Anomaly detection and embedded security in industrial information systems

Industrial control systems and computer systems are an essential part of today’s society. The increasingly complex structures and the interactions in our society depend more and more on a computer systems’ reliability, integrity and system security. Such systems are already integrated in many products and systems of everyday life, for example in automobiles, avionics, industrial process control systems and large automation solutions. A connection to the Internet and thus support for features such as remote control, remote maintenance, and error management are a necessity nowadays. But such a connection also enables attacks from the Internet, which have not played a significant role so far. The StuxNet worm is a prominent example of such an attack on industrial process control systems.

Attacks such as by the Stuxnet virus cannot be expected to remain unique events. According to most experts it can even be assumed that these kinds of attacks will increase drastically.

In addition to these known threats, there is also a growing exposure to systemic errors. Due to the sheer complexity of modern software and hardware a growing risk of undetected design and implementation failures remains.

From these threats emerges the need to develop resistant, integrated security technologies that include at the same time anomaly detection, integrated protection and security features, and limit the damage potential (by compartmentalization).

The ANSII research project’s aim is to develop a procedure model for the integration of IT security algorithms into industrial information systems. This model includes the selection of the assets that need to be protected, the threat analysis, risk assessment, and a selection of actions and implementations. Application-specific models and solution cores should be developed within the field of embedded systems, aiming at industrial information systems.