AbstractCommercial Off-The-Shelf (COTS) systems have become pervasive. The underlying technologies of these systems were developed before security was a priority. Using conventional approaches, it is not possible to mitigate these systems adequately for use in Critical Infrastructure (CI).
Some strategies have been considered for legacy sites. A novel approach to asset identification is considered. Restricting data flows is a solution for security issues in certain classes of applications and the data diode is an example of such an implementation. This has been demonstrated in a smart grid context using standardized phasor measurement data. To make this approach more scalable, an OpenFlow Software-Defined Network (SDN) may be used. Vulnerabilities in this approach are identified and the attack surface minimised. Configuration and change as a vector for vulnerability is mitigated by automating provisioning, based on IEC 61850 data models. This solution is then generalized for provisioning any NETCONF/YANG compatible network devices.
Finally, these ideas are combined in the concept of a software-defined node, where the core functionality of a processing device is separated from its data communications functionality. There is no access path between the core processor and the external network.
|Date of Award||Dec 2020|
|Supervisor||David Laverty (Supervisor) & D John Morrow (Supervisor)|
- Data Diode