policy (RP 1m ) option in accordance with the critical infrastructure Expected Automatization Levels (EAL) and considering the RP at the Organization (o) and/or at the Application (a) level. CONCEPT Organizational ARS CONCEPT Application ARS
Metamodel for SCADA component: Allows modeling each component of a SCADA architecture following a unique modeling architecture in three abstraction layers Enhancement of the ArchiMate modeling language with the Policy concept as a specialization of an organizational/application service. Case study related to the modeling of the CockpitCI SCADA architecture Definition of a Policy scheme Identification Method Based on the Component Metamodel Policy scheme identification / formalization / Iteration engine Applicable to Cognitive vs. Permissive policies, inter- an intra- components artefacts Automatic Reaction Strategy Architecture Definition of the Automatic Reaction Strategy / elaboration of the related model as a specialization of the SCADA component metamodel Case study related to the modeling of the CockpitCI SCADA architecture (i) CI SCADA Component model (ii) CI SCADA Policy scheme (iii) Automatic Reaction Strategy Components Policies Potential threats CockpitCI SCADA Architecture
CGIT 2008 - Definition and Validation of A Business IT Alignment Method For Enterprise Governance Improvement in The Context of Processes Based Organizations - Wellington