Secure Management of SCADA Networks
Cristina Alcaraz, Gerardo Fernandez, Rodrigo Roman, Angel Balastegui, Javier Lopez
Departamento de Lenguajes y Ciencias de la Computación, Universidad de Málaga
{alcaraz, gerardo, roman, balastegui, jlm}@lcc.uma.es
Abstract
When a SCADA (Supervisory Control and Data Acquisition) system monitors and
manages other complex infrastructures through the use of distributed technologies, it
becomes a critical infrastructure by itself: A failure or disruption in any of its
components could implicate a serious impact on the performance of the other
infrastructures. The connection with other systems makes a SCADA system more
vulnerable against attacks, generating new security problems. As a result, it is essential
to perform diverse security analysis frequently in order to keep an updated knowledge
and to provide recommendations and/or solutions to mitigate or avoid anomalous
events. This will facilitate the existence of a suitable, reliable, and available control
network.
Keywords
SCADA network management, Supervisory Control and Data Acquisition Systems,
Security Analysis.
1.- Introduction
A SCADA system (or control system) is a complex system capable of controlling and
managing other complex system whose resources are considered critical (such as water,
gas, oil or electricity). In general, these control systems have evolved over time and are,
at present, based on distributed environments. They are composed by very varied
(hardware and software) components, being most of their logical components COTS
(Commercial-Off-The-Shelf) so as to reduce cost of implementation and maintenance.
However, both the interaction among different components and the new connection
towards external networks, such as Internet, involve multiples and diverse problems of
security. Moreover, a failure or disruption in any of their components could involve an
important impact on the performance of other infrastructures, affecting on the economy
of a region, a nation or nations [1].
As a result, the industrial sector needs to collaborate with the research community and
diverse institutions, in order to discover how to enforce certain essential security
properties of these critical systems, such as availability. In fact, there are several
technical documents and scientific articles dealing with security issues in critical
systems (cf. [2][3][4]). However, as none of them provide a complete solution for the
problem on these types of infrastructures, it is important to keep an updated knowledge
on the subject with technical-scientific procedures, policies and standards, as well as to
identify and to describe new vulnerabilities and solutions, considering futures
anomalous actions and alternatives. In fact, the main goal of this paper is to make a deep
security analysis in the control and access (both physical and logical access) points of
the system, providing an up-to-date overview of new problems, schemes, and solutions,
in order to improve the availability and management of a SCADA network.
2.- SCADA Network Architecture and Problems
A SCADA network architecture is composed by two types of foundation networks (both
are depicted in the figure 1): the corporative network and the control network. In the
corporative network, the operations are more related to the general supervision of the
system and the contractors/employees require of strong authentication procedures to
interact with the databases (historical, alarms, etc.) and critical servers. On the other
hand, the control tasks (as for example, to open/close a pump or to retrieve a
measurement) are carried out in the control network. All these tasks are managed by a
HMI (Human Machine Interface) localized in the principal SCADA control centre or
remote substations, and transmitted to certain field devices which are usually located in
the industrial plants or substations.
A field device (such as a RTU – Remote Terminal Unit) is a device with constrained
capabilities but autonomous and independent enough to be able to process data and to
identify which sensor or actuator is the responsible of executing an order in a substation.
Moreover, they are able to establish connections with other substations, other RTUs and
other field devices such as PLCs (Programmable Logic Controllers). Furthermore, they
can simultaneously process and respond to several messages transmitted by multiple
sources since they can support multiples sessions with TCP/IP. Some RTUs can even
support Linux/Unix or Microsoft Windows to provide Web applications with graphical
interfaces to generate the reports.
Nowadays, numerous industrial and proprietary protocols coexist and work in a same
system. Most of them work with the TCP/IP standard: Modbus/TCP [5], DNP3.0 [6] or
ICCP [7]. Alternatively, there are other protocols, such as the protocols corresponding
to the Common Industrial Protocol (CIP) family supported by Open DeviceNet Vendors
Association (ODVA) [8]: Ethernet/IP, DeviceNet, CompoNet and ControlNet. These
protocols are useful for the control process, but they lack of protection mechanisms,
hence they could open new and important security holes that can affect the security of
the system.
Regarding remote controlling from any geographic localization point, it is necessary
that diverse communication infrastructures interact with each other, such as Ethernet,
dial-up, Satellite, microwave, optical fiber, WiFi, WiMAX, etc. Some SCADA systems
could also provide Web and mobile (GSM or TETRA) services in order to reduce
maintenance tasks and increase performance and availability of the system.
