Zusammenfassung
„Security by Design“ ist der Begriff für die Verlagerung von Cybersecurity-Überlegungen von den Endnutzern eines Systems auf dessen Planer und Realisierer im Engineering. Um die Last auf den Schultern der Endnutzer zu verringern, müssen Security-Entscheidungen nicht nur während der Entwicklung getroffen werden, sondern auch in einer Weise, die für Dritte nachvollziehbar ist. Planer von industriellen Automatisierungssystemen (ICS) verfügen jedoch in der Regel weder über Security-Expertise noch über Zeit für das Security-Engineering. Die in dieser Arbeit vorgestellte Methode „Security by Design Decisions“ soll sie in die Lage versetzen, Security-Entscheidungen trotzdem selbstständig zu identifizieren, zu treffen und zu begründen. Kernelemente der Methode sind funktionsbasierte Diagramme sowie vordefinierte Bibliotheken mit typischen Funktionen und deren Security-Parametern. Die als Software-Demonstrator implementierte Methode wurde mit HIMA, einem deutschen Spezialisten für sicherheitsgerichtete Automatisierungslösungen, validiert. Die Ergebnisse zeigen, dass Planer mit ihrer Hilfe Security-Entscheidungen identifizieren, treffen und nachvollziehbar dokumentieren können, die sie sonst nicht (bewusst) getroffen hätten – schnell und mit wenig Security-Expertise. Die Methode ist auch gut geeignet, um weniger erfahrenen Personen Wissen über Security-Entscheidungen zugänglich zu machen. Zusammengefasst können mit der Methode „Security by Design Decisions“ mehr Personen in kürzerer Zeit zur „Security by Design“ eines ICS beitragen.
Abstract
“Security by design” is the term for shifting cybersecurity considerations from a system’s end users to its engineers. To reduce the security burden for end users, security decision need to be made during engineering, and in a way that is traceable for third parties. However, engineers of industrial control systems (ICS) typically neither have security expertise nor time for security engineering. The security by design decisions method presented in this work aims at enabling them to identify, make, and substantiate security decisions autonomously. Core features of the method are a set of function-based dia-grams as well as libraries of typical functions and their security parameters. The method, implemented as a software demonstrator, was validated with HIMA, a specialist for safety-related automation solutions, and results show that the method enables engineers to identify and make security decisions they may not have made (consciously) otherwise – fast and with little security expertise. The method is also well suited to make security decision-making knowledge available to less experienced engineers. This means that with the security by design decisions method, more people can contribute to an ICS’s security by design in less time.
Über die Autoren
Sarah Fluchs erhielt den B.Sc. in Maschinenbau und den M.Sc. in Automatisierungstechnik an der RWTH Aachen University. Sie ist CTO der admeritia GmbH und externe Doktorandin an der der Helmut-Schmidt-Universität/Universität der Bundeswehr Hamburg. Ihr Forschungsinteresse gilt dem Cybersecurity-Engineering für Automatisierungssysteme.
Emre Taştan, M.Sc., ist wissenschaftlicher Projektmitarbeiter am Institut für Smart Systems und Services an der Hochschule Pforzheim. Seine Forschung fokussiert sich auf die Modellierung von Ansätzen und Empfehlungen für Informationsmodelle mit besonderem Schwerpunkt auf Cybersecurity-Engineering.
Tobias Trumpf, als Ingenieur der Automatisierungstechnik bei der HIMA Paul Hildebrandt GmbH tätig, beschäftigt sich mit dem Thema OT-Security. Er sieht eine der Herausforderungen aktuell darin, den Betreiben die Wichtigkeit des Themas Security zu vermitteln. Denn, Keine Safety ohne Security!
Dr. Alexander Horch ist Vice President R&D der HIMA Group, eines führenden Herstellers für funktional sichere Automatisierungstechnik. PhD Process Control, Royal Institute of Technology, Stockholm, Schweden (2000) und Dipl.-Ing. Technische Kybernetik, Universität Stuttgart (1996).
