Asset Management Method of Industrial IoT Systems for Cyber-Security Countermeasures
Abstract
:1. Introduction
- (a)
- Real-time performance
- (b)
- Frugal resource usage
- (c)
- High reliability and high availability
2. Related Research
3. Model and Data Structure of IIoT Systems
3.1. Modeling of IIoT Systems
3.2. Specification of Asset Configuration Management Data Structure
4. Asset Configuration Management Method for IIoT Systems
4.1. Selection of Asset Configuration Management Information to Be Collected
- (d)
- Individual identification information: manufacturer’s information, serial number, type of device, etc.
- (e)
- Network connection information: type of network protocol used, communication port, address setting, etc.
- (f)
- Software configuration information: version information of installed software, patched status, etc.
- (g)
- Information on security settings: execution and access privileges of software installed on the device, system password information, etc.
- (1)
- Software version information
- (2)
- System password information
4.2. Setting Performance Targets for Asset Configuration Management Agents
- (1)
- CPU load factor
- (2)
- Memory occupancy
4.3. Automating Asset Configuration Management
5. Prototyping and Evaluation of an Asset Configuration Management Agent
5.1. Implementation Method
- (3)
- Software version information collection function
- (a)
- Package management system (RPM for RedHat Linux, dpkg for Debian Linux, etc.)
- (b)
- Binary library management software (pkg-config, etc.)
- (c)
- Running software with a command line option to display version information (--version, -v, -V)
- (4)
- System password information checking function
5.2. Performance Evaluation
- (1)
- CPU load factor
- (2)
- Memory occupancy
5.3. Discussion of Evaluation Results
6. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
References
- Information and Communications in Japan White Paper. 2020. Available online: https://www.soumu.go.jp/johotsusintokei/whitepaper/eng/WP2020/2020-index.html (accessed on 30 August 2021).
- Kolias, H.C.; Kambourakis, G.; Stavrou, A.; Voas, J. DDoS in the IoT: Mirai and other botnets. IEEE Comput. 2017, 50, 80–84. [Google Scholar] [CrossRef]
- Kanamaru, H. Kaizen of Measures for Cyber Security of Control Systems. SICE J. Control Meas. Syst. Integr. 2019, 58, 923–926. [Google Scholar] [CrossRef]
- Tuptuk, N.; Hailes, S. Security of smart manufacturing systems. J. Manuf. Syst. 2018, 47, 93–106. [Google Scholar] [CrossRef]
- Piggin, R.S.H. Development of industrial cyber security standards: IEC 62443 for SCADA and Industrial Control System security. In Proceedings of the IET Conference on Control and Automation 2013: Uniting Problems and Solutions, Birmingham, UK, 4–5 June 2013; pp. 1–6. [Google Scholar] [CrossRef]
- Water and Wastewater Systems Cybersecurity 2021 State of the Sector. Available online: https://www.waterisac.org/system/files/articles/FINAL_2021_WaterSectorCoordinatingCouncil_Cybersecurity_State_of_the_Industry-17-JUN-2021.pdf (accessed on 30 August 2021).
- Bartoli, A.; Dohler, M.; Kountouris, A.; Barthel, D. Advanced security taxonomy for machine-to-machine (M2M) communications in 5G capillary networks. Mach. Mach. (M2M) Commun. 2015, 207–226. [Google Scholar] [CrossRef]
- Dhirani, L.L.; Armstrong, E.; Newe, T. Industrial IoT, Cyber Threats, and Standards Landscape: Evaluation and Roadmap. Sensors 2021, 21, 3901. [Google Scholar] [CrossRef] [PubMed]
- Patwary, A.A.-N.; Naha, R.K.; Garg, S.; Battula, S.K.; Patwary, M.A.K.; Aghasian, E.; Amin, M.B.; Mahanti, A.; Gong, M. Towards Secure Fog Computing: A Survey on Trust Management, Privacy, Authentication, Threats and Access Control. Electronics 2021, 10, 1171. [Google Scholar] [CrossRef]
- Patwary, A.A.-N.; Fu, A.; Battula, S.K.; Naha, R.K.; Garg, S.; Mahanti, A. FogAuthChain: A secure location-based authentication scheme in fog computing environments using Blockchain. Comput. Commun. 2020, 162, 212–224. [Google Scholar] [CrossRef]
- Chegini, H.; Naha, R.K.; Mahanti, A.; Thulasiraman, P. Process Automation in an IoT–Fog–Cloud Ecosystem: A Survey and Taxonomy. IoT 2021, 2, 92–118. [Google Scholar] [CrossRef]
- Chegini, H.; Mahanti, A. A Framework of Automation on Context-Aware Internet of Things (IoT) Systems. In Proceedings of the 12th IEEE/ACM International Conference on Utility and Cloud Computing Companion, Auckland, New Zealand, 2–5 December 2019; pp. 157–162. [Google Scholar] [CrossRef] [Green Version]
- Seo, J.; Gong, M.; Naha, R.K.; Mahanti, A. A Realistic and Efficient Real-time Plant Environment Simulator. In Proceedings of the 2020 International Symposium on Networks, Computers and Communications (ISNCC), Montreal, QC, Canada, 20–22 October 2020. [Google Scholar] [CrossRef]
- Asset Management Guidelines for Control Systems. Available online: https://www.ipa.go.jp/index-e.html (accessed on 30 August 2021).