INTERNET
Database
Remote
Users
CONTROL
CENTRE
Dial‐in Telephone Line
GSM
Dial‐in Telephone Line
Ethernet‐LAN
Applications of
Third Parts
CORPORATIVE NETWORK
Wi‐Fi
SCADA
back‐up
Wireless Sensor
Network
RTUs
Figure 1: SCADA Network Architecture
A SCADA network, which is depicted in the figure 1, has multiple potential security
holes, since internal and external attacks could appear in any point of the system.
Internal attacks are associated to (intentioned or not intentioned) human actins, while
external attacks are more related to the vulnerabilities corresponding to the standard
TCP/IP, as well as the use of new technologies (for example, RFID or Wireless Sensor
Network) and COTS components [9]. At present, many of these vulnerabilities are
registered in public databases, such as CERT [10] or BICT (British Columbia Institute
of Technology) [11]. CERT has approximately 2.500 vulnerabilities identified and 150
technical reports published since 1998. Similarly, BICT has the database ISID
(Industrial Security Incidents Data), which was utilized by Byres et.al [12] to make a
statistical study about the type of security problems in critical environment. They
concluded that the external vulnerabilities had just started to emerge since 2001, rising
every year.
3.- Identification and Authorization in SCADA System
In order to establish a security perimeter between unauthorized personnel and critical
components and installations in a SCADA system, it is necessary to define strong
access control policies. Said policies must include in their specification both
mechanisms of security and electronic devices, such as: biometric systems, magnetictrip cards, smart cards, RFID, video camera, or even specialized software to carry out
the authorization processes from a HMI. In case that these security systems stop
working, the most appropriate course of action is to keep active a manual procedure to
complete provisionally the control processes. In effect, these manual procedures must
work as a second alternative since they depend on unsecure and unreliable mechanisms,
such as a simple key (possibly electronic) or a control list managed by a human being.
Basically, most of the actual SCADA systems are designed under complex and
automated authentication mechanisms based on user and password. The assertion of a
new user will depend on two important factors: i) responsibility area and privileges of
an operator, and ii) time of activity and functionality according to the contract. For
controlling both active and inactive (considering expiration account or inactive contract)
user accounts, the system will have to periodically check the viability of the security
credentials. Any change associated to the user must be registered in the respective
databases. Similarly, any type of activity in a session must also be registered to facilitate
other types of analysis processes (as for example, statistical or forensic investigations).
The security credentials will have to be frequently updated following security patterns
and strong access control policies. The system will have to limit the number of sessions
by user and to block all those accounts that exceed a maximum of failed attempts.
As already aforementioned, a Web service can be offered by a SCADA network for
entering to the system from the Internet and managing in real time the control
operations (such as, to receive measurements or to send control orders) from any HMI.
The official websites will interact with the relational databases to manage the
authorization process. In the case that these services present important security
deficiencies, said databases could be compromised. Therefore, development methods
must be applied to avoid future attacks, as well as tools to delete diverse implementation
errors, as for example DEADBOLT for C and C++ [13]. Nonetheless, all these methods
and tools are not enough to achieve a suitable security in the implementation, since the
system can be compromised by social engineering or brute force attacks. As a result, it
is also important to define and implant a suitable security policy.
4.- Security Policies in SCADA Systems
In any SCADA system is essential to define a set of security policies. These policies
help to enforce the security and reliability requirements of an SCADA system by means
of a set of audit procedures. The scope of the security policies is very wide, i.e. these
define what actions can be executed by a physical (e.g. operator) element and by a
logical (e.g. communication subsystems) element, the steps to follow in the
maintenance operations and incidence managements, in addition to identify
responsibilities.
It is recommendable for the development of a security policy to utilize generic security
control standards for information systems, such as NIST 800-53 [14], ISO/IEC 17799
[15] or COBIT [16]. Nonetheless, the specific requirements of the SCADA systems
(i.e., high availability, reliability and reaction time) require of a set of rules and policies
adapted according to necessities [9]. For them, existing standards have been extended
[14], as for example the NIST 800-82 [17], defining diverse schemes of security
policies in the academic environment [18].
For every SCADA system, it is important to take into account the following security
policies [18]: data protection (access and storage), hardware and software configuration
(virus, intrusion detection, access control and codification), security in the
communication (wireless access, local, remote), human resources (use of the system,
preparation and recycling), audits, physical security (access to equipment, material
destruction), and manual operations execution in failure case. All these security policies
are influenced by the following factors: the existing interdependences of the
organization, the roles of the diverse human resources, the information system
architecture, the data managed in SCADA and the risks associated to the system.
