+ All Categories
Home > Technology > Network Reliability Monitoring Using Statistical Modeling and Data Analysis to Measure the Health...

Network Reliability Monitoring Using Statistical Modeling and Data Analysis to Measure the Health...

Date post: 15-Feb-2017
Category:

Technology
Upload: jim-gilsinn
View: 293 times
Download: 0 times
Download Report this document
Share this document with a friend
15
71st Annual Instrumentation and Automation Symposium for the Process Industries Network Reliability Monitoring Using Statistical Modeling and Data Analysis to Measure the Health and Security of ICS Jim Gilsinn Kenexis
Transcript
Page 1: Network Reliability Monitoring Using Statistical Modeling and Data Analysis to Measure the Health and Security of ICS

71st Annual Instrumentation and Automation Symposium for the Process Industries

Network Reliability Monitoring Using Statistical Modeling and Data

Analysis to Measure the Health and Security of ICS

Jim GilsinnKenexis

Page 2: Network Reliability Monitoring Using Statistical Modeling and Data Analysis to Measure the Health and Security of ICS

71st Annual Instrumentation and Automation Symposium for the Process Industries

Jim Gilsinn• Senior Investigator, Kenexis Consulting

– ICS Network & Security Assessments & Designs

– Developer, Dulcet Analytics, Reliability Monitoring Tool

• International Society of Automation (ISA)– ISA99 Committee, Co-Chair (ISA/IEC 62443

Standard Series)– ISA99-WG2, Co-Chair (ICS Security Program)

Kenexis

Page 3: Network Reliability Monitoring Using Statistical Modeling and Data Analysis to Measure the Health and Security of ICS

71st Annual Instrumentation and Automation Symposium for the Process Industries

Overview• Introduction• Communications Method Affects Metrics• Network Security Monitoring• Communications in ICS/SCADA Networks• What Can Network Reliability Monitoring

Show?• When & How to Test• ICS/SCADA Performance Metrics• MITM Example• Summary

Page 4: Network Reliability Monitoring Using Statistical Modeling and Data Analysis to Measure the Health and Security of ICS

71st Annual Instrumentation and Automation Symposium for the Process Industries

Introduction• Determinism is one key req. for ICS/SCADA• Determinism can be affected by many factors:

– Individual device performance– Network performance– Intra- & inter-system interactions– Security settings

• Some factors can be planned for• Some factors need to be measured in place• Network measurements need to be tailored

for ICS/SCADA

Page 5: Network Reliability Monitoring Using Statistical Modeling and Data Analysis to Measure the Health and Security of ICS

71st Annual Instrumentation and Automation Symposium for the Process Industries

Comm. Method Affects Metrics

Master/Slave Publish/Subscribe Report by Exception

Page 6: Network Reliability Monitoring Using Statistical Modeling and Data Analysis to Measure the Health and Security of ICS

71st Annual Instrumentation and Automation Symposium for the Process Industries

What is NSM?• “the collection, analysis, and escalation of

indications and warnings to detect and respond to intrusions.”

• “a way to find intruders on your network and do something about them before they damage your enterprise.”

The Practice of Network Security Monitoring, Richard Bejtlich

Page 7: Network Reliability Monitoring Using Statistical Modeling and Data Analysis to Measure the Health and Security of ICS

71st Annual Instrumentation and Automation Symposium for the Process Industries

When NSM Won’t Work?• “…if you can’t observe the traffic that you

care about, NSM will not work well.”

• “Node-to-node activity, though, is largely unobserved at the network level.”

The Practice of Network Security Monitoring, Richard Bejtlich

Page 8: Network Reliability Monitoring Using Statistical Modeling and Data Analysis to Measure the Health and Security of ICS

71st Annual Instrumentation and Automation Symposium for the Process Industries

Example ICS/SCADA Network: Upper-Level Architecture

• Most Traffic Crosses Zone Boundaries

• Less ICS-Specific Protocols

• More Common Platforms

Page 9: Network Reliability Monitoring Using Statistical Modeling and Data Analysis to Measure the Health and Security of ICS

71st Annual Instrumentation and Automation Symposium for the Process Industries

Example ICS/SCADA Network: Lower-Level Architecture

• Most Traffic Remains Within Zone

• Mostly ICS-Specific Protocols

• ICS-Specific Platforms

Page 10: Network Reliability Monitoring Using Statistical Modeling and Data Analysis to Measure the Health and Security of ICS

71st Annual Instrumentation and Automation Symposium for the Process Industries

~1ms Mean Measured Packet Interval

±10µs Jitter*

Beat Patter @ ~30s

Total Test ~65s

So… What Can You See?

Expected Frequency *Jitter is Variation From Expected Frequency

Page 11: Network Reliability Monitoring Using Statistical Modeling and Data Analysis to Measure the Health and Security of ICS

71st Annual Instrumentation and Automation Symposium for the Process Industries

So… What Can You See?• OS & application operations

– Garbage collection– Antivirus checks & updates– On-screen operator commands

• Network anomalies– Network EMI interference– Signal degradation– Flaky connections

• Security-related incidents

Page 12: Network Reliability Monitoring Using Statistical Modeling and Data Analysis to Measure the Health and Security of ICS

71st Annual Instrumentation and Automation Symposium for the Process Industries

When & How To Test• Baseline Testing

– FAT, SAT, Commissioning– After major changes

• Periodic Testing vs. Real-Time Testing• Automated Testing & Analysis

Page 13: Network Reliability Monitoring Using Statistical Modeling and Data Analysis to Measure the Health and Security of ICS