Rainer Drath ist Professor für Mechatronische Systementwicklung an der Fakultät für Technik der Hochschule für angewandte Wissenschaften Pforzheim. Seine Forschungsschwerpunkte liegen in der Verbesserung des Engineering von Automatisierungssystemen unter Verwendung digitaler Informationsmodelle.
Alexander Fay ist Professor für Automatisierungstechnik und Leiter des Instituts für Automatisierungstechnik in der Fakultät für Maschinenbau der Helmut-Schmidt-Universität/Universität der Bundeswehr Hamburg. Sein Hauptinteresse gilt Beschreibungsmitteln, Methoden und Werkzeugen für ein effizientes Engineering komplexer Automatisierungssysteme.
Danksagung
Diese Forschung wird mit Mitteln des Bundesministeriums für Bildung und Forschung gefördert, Förderkennzeichen 16KIS1269K [35]. Der Software-Demonstrator für die Methodenvalidierung wurde von Marc Kassel, Martin Lang, Sabrina Schorer, Christof Neugebauer und Alexander Santel (admeritia) programmiert. Dietmar Marggraff, Tobias Halmans und Jonas Prämaßing (admeritia) waren an der Erstellung der Funktions- und Security-Parameter-Bibliotheken beteiligt. Alle Genannten haben die Validierung unterstützt.
-
Research ethics: Not applicable.
-
Author contributions: The author(s) have (has) accepted responsibility for the entire content of this manuscript and approved its submission.
-
Conflict of interests: Not applicable.
-
Research funding: This research was funded by Bundesministerium für Bildung und Forschung (German Federal Ministry of Education and Research), grant number 16KIS1269K.
-
Data availability: Not applicable.
Literatur
[1] J. Easterly and E. Goldstein, Stop Passing the Buck on Cybersecurity: Why Companies Must Build Safety into Tech Products, Foreign Affairs, 2023 [Online]. Available at: https://www.foreignaffairs.com/united-states/stop-passing-buck-cybersecurity.Search in Google Scholar
[2] European Commission, Proposal for a Regulation on Horizontal Cybersecurity Requirements for Products with Digital Elements (COM/2022/454): Cyber Resilience Act (CRA), 2022 [Online]. Available at: https://digital-strategy.ec.europa.eu/en/library/cyber-resilience-act [accessed: Mar. 29, 2023].Search in Google Scholar
[3] Biden-Harris Administration, National Cybersecurity Strategy, Washington, USA, 2023 [Online]. Available at: https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf.Search in Google Scholar
[4] CISA, FBI, NSA, et al.., Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security by Design and -Default, 2023 [Online]. Available at: https://www.cisa.gov/resources-tools/resources/secure-by-design-and-default [accessed: Apr. 25, 2023].Search in Google Scholar
[5] M. Hollender, Collaborative process Automation Systems, Research Triangle Park, NC, ISA, 2009.Search in Google Scholar
[6] Engineering and Execution of PCT Projects in Process Industry, NA35, NAMUR e. V., Leverkusen, Germany, 2019.Search in Google Scholar
[7] P. Kieseberg and E. Weippl, “Security challenges in cyber-physical production systems,” in Lecture Notes in Business Information Processing, Software Quality: Methods and Tools for Better Software and Systems, D. Winkler, S. Biffl, and J. Bergsmann, Eds., Cham, Springer International Publishing, 2018, pp. 3–16.10.1007/978-3-319-71440-0_1Search in Google Scholar
[8] M. Eckhart, A. Ekelhart, A. Luder, S. Biffl, and E. Weippl, “Security development lifecycle for cyber-physical production systems,” in IECON 2019 – 45th Annual Conference of the IEEE Industrial Electronics Society, Lisbon, Portugal, 2019, pp. 3004–3011.10.1109/IECON.2019.8927590Search in Google Scholar