A clear example of such policies is incidence management, since a SCADA system
must recover its performance in a crisis situation as soon as possible. For this policy, it
is necessary to define how to store and how to access to the events that occurred in the
system. The events have to be visible for those operators with determined privileges,
and these operators must have enough information (for example, telephone number,
email, cryptographic key and instructions for verifying its identity) to contact with the
responsible in charge of treating the incidence occurred. Finally, determined accessories
(alongside with recuperation procedures and the appropriated practice) must exist to
recompile and analyze evidence proofs, which could be used in legal actions.
5.- SCADA Communication Networks Protection
A SCADA system requires of secure network management processes, which must
identify and manage all connections from the Internet towards the SCADA network –
and vice versa -, and from the corporative network towards the control network. Said
processes are under specialized and restrictive mechanisms, such as: firewalls, IDS
(Intrusion detection system), IPS (Intrusion Prevention Systems), antivirus, RADIUS
servers or VPN (Virtual Private Networks) protocols. Every one of these components
will have to be configured and distributed strategically to reach a strong protection and a
defense-in-depth [19]. In addition, the accesses from the corporative network towards
the control network and towards diverse critical servers must also be controlled. The
communication channels have to be protected by means of tunneling services, key
management systems and specialized tools, as for example SecSS (Security Services
Suite) [20].
Figure 2: SCADA network architecture proposed by NISCC
In case of existing devices with wireless communication (Bluetooth, Rogue APs o
WiFi), the access control policies must be very restrictive. The inactive ports and the
broadcast of the SSID (Service Set IDentifier) should be closed, and the communication
channel must be protected with cryptographic mechanisms. Also, it is recommendable
in these scenarios to employ WPA-Radius and TLS. Finally, within this category the
Wireless Sensor Networks play an important role in the control processes, since they are
considered a perfect candidate in the critical infrastructure protection in general [21]. In
fact, nowadays, there are several initiatives [22][23] to standardize their
communications in the industrial control processes.
5.1.- The First Defense Line
The National Infrastructure Security Co-ordination Centre (NISCC) [24] of BCIT
presented by means of a guide the foundations for the configuration and management of
firewalls corresponding to control systems in 2005. In the guide, a possible secure and
scalable architecture is described based on a division in three main zones (see figure 2),
being the first defense line: the firewall, IDSs and DMZ (Demilitarized Zone).
The firewall has to filter the network addresses, considering that every SCADA
component has an IP address and one or more TCP/UDP ports, and also all the high risk
services in the network including the services of the SCADA. At present, there are
several firewalls exclusives for industrial environment, such as MODBUS-aware [25],
developed by Cisco Systems Critical Infrastructure Assurance Group (CIAG), or
Vattenfall [26] for the IEC 60870-5 (101, 103 y 104) family [27]. In addition, the NISC
proposed in the guide the development of embedded firewalls for the field devices,
known as micro-firewalls. However, a micro-firewall requires certain computational
capabilities which cannot always be supported by the field devices, thus it is necessary
to continue researching in this area.
With regard to the IDS, they assume the responsibility for monitoring the network
traffic. They are composed on patterns, rules and a knowledge source based on
evidences occurred in the past (vulnerabilities and attacks). Said knowledge needs to be
kept up-to-date, and for a critical network such as SCADA, this may be unpractical.
There are several IDS tools for critical environment as [28][29][30], and any type of
detected incidence must be registered for future forensic researches.
Finally, it is important to comment that the rules configured in the firewalls may not be
always accurate, mainly due to incorrect configuration or changes made by an IPS. A
possible solution would be to install a tool that analyzes in real time whether the rules of
the firewall coincide with those specified in the security policy, such as APT (Access
Policy Tool) [31].
5.2.- Protection in the Communication Channels
The control operations have to be managed from any connection point and geographic
localization in order to assure the availability of a SCADA system. Independently of the
network, the encryption and authentication processes must be strong and restrictive,
respectively. If the control network has direct connection to Internet, it is necessary to
implement a VPN using standard protocols such as SSL and IPsec.
Generally, the protocols responsible of transmitting the control operations to the field
devices (e.g. Modbus or DNP3 protocols) lack of security mechanisms. Depending on
the underlying communication mechanisms and protocols the system will have to have
implemented a determined security mechanism. For example, if the communication is
serial, the system should configure a Bump-in-the-Wire [32] device between the EIA232 port of the RTU and the modem to manage the encryption operations. Otherwise, if
the communication is using the TCP/IP standard, it would only be necessary to install
and configure those security mechanisms associated to the standard.
