Securing Light Source SCADA Systems

Mekinda, Leonce; Bondar, Valerii; Brockhauser, Sandor; Danilevski, Cyril; Ehsan, Wajid; Esenov, Sergey; Fangohr, Hans; Flucke, Gero; Giovanetti, Gabriele; Hauf, Steffen; Hickin, David; Klimovskaia, Anna; Maia, Luis; Michelat, Thomas; Muennich, Astrid; Parenti, Andrea; Santos, Hugo; Weger, Kerstin; Xu, Chen

doi:10.18429/JACoW-ICALEPCS2017-THBPA02

Joint Accelerator Conferences Website

The Joint Accelerator Conferences Website (JACoW) is an international collaboration that publishes the proceedings of accelerator conferences held around the world.

RIS citation export for THBPA02: Securing Light Source SCADA Systems

TY - CONF
AU - Mekinda, L.
AU - Bondar, V.
AU - Brockhauser, S.
AU - Danilevski, C.
AU - Ehsan, W.
AU - Esenov, S.G.
AU - Fangohr, H.
AU - Flucke, G.
AU - Giovanetti, G.
AU - Hauf, S.
AU - Hickin, D.G.
AU - Klimovskaia, A.
AU - Maia, L.G.
AU - Michelat, T.
AU - Muennich, A.
AU - Parenti, A.
AU - Santos, H.
AU - Weger, K.
AU - Xu, C.
ED - Schaa, Volker RW
ED - Costa, Isidre
ED - FernÃ¡ndez, David
ED - Matilla, Ãscar
TI - Securing Light Source SCADA Systems
J2 - Proc. of ICALEPCS2017, Barcelona, Spain, 8-13 October 2017
C1 - Barcelona, Spain
T2 - International Conference on Accelerator and Large Experimental Control Systems
T3 - 16
LA - english
AB - Cyber security aspects are often not thoroughly addressed in the design of light source SCADA system. In general the focus remains on building a reliable and fully-functional ecosystem. The underlying assumption is that a SCADA infrastructure is a closed ecosystem of sufficiently complex technologies to provide some security through trust and obscurity. However, considering the number of internal users, engineers, visiting scientists, students going in and out light source facilities cyber security threats can no longer be minored. At the European XFEL, we envision a comprehensive security layer for the entire SCADA infrastructure. There, Karabo [1], the control, data acquisition and analysis software shall implement these security paradigms known in IT but not applicable off-the-shelf to the FEL context. The challenges are considerable: (i) securing access to photon science hardware that has not been designed with security in mind; (ii) granting limited fine-grained permissions to external users; (iii) truly securing Control and Data acquisition APIs while preserving performance. Only tailored solution strategies, as presented in this paper, can fulfill these requirements.
PB - JACoW
CP - Geneva, Switzerland
SP - 1142
EP - 1148
KW - ion
KW - controls
KW - device-server
KW - network
KW - SCADA
DA - 2018/01
PY - 2018
SN - 978-3-95450-193-9
DO - 10.18429/JACoW-ICALEPCS2017-THBPA02
UR - http://jacow.org/icalepcs2017/papers/thbpa02.pdf
ER -