[9] J. F. Ruiz, A. Maña, and C. Rudolph, “An integrated security and systems engineering process and modelling Framework,” Comput. J., vol. 58, no. 10, pp. 2328–2350, 2015. https://doi.org/10.1093/comjnl/bxu152.Search in Google Scholar
[10] S. Fluchs, R. Drath, and A. Fay, “A security decision base: how to prepare security by design decisions for industrial control systems,” in Proceedings of 17th EKA (Fachtagung “Entwurf Komplexer Automatisierungssysteme”), Germany, Magdeburg, 2022.Search in Google Scholar
[11] NIST, Framework for Improving Critical Infrastructure Security, Version 1.1, 2018 [Online]. Available at: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf [accessed: Mar. 29, 2023].Search in Google Scholar
[12] D. Peterson, Insecure by Design/Secure by Design [Online]. Available at: https://dale-peterson.com/2013/11/04/insecure-by-design-secure-by-design/ [accessed: May. 9, 2022].Search in Google Scholar
[13] Directive (EU) 2022/2555 on Measures for a High Common Level of Cybersecurity across the Union: NIS 2 Directive, 2022 [Online]. Available at: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32022L2555&qid=1680351576163 [accessed: Apr. 1, 2023].Search in Google Scholar
[14] Directive (EU) 2022/2557 on the Resilience of Critical Entities: RCE Directive, 2022 [Online]. Available at: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32022L2557&qid=1680351659300 [accessed: Apr. 1, 2023].Search in Google Scholar
[15] Presidential Policy Directive -- Critical Infrastructure Security and Resilience: PPD-21, 2013 [Online]. Available at: https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil [accessed: Apr. 1, 2023].Search in Google Scholar
[16] Y. Cherdantseva, P Burnap, A. Blyth, et al.., “A review of cyber security risk assessment methods for SCADA systems,” Comput. Secur., vol. 56, pp. 1–27, 2016. https://doi.org/10.1016/j.cose.2015.09.009.Search in Google Scholar
[17] L. Lemaire, J. Vossaert, B. de Decker, and V. Naessens, “An assessment of security analysis Tools for cyber-physical systems,” in Lecture Notes in Computer Science, Risk Assessment and Risk-Driven Quality Assurance, J. Großmann, M. Felderer, and F. Seehusen, Eds., Cham, Springer International Publishing, 2017, pp. 66–81.10.1007/978-3-319-57858-3_6Search in Google Scholar
[18] S. Fluchs and H. Rudolph, “Wie OT-Security-Engineering eine Ingenieurwissenschaft wird – ein Denkmodell und ein Datenmodell [Making OT Security Engineering an Engineering Discipline – a Thought Model and a Data Model] (in German),” atp Magazin, vol. 61, pp. 74–86, 2019. https://doi.org/10.17560/atp.v61i8.2410.Search in Google Scholar
[19] Object Management Group (OMG), Unified Modeling Language (UML) Specification v2.5.1, 2017 [Online]. Available at: https://www.omg.org/spec/UML/2.5.1/About-UML/.Search in Google Scholar
[20] Department of Information Engineering and Computer Science, University of Trento, The Tropos Methodology [Online]. Available at: http://www.troposproject.eu/node/93.Search in Google Scholar
[21] E. S. Yu, “Social modeling and i*,” in Conceptual Modeling: Foundations and Applications, A. T. Borgida, V. K. Chaudhri, P. Giorgini, and E. S. Yu, Eds., Berlin, Heidelberg: Springer Berlin Heidelberg, 2009, pp. 99–121 [Online]. Available at: http://link.springer.com/10.1007/978-3-642-02463-4_7 [accessed: Mar. 14, 2022].Search in Google Scholar
[22] A. Morkevicius, L. Bisikirskiene, and G. Bleakley, “Using a systems of systems modeling approach for developing Industrial Internet of Things applications,” in 2017 12th System of Systems Engineering Conference (SoSE), 2017, pp. 1–6. [Online]. Available at: http://ieeexplore.ieee.org/document/7994942/ [accessed: Mar. 20, 2022].10.1109/SYSOSE.2017.7994942Search in Google Scholar