The previous control operations can also be transmitted between SCADA systems by
means of specific protocols, such as ICCP/TASE 2.0. Although, ICCP provides both
high availability and performance in the data transference, it lacks of security
mechanisms. For resolving this problem the TC57 defined the standard IEC-62351 [33]
to include the TLS/SSL protocols (they offer interoperability between SCADA
systems), MMS/IEC-62351-4 and a bilateral table to register the corresponding
associations to a system. As a result, the system could provide support for certification,
message authentication code, key interchange (at least 1024 bits), RSA and DSS. This
standard offers the port TCP 3782 to establish secure communications.
Other important aspect for the protection in the communication channels is the
cryptography and the key management systems. One of the first technical documents
that described a cryptographic implementation for critical systems was proposed by
American Gas Association (AGA) with AGA-12 Part 1 [34]. Later, they presented
AGA-12 Part 2 [35] to describe a specification of cryptographic implementation in
serial communication channels, including a protocol based on sessions with
authentication services by means of symmetric keys generated by AES and SHA-1. At
present, there are two reports still pending of publishing, which are AGA-12 Part 3 and
Part 4. Both of them specify the network protection and the security of the embedded
devices in SCADA components.
Also, AGA was involved in developing standards for key management in control
systems, and at present there several work groups working on them, such as TC57WG15
(IEC62351), IEEE Power Engineering Society Substations Committee with P1689 and
DNP3 User Group (DNP3 v1.0). So far, several security mechanisms have been
proposed among them the use of Elliptic Curve Cryptography [36]. Due to the number
of security mechanisms and methods for SCADA, it may be necessary to use a
methodology [37] to identify and select which of them is the most suitable for a certain
design.
6.- Protection of the Information Systems
In this section we will describe those processes that can improve the security of the
information systems, focusing on those processes in charge of protecting SCADA
systems against possible and future attacks. As of 2008, new attacks have occurred in
these types of critical systems [38]. An important factor to take into account is the
existing applications that include support for carrying out such attacks [39], as for
example Metasploit. As these tools are increasingly easy to use, SCADA systems may
become a new target for all those that want to show their malicious abilities.
The protection solutions provide a layer of defense against internal attacks. Generally,
internal attacks are possibly one of the most dangerous in these systems because of the
intruders’ knowledge of the system. Nonetheless, these mechanisms also provide an
additional base to face the external attacks, since they could build a scenario to control
the impact caused by an intruder.
A fundamental part of the protection of the information systems is to specify the
dependences between services and other services/applications installed. Such
knowledge can help in the design of isolated execution contexts for the services,
reducing their visibility and allowing a better control of both their privileges and their
relationships with the other elements of the system. There are several possible technical
solutions available for different Operative Systems: group policies and access control
rules in Windows, SELinux in Linux or RBAC and Containers in Solaris. In order to
facilitate this task, the number of services available in a SCADA system should be
reduced to a set of essential services. This also reduces the dependencies between
services and potential vulnerabilities that may arise.
The data storage is other aspect that must be taken into account in determined situations.
After an attack is carried out, an intruder could break or accede to sensible information
such as the privileges of the system. A possible solution would be to adopt existing
encryption mechanisms to protect the sensible data of the system. Other solution would
be that the database servers may interrupt the access to the files (not encrypted)
activating the own encryption mechanisms.
Also, resource monitoring helps to detect anomalous behaviors or prevent a possible
failure of the system caused by an attack. A possible solution to know whether the
system is being attacked is to check an unjustified overload in the processor, an excess
in the network traffic or a drastic reduction on the memory or hard disk. Besides, it is
convenient to employ audit solutions/tools in the SCADA network components to track
suspicious actions and/or to discover malicious evidences, in addition to determine the
scope of the attacks in the critical environments.
The HIDS (Host Intrusion Detection Systems) allow the system to detect and mitigate
common attacks through detection of anomalous behaviors. Their main goals are to
prevent the execution of suspicious applications, to interrupt any suspicious software
that tries to capture information, to avoid any physical access to memory or disk, and so
on. Obviously, the application of these solutions in a SCADA system has to be carefully
considered, since they could damage the performance of certain essential functionalities.