71st Annual Instrumentation and Automation Symposium for the Process Industries

ICS/SCADA Performance Metrics• Easy

– Mean– Minimum– Maximum

• Medium– Standard Deviation

• More Complex and/or Compute Intensive– FFT– Convolution– Correlation

Page 14: Network Reliability Monitoring Using Statistical Modeling and Data Analysis to Measure the Health and Security of ICS

71st Annual Instrumentation and Automation Symposium for the Process Industries

MITM Example

Page 15: Network Reliability Monitoring Using Statistical Modeling and Data Analysis to Measure the Health and Security of ICS

71st Annual Instrumentation and Automation Symposium for the Process Industries

Summary• NSM is good

– If you are doing it great– If not, maybe you should

• NSM can’t detect everything, especially for ICS/SCADA networks

• There are ways to measure network reliability in the lower layers– ICS/SCADA networks are particularly well suited

to this– Relatively simple metrics are good enough to start

• Testing can show more than just security events


Recommended
Reliability Report -- 1999 · Commonwealth.2 The Commission also established reliability benchmarks and standards to measure the performance of each electric distribution company

Reliability Report -- 1999 · Commonwealth.2 The Commission also established reliability benchmarks and standards to measure the performance of each electric distribution company

Documents

The Reliability and Validity of a Measure of Self ... · evaluated the reliability and validity of a new self-report measure of Self-Understanding of Interpersonal Patterns (SUIP).

The Reliability and Validity of a Measure of Self ... · evaluated the reliability and validity of a new self-report measure of Self-Understanding of Interpersonal Patterns (SUIP).

Documents

TCS: A new multiple sequence alignment reliability measure ... · TCS: A new multiple sequence alignment reliability measure to estimate alignment accuracy and improve phylogenetic

TCS: A new multiple sequence alignment reliability measure ... · TCS: A new multiple sequence alignment reliability measure to estimate alignment accuracy and improve phylogenetic

Documents

Reliability Coordinator Participation Brief Reliability Subcommittee... · 2015-06-09 · • Data Availability – measure performance of data supply against requirements • Generator

Reliability Coordinator Participation Brief Reliability Subcommittee... · 2015-06-09 · • Data Availability – measure performance of data supply against requirements • Generator

Documents

Reliability and validity of a scale to measure prosocial ...

Reliability and validity of a scale to measure prosocial ...

Documents

A measure of subjective happiness: Preliminary …sonjalyubomirsky.com/wp-content/themes/sonjalyubomirsky/papers/LL... · A measure of subjective happiness: Preliminary reliability

A measure of subjective happiness: Preliminary …sonjalyubomirsky.com/wp-content/themes/sonjalyubomirsky/papers/LL... · A measure of subjective happiness: Preliminary reliability

Documents

Travel Time Reliability as a Performance Measure: Applying ...

Travel Time Reliability as a Performance Measure: Applying ...

Documents

Circuit Reliability Review - SCE · PDF fileInspecting and replacing overhead conductor and equipment to improve public safety ... measure our “system reliability” from this data.

Circuit Reliability Review - SCE · PDF fileInspecting and replacing overhead conductor and equipment to improve public safety ... measure our “system reliability” from this data.

Documents

A methodology for establishing a data reliability measure …€¦ ·  · 2010-04-10A methodology for establishing a data reliability measure for value of spatial ... (direct/indirect,

A methodology for establishing a data reliability measure …€¦ ·  · 2010-04-10A methodology for establishing a data reliability measure for value of spatial ... (direct/indirect,

Documents

Inter-disciplinary Reliability of an Instrument to Measure ...

Inter-disciplinary Reliability of an Instrument to Measure ...

Documents

CHAPTER 2 RELIABILITY DEFINITION OF TERMS AND …EIQ$& ‘ission reliability becomes difficult to define” In such cases 7 ‘t is preferable to use a reliability measure that is

CHAPTER 2 RELIABILITY DEFINITION OF TERMS AND …EIQ$& ‘ission reliability becomes difficult to define” In such cases 7 ‘t is preferable to use a reliability measure that is

Documents

How to measure reliability

How to measure reliability

Engineering

Reliability & Validity Reliability “dependability” is the indicator consistent? same result every time? Does not necessary measure what you think.

Reliability & Validity Reliability “dependability” is the indicator consistent? same result every time? Does not necessary measure what you think.

Documents

Factors That Measure the Reliability a Web Hosting Company

Factors That Measure the Reliability a Web Hosting Company

Business

Reliability and Validity - · PDF fileReliability Reliability refers to a test’s stability, consistency, and accuracy. When used to measure a stable construct, scores ... Reliability

Reliability and Validity - · PDF fileReliability Reliability refers to a test’s stability, consistency, and accuracy. When used to measure a stable construct, scores ... Reliability

Documents

New BAYESIAN AND ACCELERATED RELIABILITY ANALYSIS · 2018. 1. 4. · Reliability theory is a complex science, related directly to engineering, physics, chemistry and econ(»ics«

New BAYESIAN AND ACCELERATED RELIABILITY ANALYSIS · 2018. 1. 4. · Reliability theory is a complex science, related directly to engineering, physics, chemistry and econ(»ics«

Documents

High reliability of measure of diaphragmatic mobility by ... · High reliability of measure of diaphragmatic mobility by radiographic method in healthy individuals Rossana V. Saltiel

High reliability of measure of diaphragmatic mobility by ... · High reliability of measure of diaphragmatic mobility by radiographic method in healthy individuals Rossana V. Saltiel

Documents

LECTURE 6 RELIABILITY. Reliability is a proportion of variance measure (squared variable) Defined as the proportion of observed score (x) variance due.

LECTURE 6 RELIABILITY. Reliability is a proportion of variance measure (squared variable) Defined as the proportion of observed score (x) variance due.

Documents