CISUC

On the Use of Ontology Data for Protecting Critical Infrastructures

Authors

Abstract

Modern societies increasingly depend on products and services provided by Critical Infrastructures (CI) in areas such as energy, telecommunications and transportation, which are considered vital for their wellbeing. These CIs usually rely on Industrial Automation and Control Systems (IACS), which are becoming larger and more complex due to the increasing amount of available heterogeneous data generated by a raising number of interconnected control and monitoring devices and involved processes.

The Security Information and Event Management (SIEM) systems in charge of protecting these CI usually collect and process data from specialized sources, such as intrusion detection systems, log sources, honeypots, network traffic analysers and process control software. However, they usually integrate only a small fraction of the whole data sources existing in the CI. Valuable generic data sources such as human resources databases, staff check clocks, outsourced service providers and accounting data usually fall outside the specialized perimeter of SIEM, despite their potential usefulness for achieving a truly holistic perspective on the CI cybersecurity awareness.

One of the main reasons for this state of affairs is the difficulty of integrating such data into the SIEM systems, since it is usually dispersed across multiple databases, using different schema and not originally intended for security-related applications. The process of collecting and adapting data from each of those sources would typically require a long and expensive process of conversion from each database. Moreover, since these databases may change over time (e.g. introduction of new Human Resources information systems), the system is difficult not only to setup but also to properly maintain over time.

In order to address this gap, in this paper we propose a framework for making this process easier by using a semantic web approach for automated collection and processing of corporate data from multiple heterogeneous sources. This way, it becomes possible to make this data available, at reasonable costs, in a format which is suitable for security management purposes – especially those related with audit compliance and forensic analysis.


Keywords

Critical Infrastructure Protection (CIP), Security Information and Event Management (SIEM), Industrial Automation and Control Systems (IACS), Semantic Web, Ontologies

Subject

Critical Infrastructure Security

Related Project

H2020 ATENA (Advanced Tools to assEss and mitigate the criticality of ICT compoNents and their dependencies over Critical InfrAstructures)

Conference

in Proc. of ECCWS 2018 - 17th European Conference on Cyber Warfare and Security (Publishers: ACPI, UK). ISBN: 978-1-911218-85-2, June 2018

PDF File


Cited by

No citations found