As general rule, most of these solutions include an initial learning mode in order to
create a ‘right behaviour’ baseline configuration, which will provide a set of
authorization rules that alert of future anomalous actions.
7.- Conclusions
A SCADA system is considered a critical control system since it monitors and controls
the performance and availability of other critical infrastructures, such as transport
systems, energy suppliers, water treatment systems or communication systems. A
disturbance in any (hardware and software) component because of a failure (technical or
human) or an attack (physical or logical) could result in an unforeseen chain of events
that affect other infrastructures, expanding towards other sectors and affecting the
performance of a region, nation or nations. These effects are caused by the (direct or
indirect) interdependencies among infrastructures [1].
It is then necessary and crucial to resolve and mitigate a few problems already identified
in these types of control systems, as well as establish mechanisms, policies, standards
and security procedures. All of them will make possible the protection of the system
from a physical level (installations, communication networks and resources) to a logical
level (software and communication channels). Nowadays, several documents and
articles have been published describing disadvantages and a few and possible solutions.
However, and due to the criticality of these systems, it is necessary to have an updated
visualization of new security problems and technical recommendations.
We have identified and described in this paper diverse security management procedures
in the SCADA communication networks and access controls, identifying important
necessities, such as: specification of standards, security policies, roles and
responsibilities, and design and implementation of secure network architectures.
Nonetheless, it is very important to take into account other crucial factors in these
critical systems: the risk management (a tool could be the RiskMAP to provide support
in decision-making and actions [40]), incidence management for future analysis and
forensic investigations, document management, evaluation metrics and methodologies,
proliferation of training programs, maintenance and inspection.
8.- Acknowledgments
This work has been funded by the Ministry of Education and Science of Spain under the
investigation projects CRISIS (TIN2006-09242) and ARES (CSP2007-00004).
References
[1] James P. Peerenboom and Ronald E. Fisher, Analyzing Cross-Sector
Interdependencies, 40th Annual Hawaii International Conference on System Sciences
(HICSS '07), IEEE Computer Society, pp. 112-119, 2007.
[2] V. Igure, S. Laughter and R. Williams, Security issues in SCADA networks,
Computers & Security 25, v 25, pp 498-506, num 7, 2006.
[3] R. Chandia, J. Gonzalez, T. Kilpatrick, M. Papa and S. Shenoi, Security
Strategies for SCADA Networks, IFIP International Federation for Information
Processing, Critical Infrastructure Protection, Springer Boston, v 253, pp 117-131,
2007.
[4] M. Hentea, Improving Security for SCADA Control System, Interdisciplinary
Journal of Information, Knowledge, and Management, v 3, pp 73-86, 2008.
[5] Modbus-IDA the architecture for distributed automation, http://www.modbus.org/,
2005.
[6] DNP3, DNP Users Group, http://www.dnp.org, 2008.
[7] IEC 60870-6, International Electrotechnical Commission
[8] ODVA, Open DeviceNet Vendors Association, http://www.odva.org/, 2008.
[9] A. Cárdenas, S. Amin and S. Sastry, Research Challenges for the Security of
Control Systems, 3rd USENIX Workshop on Hot Topics in Security (HotSec’08), San
Jose, USA, 2008,
[10] CERT, Carnegie Mellon Software Engineering Institute, CERT/CC Statistics
1988-2008, http://www.cert.org/stats/vulnerability_remediation.html, 2008.
[11] BCIT, British Columbia Institute of Technology, http://www.bcit.ca/, 2008.
[12] E. Byres and J. Lowe, The myths and facts behind cyber security risks for
industrial control systems, 'VDE Congress, VDE Association For Electrical, Electronic
Information Technologies, British Columbia Institute of Technology and PA Consulting
Group, 2004.
[13] DEADBOLT, Institute for Information Infrastructure Protectio (I3P),
http://www.thei3p.org/docs/publications/factsheet-Deadbolt-2-24-08.pdf, 2008.
[14] NIST Special Publication 800-53. Recommended Security Controls for Federal
Information Systems. Diciembre 2007.
[15] ISO/IEC 17799:2005. Code of Practice for Information Security Management.
2005.
[16] ISACA. Control Objectives for Information and related Technology, rev 4.1. 2007.
[17] NIST Special Publication 800-82. DRAFT - Guide to Industrial Control Systems
(ICS) Security. 2007.
[18] D. Kilman, J. Stamp. Framework for SCADA Security Policy. Sandia National
Laboratories report SAND2005-1002C. 2005.