- Kawanishi, Y.; Nishihara, H.; Souma, D.; Yoshida, H.; Hata, Y. A study on quantification of risk assessment in security design for industrial control systems. In SCIS (Symposium on Cryptography and Information Security); IEICE (the Institute of Electronics, Information and Communication Engineers): Niigata, Japan, 2018. [Google Scholar]
- Ito, A.; Takeuchi, T.; Schulz, G.; Sakaino, A.; Watanabe, H. Operation technology cyber security insight related to FDT technology. In Proceedings of the SICE Annual Conference 2019, Hiroshima, Japan, 10–13 September 2019; pp. 1753–1757. [Google Scholar]
- Hosseini, A.M.; Sauter, T.; Kastner, W. Towards adding safety and security properties to the Industry 4.0 Asset Administration Shell. In Proceedings of the 17th IEEE International Conference on Factory Communication Systems (WFCS), Linz, Austria, 9–11 June 2021; pp. 41–44. [Google Scholar]
- ANSI/ISA-95.00.01-2010 Enterprise-Control System Integration—Part 1: Models and Terminology. Available online: https://www.isa.org/products/ansi-isa-95-00-01-2010-iec-62264-1-mod-enterprise (accessed on 30 August 2021).
- Leander, B.; Čauševic´, A.; Hansson, H. Applicability of the IEC 62443 standard in Industry 4.0/IIoT. In Proceedings of the 14th International Conference on Availability, Reliability and Security, Canterbury, UK, 26–29 August 2019. [Google Scholar] [CrossRef]
- Hassani, H.L.; Bahnasse, A.; Martin, E.; Roland, C.; Bouattanec, O.; Diouri, M.E.M. Vulnerability and security risk assessment in a IIoT environment in compliance with standard IEC 62443. Procedia Comput. Sci. 2021, 191, 33–40. [Google Scholar] [CrossRef]
- Dolezilek, D.; Gammel, D.; Fernandes, W. Cybersecurity based on IEC 62351 and IEC 62443 for IEC 61850 system. In Proceedings of the 15th International Conference on Developments in Power System Protection (DPSP 2020), Liverpool, UK, 9–12 March 2020. [Google Scholar] [CrossRef]
- OMG Systems Modeling Language Version 1.6. Available online: https://www.omg.org/spec/SysML/1.6/ (accessed on 30 August 2021).
- IEC61784-1:2019 Industrial Communication Networks—Profiles Part 1: Fieldbus Profiles. Available online: https://webstore.iec.ch/publication/59887 (accessed on 30 August 2021).
- IEC61158-1:2019 Industrial Communication Networks—Fieldbus Specifications—Part 1: Overview and Guidance for the IEC 61158 and IEC 61784 Series. Available online: https://webstore.iec.ch/publication/59890 (accessed on 30 August 2021).
- Common Platform Enumeration: Naming Specification Version 2.3. Available online: https://www.nist.gov/publications/common-platform-enumeration-naming-specification-version-23 (accessed on 30 August 2021).
- The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3. Available online: https://csrc.nist.gov/projects/security-content-automation-protocol/scap-releases/scap-1-3 (accessed on 30 August 2021).
- Matsumoto, N.; Saito, N.; Yamada, T.; Takemoto, S.; Kamiwaki, T. A security-management scheme for assets with SCAP for IACS. In Proceedings of the SICE Annual Conference 2014, Sapporo, Japan, 9–12 September 2014; pp. 833–836. [Google Scholar]
- Watanabe, S. Current status and issues of cyber security in building automation system. SICE J. Control Meas. Syst. Integr. 2019, 58, 927–931. [Google Scholar] [CrossRef]
- Liu, C.L.; Layland, J.W. Scheduling algorithms for multiprogramming in a hard-real-time environment. J. ACM (JACM) 1973, 20, 46–61. [Google Scholar] [CrossRef]
- Yi, M.; Mueller, H.; Yu, L.; Chuan, J. Benchmarking cloud-based SCADA system. In Proceedings of the IEEE 9th International Conference on Cloud Computing Technology and Science, Hong Kong, China, 11–14 December 2017. [Google Scholar]
- Node-RED: Flow-Based Programming for the Internet of Things. Available online: https://nodered.org/ (accessed on 30 August 2021).
- IEC62443-4-2:2019 Security for Industrial Automation and Control Systems—Part 4-2: Technical Security Requirements for IACS Components. Available online: https://webstore.iec.ch/publication/34421 (accessed on 30 August 2021).
