An integrated framework for control system simulation and regulatory compliance monitoring

摘要

This paper presents SCADASiM, an integrated framework for control system simulation and near-real-time regulatory compliance monitoring with respect to cybersecurity. With numerous legacy control system installations already in place, current approaches for highly detailed simulations demand a significant modeling effort to be useful. Furthermore, the complexity and lack of technical uniformity in legacy SCADA systems often obscures their core operational semantics, making regulatory compliance monitoring only available to personnel with intimate knowledge about the system. To address these issues, the SCADASiM framework includes two parts. First, it allows rapid recreation of message-based interactions between cyber and physical entities. The resulting simulation is geared towards facilitating the development of strategic and near-real-time security related regulatory compliance monitoring capabilities for critical infrastructure owners. Second, it includes new language utilities for collecting and monitoring the system events necessary to demonstrate regulatory compliance in real-time. In an integrated framework, the simulation facilitates policy authoring using the new language utilities, which in turn allow the observance of policy violation with its operational impact using "what-if" scenarios about coordinated attacks on the infrastructure. The two parts of the framework are synchronized by a SCADA taxonomy described using semantic web representation standards. The abstract layers of our taxonomy map to regulatory requirements that mandate security controls in the critical infrastructure, while the lower layers map to actual system components and their events that characterize actual system behavior. Here we describe the design decisions and structure of the SCADASiM framework as well as its initial feasibility using an in-1ab control system simulation that replicates a water supply system.