[19] U.S. Department of Energy, 21 Steps to Improve Cyber Security of SCADA
Networks, white paper, 2005.
[20] SecSS, Institute for Information Infrastructure Protection (I3P),
http://www.thei3p.org/docs/publications/factsheet-SecSS-2-21-08.pdf, 2008.
[21] R. Roman, C. Alcaraz and J. Lopez, The role of Wireless Sensor Networks in the
area of Critical Information Infrastructure Protection, Information Security Technical
Report, Elsevier. Vol 12, no 1, pp 24-31, 2007.
[22]
ISA100,
Wireless
Systems
for
Automation,
http://www.isa.org/MSTemplate.cfm?MicrositeID=1134&CommitteeID=6891,
Industrial Automation and Control system (ISA), 2007.
[23] WirelessHART™ technology, , HartComm Company
[24] NISCC, National Infrastructure Security Co-ordination Centre, NISCC Good
Practice Guide on Firewall Deployment for SCADA and Process Control Networks,
British Columbia Institute of Technology (BCIT), 2005.
[25] Modbus Software, Linux Firewall
http://sourceforge.net/projects/modbusfw, 2008.
for
Modbus/TCP
protocol,
[26] Vattenfall,
http://www.vattenfall.se/www/vf_se/vf_se/518304omxva/525894stude/525924exame/5
64400exemp/833879firew/index.jsp, 2007.
[27] IEC 60870-5, International Electrotechnical Commission
[28] EMERALD, Event Monitoring Enabling Responses to Anomalous Live
Disturbances, SRI International, http://www.sdl.sri.com/projects/emerald/, 2007.
[29]
IDS
Signatures,
Digital
http://www.digitalbond.com/index.php/research/ids-signatures/, 2007.
[30]
Nessus
3
SCADA,
Tenable
Network
http://blog.tenablesecurity.com/2006/12/nessus_3_scada_.html, 2006.
Bond,
Security,
[31] D. Nicol, B. Sanders and M. Seri, Access Control Policies and their Impact on
Survivability, Process Control Systems Workshop, The 4th Annual I3P PCS Security,
2008.
[32] P. Tsang and S. Smith, YASIR: A low-latency high integrity security retrofit for
legacy SCADA systems, 23rd International Information Security Conference (IFIC
SEC), 2008.
[33] IEC-62351, International Electrotechnical Commission.
[34] AGA-12 Part 1, Cryptographic Protection of SCADA Communications Part1:
Background, Policies and Test Plan, 2006.
[35] AGA-12 Part 2, M. Hadley, K. Huston, Performance Test Plan, Pacific Northwest
National Laboratories, 2006.
[36] R. Lambert, ECC and SCADA Key Management, SCADA Security Scientific
Symposium Conference, Digital Bonded., 2007.
[37] L. Cambacédes and P. Sitbon, Cryptographic Key Management for SCADA
Systems -Issues and Perspectives, pp 156-161, IEEE Computer Society, Information
Security and Assurance (ISA) 2008.
[38] D. Morrill, Everybody Panic Metasploit does SCADA Hacking, Information
Technology Professional IT Community, http://it.toolbox.com/blogs/managinginfosec/everybody-panic-metasploit-does-scada-hacking-27104, 2008.
[39] K. Finisterre, The Five Ws of Citect ODBC Vulnerability CVE-2008-2639,
http://www.milw0rm.com/papers/221, 2008.
[40] RiskMAP, Institute for Information Infrastructure Protection (I3P),
http://www.thei3p.org/docs/publications/factsheet-RiskMap-2-22-08.pdf, 2008.
Biographies
Cristina Alcaraz is currently a PhD student and got her MSc degree on Computer
Science from University of Malaga in 2006. Her research interests focus on Critical
Information Infrastructures Security and control systems security.
Gerardo Fernandez is currently a PhD student and got her MSc degree on Computer
Science from University of Malaga in 2006. His research interests focus on intrusion
detection and prevention, network security and vulnerabilities management.
Rodrigo Roman received the MSc and PhD degrees in Computer Science from
University of Malaga in 2004 and 2008, respectively. His main research interests are
WSN and ubiquitous security, as well as Critical Information Infrastructures Security.
Angel Balastegui received the BSc in Computer Science from University of Malaga in
2008. Since 2006 he collaborates as research student in different security projects in the
Computer Science Department.
Javier Lopez is full professor in the Computer Science Department, where he joined in
1994. He has leaded different Spanish and European research projects in the area on
Information and Communications Security. He is a member of the editorial board of
several international publications.