Classification of IIoT Device | Information for Device Management | |||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Information Based on SCAP CPE | Extended Information | |||||||||||||||||||||||
SCAP Information | SCAP Info. (Extended for IIoT) | Device Information | Network Information | |||||||||||||||||||||
Part | Vendor | Product | Version | Update | Edition | Software Edition | Target Software | Target Hardware | Language | Device Class1 | Device Class2 | Device Class3 | Target Network | ID/Product Number | Location | Extend Information | Time Stamp | Network Type | Physical Address | Network Address | Neighbor Device 1 | … | Neighbor Device N | |
Client | ○ | ○ | ○ | ○ | ○ | - | ○ | - | - | ○ | ○ | ○ | △ | ○ | ○ | ○ | - | ○ | △ | ○ | ○ | - | - | - |
Mobile | ○ | ○ | ○ | ○ | ○ | - | ○ | - | - | ○ | ○ | △ | △ | ○ | ○ | ○ | - | ○ | △ | ○ | ○ | - | - | - |
Server | ○ | ○ | ○ | ○ | ○ | - | ○ | - | - | ○ | ○ | △ | △ | ○ | ○ | ○ | - | ○ | △ | ○ | ○ | - | - | - |
Network | ○ | ○ | ○ | ○ | ○ | - | ○ | - | - | - | ○ | ○ | △ | ○ | ○ | ○ | - | ○ | △ | ○ | ○ | △ | △ | △ |
IoT device | ○ | ○ | ○ | ○ | ○ | - | ○ | △ | △ | - | ○ | ○ | △ | ○ | ○ | ○ | - | ○ | △ | ○ | ○ | △ | △ | △ |
Controller | ○ | ○ | ○ | ○ | ○ | - | - | ○ | ○ | ○ | ○ | △ | △ | ○ | ○ | ○ | - | ○ | △ | ○ | ○ | △ | △ | △ |
HMI | ○ | ○ | ○ | ○ | ○ | - | - | - | △ | - | ○ | △ | △ | ○ | ○ | △ | - | △ | △ | △ | △ | △ | △ | △ |
Sensor | ○ | ○ | ○ | ○ | - | - | - | - | △ | - | ○ | △ | △ | ○ | ○ | △ | - | - | △ | △ | △ | △ | △ | △ |
Switch | ○ | ○ | ○ | ○ | - | - | - | - | △ | - | ○ | △ | △ | ○ | ○ | △ | - | - | △ | △ | △ | △ | △ | △ |
Actuator | ○ | ○ | ○ | ○ | ○ | - | - | - | △ | - | ○ | △ | △ | ○ | ○ | △ | - | △ | △ | △ | △ | △ | △ | △ |
Power | ○ | ○ | ○ | ○ | - | - | - | - | △ | - | ○ | △ | △ | ○ | ○ | △ | - | - | △ | △ | △ | △ | △ | △ |
I/O device | ○ | ○ | ○ | ○ | ○ | - | - | - | △ | - | ○ | △ | △ | ○ | ○ | △ | - | - | △ | △ | △ | △ | △ | △ |
Analyzer | ○ | ○ | ○ | ○ | ○ | - | - | - | △ | - | ○ | △ | △ | ○ | ○ | △ | - | △ | △ | △ | △ | △ | △ | △ |
Recorder | ○ | ○ | ○ | ○ | ○ | - | - | - | △ | - | ○ | △ | △ | ○ | ○ | △ | - | - | △ | △ | △ | △ | △ | △ |
Specification | PLC | IoT Gateway | IoT Device (Raspberry Pi 3) |
---|---|---|---|
CPU | ARM Cortex-A9 (32 bit dual, 866 MHz) | ARM Cortex-A7 (32 bit dual, 1.0 GHz) | ARM Cortex-A53 (64 bit quad, 1.4 GHz) |
RAM | 256 MiB | 512 MiB | 1 GiB |
OS | Linux 3.18.16-rt13 | Linux 4.9 | Raspbian 9 |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Matsumoto, N.; Fujita, J.; Endoh, H.; Yamada, T.; Sawada, K.; Kaneko, O. Asset Management Method of Industrial IoT Systems for Cyber-Security Countermeasures. Information 2021, 12, 460. https://doi.org/10.3390/info12110460
Matsumoto N, Fujita J, Endoh H, Yamada T, Sawada K, Kaneko O. Asset Management Method of Industrial IoT Systems for Cyber-Security Countermeasures. Information. 2021; 12(11):460. https://doi.org/10.3390/info12110460
Chicago/Turabian StyleMatsumoto, Noritaka, Junya Fujita, Hiromichi Endoh, Tsutomu Yamada, Kenji Sawada, and Osamu Kaneko. 2021. "Asset Management Method of Industrial IoT Systems for Cyber-Security Countermeasures" Information 12, no. 11: 460. https://doi.org/10.3390/info12110460
APA StyleMatsumoto, N., Fujita, J., Endoh, H., Yamada, T., Sawada, K., & Kaneko, O. (2021). Asset Management Method of Industrial IoT Systems for Cyber-Security Countermeasures. Information, 12(11), 460. https://doi.org/10.3390/info12110460