Startseite // SnT // Research // SerVal // Projects // Risk Monitoring with Intrusion Detection for Industrial Control Systems

Risk Monitoring with Intrusion Detection for Industrial Control Systems

Project title: Risk Monitoring with Intrusion Detection for Industrial Control Systems
Principal investigatorProf. Yves Le Traon
Vice principal investigator: Prof. Jean-Marie Bonnin
Partners: itrust consulting, Institut Mines-Télécom Bretagne
Funding: FNR AFR-PPP
Research team: Steve Muller
Starting date and Duration: September 2015, 3 years
Contact persons: Steve Muller

This thesis aims to make the link between the low-level and technical view of intrusion detection with the high-level view of risk management. Indeed, if attacks are launched or faults occur in a complex system like Industrial Control Systems, the technical responsible generally knows how to deal with the issue. However, the incidents are too technical for top management to understand them in terms of incident management or business continuity. The goal is thus to translate technical security events to standard terms of risk. For instance, a manager is interested in the impacts and cascading effects that those events have.

To achieve this, the thesis proceeds in three steps: first, a proper risk model needs to be established, which can answer to all of the questions a manager would typically ask. Second, on the technical level, a threat model has to be developed in order to understand what are the risks to be faced – this model will be validated in an intrusion detection system that is to be developed. Third, a mapping needs to be defined which translates raw security alerts to the right risk magnitudes.

Finally, the whole model is validated in a real-world Industrial Control System, which will be the Smart Grid Luxembourg and possibly another use-case (still to be defined).