An integrated framework for control system simulation and regulatory compliance monitoring

William Mahoney, Robin A. Gandhi

Research output: Contribution to journalArticlepeer-review

15 Scopus citations

Abstract

This paper presents SCADASiM, an integrated framework for control system simulation and near-real-time regulatory compliance monitoring with respect to cybersecurity. With numerous legacy control system installations already in place, current approaches for highly detailed simulations demand a significant modeling effort to be useful. Furthermore, the complexity and lack of technical uniformity in legacy SCADA systems often obscures their core operational semantics, making regulatory compliance monitoring only available to personnel with intimate knowledge about the system. To address these issues, the SCADASiM framework includes two parts. First, it allows rapid recreation of message-based interactions between cyber and physical entities. The resulting simulation is geared towards facilitating the development of strategic and near-real-time security related regulatory compliance monitoring capabilities for critical infrastructure owners. Second, it includes new language utilities for collecting and monitoring the system events necessary to demonstrate regulatory compliance in real-time. In an integrated framework, the simulation facilitates policy authoring using the new language utilities, which in turn allow the observance of policy violation with its operational impact using "what-if" scenarios about coordinated attacks on the infrastructure. The two parts of the framework are synchronized by a SCADA taxonomy described using semantic web representation standards. The abstract layers of our taxonomy map to regulatory requirements that mandate security controls in the critical infrastructure, while the lower layers map to actual system components and their events that characterize actual system behavior. Here we describe the design decisions and structure of the SCADASiM framework as well as its initial feasibility using an in-lab control system simulation that replicates a water supply system.

Original languageEnglish (US)
Pages (from-to)41-53
Number of pages13
JournalInternational Journal of Critical Infrastructure Protection
Volume4
Issue number1
DOIs
StatePublished - Apr 2011

Keywords

  • Compliance
  • Regulations
  • SCADA simulation

ASJC Scopus subject areas

  • Modeling and Simulation
  • Safety, Risk, Reliability and Quality
  • Computer Science Applications
  • Information Systems and Management

Fingerprint Dive into the research topics of 'An integrated framework for control system simulation and regulatory compliance monitoring'. Together they form a unique fingerprint.

Cite this