Network Policy-Enforcement Function for Reliable and Secure Control Messaging
Deniz Gurkan, Associate Professor, University of Houston
NOTE: This presentation contains animations that are best viewed by streaming the MP4. A PDF of slides is unavailable.
Abstract: Organizations such as the Linking the Oil and Gas Industry to Improve Cybersecurity (LOGIIC), DHS Science and Technology Directorate, and NESCOR have cataloged a lack of consistent communication security policy across the oil and gas industry automation systems. Their reports outline how sensor and automation systems have vulnerabilities in their network design and implementation. To this end, we are addressing the gap that is created by a lack of vendor solutions with programmable network functions. Our proposed solution is vendor agnostic, independent of hardware lifecycles, and has the programmability necessary to handle changing system demands over time as run-time needs and safety considerations evolve. Our activities encompass the design and implementation of a network function which can be deployed without disruption into existing control networks, providing both reliable and secure transport between sites irrespective of the capabilities of the existing endpoint equipment. We will present some analysis results of the policy enforcement function reference implementation to help businesses make decisions on resource requirements and what policies to support.