Automatic attack surface reduction in next-generation industrial control systems

Industrial control systems are often large and complex distributed systems and therefore expose a large potential attack surface. Effectively minimizing this attack surface requires security experts and significant manpower during engineering and maintenance of the system. This task, which is already difficult for today´s control systems, will become significantly more complex for tomorrow´s systems, which can reconfigure themselves dynamically, e.g., if hardware failures occur. In this article, we present a dynamic security system which can automatically minimize the attack surface of a control system´s communication network. This security system is specifically designed for next-generation industrial control systems, but can also be applied in current generation systems. The presented security system adapts the necessary parameters of network and security controls according to the underlying changes in the control system environment. This ensures a better cyber security resilience against system compromise and reduces the attack surface because security controls will only allow data transfer that is required by the control application. Our evaluations for a next generation industrial control system and a current generation substation automation system show that the attack surface can be reduced by up to 90%, depending on the size and actual configuration of the control system.