[23] L. Lemaire, J. Lapon, B. de Decker, and V. Naessens, “A SysML extension for security analysis of industrial control systems,” in 2nd International Symposium for ICS & SCADA Cyber Security Research 2014, 2014 [Online]. Available at: http://ewic.bcs.org/content/ConWebDoc/53223 [accessed: Mar. 20, 2022].10.14236/ewic/ics-csr2014.1Search in Google Scholar
[24] S. Fluchs and H. Rudolph, Making OT security engineering deserve its name – a guide to security engineering for OT engineers Control Global, 2019 [Online]. Available at: https://www.controlglobal.com/network/industrial-networks/article/11299219/making-ot-security-engineering-deserve-its-name [accessed: Aug. 17, 2023].Search in Google Scholar
[25] S. Fluchs, “For security, think functions – not systems, fluchsfriction,” 2020 [Online]. Available at: https://fluchsfriction.medium.com/for-security-think-functions-not-systems-b0e08a9d89b6.Search in Google Scholar
[26] M. Glawe, C. Tebbe, A. Fay, and K.-H. Niemann, “Knowledge-based engineering of automation systems using ontologies and engineering data,” in Proceedings of the 7th International Joint Conference on Knowledge Discovery, Knowledge Engineering and Knowledge Management, 2015, pp. 291–300 [Online]. Available at: http://www.scitepress.org/DigitalLibrary/Link.aspx?doi=10.5220/0005614502910300 [accessed: Mar. 3, 2021].10.5220/0005614502910300Search in Google Scholar
[27] C. Tebbe, Durchgängiges Wissensmanagement von OT-Security-Wissen im Lebensweg von Produktionsanlagen, Hamburg, Helmut Schmidt Universität/Universität der Bundeswehr Hamburg, 2021.Search in Google Scholar
[28] M. Eckhart, A. Ekelhart, and E. R. Weippl, “Automated security risk identification using AutomationML-based engineering data,” IEEE Trans. Dependable Secure Comput., vol. 19, pp. 1–1672, 2020. https://doi.org/10.1109/TDSC.2020.3033150.Search in Google Scholar
[29] MITRE, ATT&CK for ICS [Online]. Available at: https://attack.mitre.org/matrices/ics/ [accessed: May. 29, 2022].Search in Google Scholar
[30] S. Fluchs, R. Drath, and A. Fay, “Evaluation of visual notations as a Basis for ICS security design decisions,” IEEE Access, vol. 11, pp. 9967–9994, 2023. https://doi.org/10.1109/ACCESS.2023.3238326.Search in Google Scholar
[31] A. A. Bochman and S. G. Freeman, Countering Cyber Sabotage. Introducing Consequence-Driven, Cyber-Informed Engineering (CCE), 2021st ed., CRC Press, Taylor & Francis Group, 2021.10.4324/9780367491161Search in Google Scholar
[32] S. Fluchs, E. Tastan, M Mertens, et al.., “Security by design decisions for automation systems. Part 2: concept for integrating security decisions into the engineering Workflow [in German],” atp Magazin, vol. 63, pp. 48–58, 2022. https://doi.org/10.17560/atp.v63i11-12.2643.Search in Google Scholar
[33] S. Fluchs, E. Tastan, M Mertens, et al.., “Security by design for automation systems. Part 1: explanation of terms and analysis of existing approaches [in German],” atp Magazin, vol. 63, pp. 54–61, 2022. https://doi.org/10.17560/atp.v63i9.2620.Search in Google Scholar
[34] S. Fluchs, E. Tasten, M. Mertens, A. Horch, R. Drath, and A. Fay, “Security by design integration mechanisms for industrial control systems,” in IECON 2022: 48th Annual Conference of the IEEE Industrial Electronics Society 2022, Brussels, Belgium, 2022.10.1109/IECON49645.2022.9968406Search in Google Scholar
[35] German Federal Ministry of Education and Research (BMBF), IDEAS – Integrierte Datenmodelle for the Engineering of Automation Security. Project overview (in German), 2021 [Online]. Available at: https://www.forschung-it-sicherheit-kommunikationssysteme.de/projekte/ideas.Search in Google Scholar
© 2023 Walter de Gruyter GmbH, Berlin/Boston
