More from Safecomp

Sept. 16, 2009

John Eidar Simensen of Institute for Energy Technology offered a methodology using Baysian Belief Networks for estimating the complexity of critical instrumentation and control systems. This is an ongoing project which may provide the first real metrics for complexity after years of trying.

John Eidar Simensen of Institute for Energy Technology offered a methodology using Baysian Belief Networks for estimating the complexity of critical instrumentation and control systems. This is an ongoing project which may provide the first real metrics for complexity after years of trying.

Johan Akerberg of ABB showed a potential hack of ProfiSAFE, noting that although ProfiSAFE has been rated for SIL 3, it was not intended to be safe from cyber attack. The hack is a potential vulnerability, and Akerberg said he did not know of any actual exploits against this vulnerability, but it is a fairly easy brute force accessible vulnerability. Therefore, he recommends the use of _security modules_  between the Profibus I/O and the ProfiSAFE network.

Geraldine Vache Of CNRS-LAAS discussed an environmental characterization and system modeling approach to the quantitive evaluation of security. She discussed the system environment, including vulnerabilities (2 categories: design/development and configuration/use), attackers and the system administrator... She discussed what she called the vulnerability life cycle: discovery, disclosure, patch disclosure. She described the modeling formalism she used in her study: SAN. She made two models corresponding to two scenarios of discovery, and she showed slides showing the states of the models. Then she discussed the validation scenario for her models. They did simulation using read data...the Slammer worm. The model was characterized using mean time to patch application when the system is in states: vulnerable, exploitable, compromised... She presented data on the impact of the vulnerability on the administrator's behavior.

Carlos Bilich and Zaijun Hu from ABB discussed the trials and tribulations of creating a Functional Safety Management structure for all business units and the establishment of a safety lifecycle model across a huge global enterprise, and actually getting it to the point that the business units believe in it and will use it. In two separate papers, first Bilich and then Hu, detailed the way they have designed the FSM structure and the safety lifecycle model for ABB.

In the final paper of the day, Michaela Huhn from TU Braunschweig discussed analyzing safety case arguments in a structured logical analysis method. She showed how to deconstruct a safety case to determine how effective the argument is.

Sponsored Recommendations

IEC 62443 4-1 Cyber Certification – Why ML 3 is So Important

The IEC 62443 Security for Industrial Automation and Control Systems - Part 4-1: Secure Product Development Lifecycle Requirements help increase resilience for control systems...

Multi-Server SCADA Maintenance Made Easy

See how the intuitive VTScada Services Page ensures your multi-server SCADA application remains operational and resilient, even when performing regular server maintenance.

Your Industrial Historical Database Should be Designed for SCADA

VTScada's Chief Software Architect discusses how VTScada's purpose-built SCADA historian has created a paradigm shift in industry expectations for industrial redundancy and performance...

Linux and SCADA – What You May Not Have Considered

There’s a lot to keep in mind when considering the Linux® Operating System for critical SCADA systems. See how the Linux security model compares to Windows® and Mac OS®.