Mitigating Insider Threat Risks in Cyber-physical Manufacturing Systems

Cyber-Physical Manufacturing System (CPMS)—a next generation manufacturing system—seamlessly integrates digital and physical domains via the internet or computer networks. It will enable drastic improvements in production flexibility, capacity, and cost-efficiency. However, enlarged connectivity and accessibility from the integration can yield unintended security concerns. The major concern arises from cyber-physical attacks, which can cause damages to the physical domain while attacks originate in the digital domain. Especially, such attacks can be performed by insiders easily but in a more critical manner: Insider Threats. Insiders can be defined as anyone who is or has been affiliated with a system. Insiders have knowledge and access authentications of the system\u27s properties, therefore, can perform more serious attacks than outsiders. Furthermore, it is hard to detect or prevent insider threats in CPMS in a timely manner, since they can easily bypass or incapacitate general defensive mechanisms of the system by exploiting their physical access, security clearance, and knowledge of the system vulnerabilities. This thesis seeks to address the above issues by developing an insider threat tolerant CPMS, enhanced by a service-oriented blockchain augmentation and conducting experiments & analysis. The aim of the research is to identify insider threat vulnerabilities and improve the security of CPMS. Blockchain\u27s unique distributed system approach is adopted to mitigate the insider threat risks in CPMS. However, the blockchain limits the system performance due to the arbitrary block generation time and block occurrence frequency. The service-oriented blockchain augmentation is providing physical and digital entities with the blockchain communication protocol through a service layer. In this way, multiple entities are integrated by the service layer, which enables the services with less arbitrary delays while retaining their strong security from the blockchain. Also, multiple independent service applications in the service layer can ensure the flexibility and productivity of the CPMS. To study the effectiveness of the blockchain augmentation against insider threats, two example models of the proposed system have been developed: Layer Image Auditing System (LIAS) and Secure Programmable Logic Controller (SPLC). Also, four case studies are designed and presented based on the two models and evaluated by an Insider Attack Scenario Assessment Framework. The framework investigates the system\u27s security vulnerabilities and practically evaluates the insider attack scenarios. The research contributes to the understanding of insider threats and blockchain implementations in CPMS by addressing key issues that have been identified in the literature. The issues are addressed by EBIS (Establish, Build, Identify, Simulation) validation process with numerical experiments and the results, which are in turn used towards mitigating insider threat risks in CPMS

Comment les entreprises déterminent-elles les critères et les pondérations pour choisir le type de contrat avec les fournisseurs et les sous-traitants ?

RÉSUMÉ: La gestion de projet contribue de manière importante et significative à la création de valeur à l'échelle mondiale. Ainsi, Turner et al. (2013, p.4) affirment que «?actuellement, plus de 20 % de l'activité économique mondiale s'appuie sur des projets, et dans certaines économies émergentes, elle dépasse 30 %?». Toutefois, certaines entreprises font face à des exigences spécifiques et utilisent de plus en plus des projets et des programmes pour atteindre leurs objectifs stratégiques pour le type de contrats avec les fournisseurs. En outre, les choix contractuels de ces entreprises reposent en partie sur la détermination et l'évaluation des critères et pondérations. Autant de difficultés qui constituent des problématiques majeures auxquelles il est impératif d'apporter des approches de solution. En conséquence, ce mémoire a pour but d'identifier les critères et pondérations utilisés par ces entreprises au moment de choisir les différents types de contrats en gestion de projets. En se fondant sur une approche qualitative, notamment celle interprétative/constructiviste, le cadre méthodologique a permis de se servir des données médiatiques variées pour saisir l'évolution du processus de choix des critères des fournisseurs. Ce faisant, les données théoriques montrent de toute évidence que les auteurs font un inventaire des critères et pondérations appliqués. Subséquemment, les résultats tirés de cette recherche démontrent que les entreprises utilisent indéniablement des critères plus ou moins courants pour choisir le type de contrat avec leurs fournisseurs. Nonobstant, ces entreprises ne sont aucunement intéressées à l'évaluation de ces critères. L'analyse des résultats laisse émerger des nouvelles avenues et apporte aux questions de la présente recherche, quelques réponses?; lesquelles réponses pourraient être utiles aux chercheurs, aux entreprises, gestionnaires et tous autres praticiens en gestion de projets. -- Mot(s) clé(s) en français : Gestion de projets, contrats, fournisseurs, critères, pondérations, analyse multicritères, approvisionnement des ressources, données médiatiques. -- ABSTRACT: Project management contributes significantly to the creation of global value. Thus, Turner et al. (2013, p.4) states that "currently, more than 20% of global economic activity is based on projects, and in some emerging economies, it exceeds 30%". However, some companies face specific requirements and are increasingly using projects and programs to achieve their strategic objectives for the type of supplier contracts. In addition, the contractual choices of these companies are based in part on the determination and evaluation of the criteria and weights. These are all difficulties which constitute major problems to which it is imperative to provide solution approaches. Consequently, this thesis aims to identify the criteria and weights used by these companies when choosing the different types of project management contracts. Based on a qualitative approach, especially the interpretative/constructivist one, the methodological framework allowed us to use various media data to grasp the evolution of the process of choosing supplier criteria. In doing so, the theoretical data clearly show that the authors make an inventory of the criteria and weights applied. Subsequently, the results drawn from this research demonstrate that companies undeniably use approximately criteria to choose the type of contract with their suppliers. However, these companies have no interest in evaluating these criteria. Analysis of the results reveals new avenues and provides some answers to the questions of this research, which answers could be useful to researchers, companies, managers, and any other practitioner in project management. -- Mot(s) clé(s) en anglais : Project management, contracts, suppliers, criteria, weights, multi-criteria analysis, supply of resources, media data