Teaching Industrial Control System Security Using Collaborative Projects
详细信息    查看全文
  • 关键词:ICS ; SCADA ; Ship ; board ICS ; Education ; Capstone project
  • 刊名:Lecture Notes in Computer Science
  • 出版年:2016
  • 出版时间:2016
  • 年:2016
  • 卷:9588
  • 期:1
  • 页码:16-30
  • 全文大小:161 KB
  • 参考文献:1.AlienVault OSSIM: The open source SIEM (2015). https://​www.​alienvault.​com/​products/​ossim
    2.Zabbix: the enterprise-class monitoring solution for everyone (2015). http://​www.​zabbix.​com/​
    3.Dark, M., Bishop, M., Linger, R.C., Goldrich, L.: Realism in teaching cybersecurity research: The agile research process. In: Bishop, M., Miloslavskaya, N., Theocharidou, M. (eds.) WISE 9. IFIP AICT, vol. 453, pp. 3–14. Springer, Heidelberg (2015)
    4.Department of Homeland Security (U.S.). Critical infrastructure and control systems security curriculum, March 2008
    5.Digital Bond, Inc.: Quickdraw SCADA IDS (2014). http://​www.​digitalbond.​com/​tools/​quickdraw/​
    6.Executive Order no. 13636. Improving Critical Infrastructure Cybersecurity, February 2013. http://​www.​gpo.​gov/​fdsys/​pkg/​FR-2013-02-19/​pdf/​2013-03915.​pdf
    7.Foo, E., Branagan, M., Morris, T.: A proposed australian industrial control system security curriculum. In: 2013 46th Hawaii International Conference on System Sciences (HICSS), pp. 1754–1762. IEEE (2013)
    8.Foreman, J.C., Graham, J.H., Hieb, J.L., Ragade, R.K.: A curriculum model for industrial control systems cyber-security with sample modules. Technical Report 2012–14, Center for Education and Research, Purdue University (2012)
    9.Francia III, G.A.: Critical infrastructure security curriculum modules. In: Proceedings of the 2011 Information Security Curriculum Development Conference (InfoSecCD 2011), pp. 54–58, Sept 2011
    10.Francia III, G.A., Beckhouche, N.: Portable SCADA security toolkits. Int. J. Inf. Netw. Secur. (IJINS) 1(4), 265–274 (2012)
    11.Francia III, G.A., Snellen, J.: Embedded and control systems security projects. Inf. Secur. Educ. J. 1(2), 77–84 (2014)
    12.Irvine, C.: A cyberoperations program. IEEE Secur. Priv. Mag. 11(5), 66–69 (2013)MathSciNet CrossRef
    13.Luallen, M.E., Labruyere, J.-P.: Developing a critical infrastructure and control systems cybersecurity curriculum. In: 46th Hawaii International Conference on System Sciences (HICSS), pp. 1782–1791. IEEE, January 2013
    14.McGrew, R.W., Vaughn, R.B.: Discovering vulnerabilities in control system human-machine interface software. J. Syst. Softw. 82(4), 583–589 (2009)CrossRef
    15.Mishra, S., Romanowski, C.J., Raj, R.K., Howles, T., Schneider, J.: A curricular framework for critical infrastructure protection education for engineering, technology and computing majors. In: 2013 IEEE Frontiers in Education Conference (FIE), pp. 1779–1781. IEEE, October 2013
    16.Morris, T., Srivastava, A., Reaves, B., Gao, W., Pavurapu, K., Reddi, R.: A control system testbed to validate critical infrastructure protection concepts. Int. J. Crit. Infrastruct. Prot. 4(2), 88–103 (2011)CrossRef
    17.Mulder, J., Schwartz, M., Berg, M., Van Houten, J.R., Mario, J.: WeaselBoard: zero-day exploit detection for programmable logic controllers. Technical report SAND2013-8274, October 2013
    18.National Institute of Standards and Technology (U.S.): Framework for improving critical infrastructure cybersecurity, February 2014
    19.National Security Agency (U.S.): Academic Requirements for Designation as a Center of Academic Excellence in Cyber Operations (2014). https://​www.​nsa.​gov/​academia/​nat_​cae_​cyber_​ops/​nat_​cae_​co_​requirements.​shtml
    20.The Snort Project. SNORT users manual (2014). http://​manual.​snort.​org/​snort_​manual.​htm
    21.Tofino Security Inc.: Tofino SCADA security simulator (TSSS) user’s guide, January 2013
    22.Vaughn, R.B., Morris, T., Sitnikova, E.: Development & expansion of an industrial control system security laboratory, an international research collaboration. In: CSIIRW 2013: Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop. ACM, January 2013
    23.Weis, B., Gross, G., Ignjatic, D.: Multicast extensions to the security architecture for the internet protocol. RFC 5374, November 2008
    24.Wightman, R.: S4x12: Project basecamp (2012). http://​vimeopro.​com/​s42012/​s4-2012/​video/​35783988
  • 作者单位:Thuy D. Nguyen (18)
    Mark A. Gondree (18)

    18. Department of Computer Science, Naval Postgraduate School, Monterey, CA, 93943, USA
  • 丛书名:Security of Industrial Control Systems and Cyber Physical Systems
  • ISBN:978-3-319-40385-4
  • 刊物类别:Computer Science
  • 刊物主题:Artificial Intelligence and Robotics
    Computer Communication Networks
    Software Engineering
    Data Encryption
    Database Management
    Computation by Abstract Devices
    Algorithm Analysis and Problem Complexity
  • 出版者:Springer Berlin / Heidelberg
  • ISSN:1611-3349
  • 卷排序:9588
文摘
In this work, we discuss lessons learned over the past three years while supporting a graduate capstone course centered on research projects in industrial control system (ICS) security. Our course considers real-world problems in shipboard ICS posed by external stakeholders: a system-owner and related subject matter experts. We describe the course objectives, format, expectations and outcomes. While our experiences are generally positive, we remark on opportunities for curricula improvement relevant to those considering incorporating realistic ICS topics into their classroom, or those working with an external SME.

© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号

地址:北京市海淀区学院路29号 邮编:100083

电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700