Sebastian Obermeier

Collaboration in security assessments for critical infrastructures

Security assessments for IT systems in critical infrastructures involve many different stakeholders. Only the combination of their knowledge can produce a comprehensive view of the system structure and of the vulnerabilities and threats to the system. In order to enable all stakeholders to update the assessment information on a regular basis, the collaboration process needs methodological and technical support. We formalize this process with regard to the ESSAM assessment method and introduce a central knowledge base that facilitates the intra-organizational collaboration between development teams for different systems.

Security assessment methodology for industrial control system products

Industrial control systems (ICS) are at the heart of critical infrastructures and security is therefore important for such systems. In order to determine the security level of existing and planned systems, ICS products should be efficiently and comprehensively assessed. In this paper we present a methodology for assessing the security of a product or a system that can be used by security experts and non-experts alike. The methodology contains specific and concrete security recommendations (what), a rationale for each recommendation (why) as well as concrete implementation guidance (how). The methodology aims to help product teams to quickly and efficiently assess the security level of their products, prioritize resources on future development efforts, and generate security requirements for future products. We validate the approach by applying a concrete instantiation of the methodology to a fictitious ICS product.

Securing industrial automation and control systems using application whitelisting

Application whitelisting is a method for establishing security by restricting systems to only execute applications that are on a given list - the white list. One of the main questions when using such technology within industrial control systems is whether anti-virus software becomes obsolete, and whether security patches of the underlying system are still required. To answer these questions, we have evaluated several application whitelisting solutions and present the evaluation method and the condensed test results. In addition, we highlight the difficulties for end users to evaluate of the level of protection that is provided by such whitelisting software. As a conclusion, we have identified several benefits of application whitelisting software, but also argue why whitelisting alone is not the silver bullet, which - once deployed - does not need attention anymore.

Secure design of engineering software tools in Industrial Automation and Control Systems

Industrial Automation and Control Systems (IACS) used in critical infrastructure typically perform their tasks using embedded devices. While the security of the embedded devices during the operation of the system is naturally the focus of security considerations, the security of the engineering framework is often overlooked. In this paper, we model the trust boundaries of a typical engineering tool used in an IACS, identify security risks in this context, suggest mitigation techniques for end users, and finally propose an architecture that allows to implement secure engineering frameworks.