Critical Infrastructure Protection: having SIEM technology cope with network heterogeneity

Abstract

Coordinated and targeted cyber-attacks to Critical Infrastructures (CIs) are becoming more and more frequent and sophisticated. This is due to: i) the recent technology shift towards Commercial Off-The-Shelf (COTS) products, and ii) new economical and socio-political motivations. In this paper, we discuss some of the most relevant security issues resulting from the adoption in CIs of heterogeneous network infrastructures (specifically combining wireless and IP trunks), and suggest techniques to detect, as well as to counter/mitigate attacks. We claim that techniques such as those we propose here should be integrated in future SIEM (Security Information and Event Management) solutions, and we discuss how we have done so in the EC-funded MASSIF project, with respect to a real-world CI scenario, specifically a distributed system for power grid monitoring.