On the Use of Ontology Data for Protecting Critical Infrastructures
Authors
Abstract
Modern societies increasingly depend on products and services provided by Critical Infrastructures (CI) in areas such as energy, telecommunications and transportation, which are considered vital for their wellbeing. These CIs usually rely on Industrial Automation and Control Systems (IACS), which are becoming larger and more complex due to the increasing amount of available heterogeneous data generated by a raising number of interconnected control and monitoring devices and involved processes.The Security Information and Event Management (SIEM) systems in charge of protecting these CI usually collect and process data from specialized sources, such as intrusion detection systems, log sources, honeypots, network traffic analysers and process control software. However, they usually integrate only a small fraction of the whole data sources existing in the CI. Valuable generic data sources such as human resources databases, staff check clocks, outsourced service providers and accounting data usually fall outside the specialized perimeter of SIEM, despite their potential usefulness for achieving a truly holistic perspective on the CI cybersecurity awareness.
One of the main reasons for this state of affairs is the difficulty of integrating such data into the SIEM systems, since it is usually dispersed across multiple databases, using different schema and not originally intended for security-related applications. The process of collecting and adapting data from each of those sources would typical ly require a long and expensive process of conversion from each database. Moreover, since these databases may change over time (e.g. introduction of new Human Resources information systems), the system is difficult not only to setup but also to properly maintain over time.
In order to address this gap, in this paper is proposed a framework for making this process easier by using a semantic web approach for automated collection and processing of corporate data from multiple heterogeneous sources. This way, it becomes possible to make this data available, at reasonable costs, in a format which is suitable for security management purposes – especially those related with compliance audit and forensic analysis.