根据 IEC 62443-3-3 评估 SDN 安全措施

IF 4.1 3区 工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS International Journal of Critical Infrastructure Protection Pub Date : 2024-08-30 DOI:10.1016/j.ijcip.2024.100716
Georgios Michail Makrakis , Dakota Roberson , Constantinos Kolias , Dallin Cook
{"title":"根据 IEC 62443-3-3 评估 SDN 安全措施","authors":"Georgios Michail Makrakis ,&nbsp;Dakota Roberson ,&nbsp;Constantinos Kolias ,&nbsp;Dallin Cook","doi":"10.1016/j.ijcip.2024.100716","DOIUrl":null,"url":null,"abstract":"<div><p>The security of assets within electrical substations is paramount to ensuring the reliable and resilient operation of the energy sector. However, implementing existing industry cybersecurity standards in these environments presents numerous technical challenges. In this work, we provide systematic guidance that emphasizes best practices and prioritizes requirement implementation. We examine the application of Software-Defined Networking (SDN) as a means to enhance security within the IEC 62443 family of standards. Specifically, we offer insights into how the security measures required for compliance with the IEC 62443 security standards can impact the stringent timing constraints of contemporary communication protocols, enabling advanced distribution system operations in the future. Utilizing a testbed modeled after a real-world electrical substation, we demonstrate that while SDN-based security features naturally introduce some additional latency, their operational impact on the network’s strict constraints is minimal.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"47 ","pages":"Article 100716"},"PeriodicalIF":4.1000,"publicationDate":"2024-08-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Evaluation of SDN security measures in the context of IEC 62443-3-3\",\"authors\":\"Georgios Michail Makrakis ,&nbsp;Dakota Roberson ,&nbsp;Constantinos Kolias ,&nbsp;Dallin Cook\",\"doi\":\"10.1016/j.ijcip.2024.100716\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>The security of assets within electrical substations is paramount to ensuring the reliable and resilient operation of the energy sector. However, implementing existing industry cybersecurity standards in these environments presents numerous technical challenges. In this work, we provide systematic guidance that emphasizes best practices and prioritizes requirement implementation. We examine the application of Software-Defined Networking (SDN) as a means to enhance security within the IEC 62443 family of standards. Specifically, we offer insights into how the security measures required for compliance with the IEC 62443 security standards can impact the stringent timing constraints of contemporary communication protocols, enabling advanced distribution system operations in the future. Utilizing a testbed modeled after a real-world electrical substation, we demonstrate that while SDN-based security features naturally introduce some additional latency, their operational impact on the network’s strict constraints is minimal.</p></div>\",\"PeriodicalId\":49057,\"journal\":{\"name\":\"International Journal of Critical Infrastructure Protection\",\"volume\":\"47 \",\"pages\":\"Article 100716\"},\"PeriodicalIF\":4.1000,\"publicationDate\":\"2024-08-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Critical Infrastructure Protection\",\"FirstCategoryId\":\"5\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S187454822400057X\",\"RegionNum\":3,\"RegionCategory\":\"工程技术\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Critical Infrastructure Protection","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S187454822400057X","RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

摘要

变电站内资产的安全对于确保能源行业的可靠和弹性运行至关重要。然而,在这些环境中实施现有的行业网络安全标准面临着诸多技术挑战。在这项工作中,我们提供了系统性指导,强调最佳实践并优先考虑要求的实施。我们研究了软件定义网络(SDN)的应用,将其作为增强 IEC 62443 系列标准安全性的一种手段。具体来说,我们深入探讨了符合 IEC 62443 安全标准所需的安全措施如何影响当代通信协议的严格时序约束,从而在未来实现先进的配电系统操作。利用仿照真实世界变电站的测试平台,我们证明了虽然基于 SDN 的安全功能自然会带来一些额外的延迟,但它们对网络严格限制的运行影响微乎其微。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Evaluation of SDN security measures in the context of IEC 62443-3-3

The security of assets within electrical substations is paramount to ensuring the reliable and resilient operation of the energy sector. However, implementing existing industry cybersecurity standards in these environments presents numerous technical challenges. In this work, we provide systematic guidance that emphasizes best practices and prioritizes requirement implementation. We examine the application of Software-Defined Networking (SDN) as a means to enhance security within the IEC 62443 family of standards. Specifically, we offer insights into how the security measures required for compliance with the IEC 62443 security standards can impact the stringent timing constraints of contemporary communication protocols, enabling advanced distribution system operations in the future. Utilizing a testbed modeled after a real-world electrical substation, we demonstrate that while SDN-based security features naturally introduce some additional latency, their operational impact on the network’s strict constraints is minimal.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
International Journal of Critical Infrastructure Protection
International Journal of Critical Infrastructure Protection COMPUTER SCIENCE, INFORMATION SYSTEMS-ENGINEERING, MULTIDISCIPLINARY
CiteScore
8.90
自引率
5.60%
发文量
46
审稿时长
>12 weeks
期刊介绍: The International Journal of Critical Infrastructure Protection (IJCIP) was launched in 2008, with the primary aim of publishing scholarly papers of the highest quality in all areas of critical infrastructure protection. Of particular interest are articles that weave science, technology, law and policy to craft sophisticated yet practical solutions for securing assets in the various critical infrastructure sectors. These critical infrastructure sectors include: information technology, telecommunications, energy, banking and finance, transportation systems, chemicals, critical manufacturing, agriculture and food, defense industrial base, public health and health care, national monuments and icons, drinking water and water treatment systems, commercial facilities, dams, emergency services, nuclear reactors, materials and waste, postal and shipping, and government facilities. Protecting and ensuring the continuity of operation of critical infrastructure assets are vital to national security, public health and safety, economic vitality, and societal wellbeing. The scope of the journal includes, but is not limited to: 1. Analysis of security challenges that are unique or common to the various infrastructure sectors. 2. Identification of core security principles and techniques that can be applied to critical infrastructure protection. 3. Elucidation of the dependencies and interdependencies existing between infrastructure sectors and techniques for mitigating the devastating effects of cascading failures. 4. Creation of sophisticated, yet practical, solutions, for critical infrastructure protection that involve mathematical, scientific and engineering techniques, economic and social science methods, and/or legal and public policy constructs.
期刊最新文献
FingerCI: Writing industrial process specifications from network traffic Space cybersecurity challenges, mitigation techniques, anticipated readiness, and future directions A tri-level optimization model for interdependent infrastructure network resilience against compound hazard events Digital Twin-assisted anomaly detection for industrial scenarios Impact of Internet and mobile communication on cyber resilience: A multivariate adaptive regression spline modeling approach
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1