Network Attack Detection and Defense: Securing Industrial Control Systems for Critical Infrastructures (Dagstuhl Seminar 14292)

This report documents the program and the outcomes of Dagstuhl Seminar 14292 "Network Attack Detection and Defense: Securing Industrial Control Systems for Critical Infrastructures". The main objective of the seminar was to discuss new approaches and ideas for securing industrial control systems. It is the sequel of several previous Dagstuhl seminars: (1) the series "Network Attack Detection and Defense" held in 2008 and 2012, and (2) the Dagstuhl seminar "Securing Critical Infrastructures from Targeted Attacks", held in 2012. At the seminar, which brought together members from academia an industry, appropriate methods for detecting attacks on industrial control systems (ICSs) and for limiting the impact on the physical components were considered. A central question was whether and how reactive security mechanisms can be made more ICS- and process-aware. To some extent it seems possible to adopt existing security approaches from other areas (e.g., conventional networks, embedded systems, or sensor networks). The main question is whether adopting these approaches is sufficient to reach the desired level of security for ICSs. Detecting attacks to the physical components and appropriate reactions to attacks are new aspects that need to be considered as well. The main result of the seminar is a list of recommendations for future directions in ICS security that is presented in this report.