• Skip to main content
  • Skip to after header navigation
  • Skip to site footer
ERN: Emerging Researchers National Conference in STEM

ERN: Emerging Researchers National Conference in STEM

  • About
    • About AAAS
    • About the NSF
    • About the Conference
    • Partners/Supporters
    • Project Team
  • Conference
  • Abstracts
    • Undergraduate Abstract Locator
    • Graduate Abstract Locator
    • Abstract Submission Process
    • Presentation Schedules
    • Abstract Submission Guidelines
    • Presentation Guidelines
  • Travel Awards
  • Resources
    • Award Winners
    • Code of Conduct-AAAS Meetings
    • Code of Conduct-ERN Conference
    • Conference Agenda
    • Conference Materials
    • Conference Program Books
    • ERN Photo Galleries
    • Events | Opportunities
    • Exhibitor Info
    • HBCU-UP/CREST PI/PD Meeting
    • In the News
    • NSF Harassment Policy
    • Plenary Session Videos
    • Professional Development
    • Science Careers Handbook
    • Additional Resources
    • Archives
  • Engage
    • Webinars
    • ERN 10-Year Anniversary Videos
    • Plenary Session Videos
  • Contact Us
  • Login

Industrial Control System Security

Undergraduate #41
Discipline: Computer Sciences and Information Management
Subcategory: Computer Science & Information Systems

Tarrell Fletcher - Bowie State University
Co-Author(s): Haydar Teymourlouei and Guy Alain Amoussou, Bowie State University, Bowie, MD



Methodology: Before approaching the infrastructure to implement a security solution, we believe you must understand the network architecture and the vulnerabilities of the systems themselves. Now security can never be absolute unless you unplug all devices from the network, but with enough observations and configuration, attacks can be mitigated greatly. After researching these topics, we have then defined a set of functional requirements that the system we are creating will be able to do. System: Sanitation Box – The name of our solution is ‘Sanitation Box’, because it will be acting as a proxy which will be placed between a Human Machine Interface and control system device in order to provide authentication of commands as well as network monitoring. The system will be running CentOS, a version of Linux commonly used in Enterprise networks because of security.
FR.1: Control Connections – Controlling connections is the first step our box must perform to be sure an authentic network device is communicating with the critical infrastructure network. Because a Linux system can also be used a firewall, it is best to leverage the power of IP Tables in order to control connections. IP tables is a rule based firewall system and is normally preinstalled on a Unix operating system which is controlling the incoming and outgoing packets. By default, the IP tables is running without any rules, we can create, add, edit rules into it [17]. Mac address filtering and IP source address filter rules should be implemented for more granular control over connections.
FR.2: Start Program – The second step is to grab the incoming communication from the validated communication to initiate the script to control the process. Linux has a built in process called inetd, but we will be installing the more secure version which is xinetd. The xinetd daemon conserves system resources, provides access control and logging, and can be used to start special-purpose servers. xinetd can also be used to grant or deny access to particular hosts, provide service access at specific times, limit the rate of incoming connections, limit the load created by connections, and more. Xinetd runs constantly and listens on all ports for the services it manages. When a connection request arrives for one of its managed services, xinetd starts up the appropriate server for that service [18]. By creating a new entry in the configuration files for the xinetd service we can send all input destined for port 502 (MODBUS application protocol), to a new port to have the data sanitized before being sent out.

Funder Acknowledgement(s): I would like to thank the Bowie State University Education Innovation Initiative - EI2 and Summer Undergraduate Research Institute - SURI program for giving me the opportunity to partake in this research project. Also appreciation for my mentors Guy Alain Amoussou and Haydar Teymourlouei.

Faculty Advisor: Haydar Teymourlouei, Guy Alain-Amoussou, hteymourlouei@bowiestate.edu

Role: Understanding and explaining the common vulnerabilities with industrial control systems. As well as creating the list of functional requirements that leads to the development of a solution.

Sidebar

Abstract Locators

  • Undergraduate Abstract Locator
  • Graduate Abstract Locator

This material is based upon work supported by the National Science Foundation (NSF) under Grant No. DUE-1930047. Any opinions, findings, interpretations, conclusions or recommendations expressed in this material are those of its authors and do not represent the views of the AAAS Board of Directors, the Council of AAAS, AAAS’ membership or the National Science Foundation.

AAAS

1200 New York Ave, NW
Washington,DC 20005
202-326-6400
Contact Us
About Us

  • LinkedIn
  • Facebook
  • Instagram
  • Twitter
  • YouTube

The World’s Largest General Scientific Society

Useful Links

  • Membership
  • Careers at AAAS
  • Privacy Policy
  • Terms of Use

Focus Areas

  • Science Education
  • Science Diplomacy
  • Public Engagement
  • Careers in STEM

Focus Areas

  • Shaping Science Policy
  • Advocacy for Evidence
  • R&D Budget Analysis
  • Human Rights, Ethics & Law

© 2023 American Association for the Advancement of Science