Cybersecurity of Industrial Cyber-Physical Systems: A Review

Industrial cyber-physical systems (ICPSs) manage critical infrastructures by controlling the processes based on the "physics" data gathered by edge sensor networks. Recent innovations in ubiquitous computing and communication technologies have prompted the rapid integration of highly interconnected systems to ICPSs. Hence, the "security by obscurity" principle provided by air-gapping is no longer followed. As the interconnectivity in ICPSs increases, so does the attack surface. Industrial vulnerability assessment reports have shown that a variety of new vulnerabilities have occurred due to this transition while the most common ones are related to weak boundary protection. Although there are existing surveys in this context, very little is mentioned regarding these reports. This paper bridges this gap by defining and reviewing ICPSs from a cybersecurity perspective. In particular, multi-dimensional adaptive attack taxonomy is presented and utilized for evaluating real-life ICPS cyber incidents. We also identify the general shortcomings and highlight the points that cause a gap in existing literature while defining future research directions.Comment: 32 pages, 10 figure

A Survey on Industrial Control System Testbeds and Datasets for Security Research

The increasing digitization and interconnection of legacy Industrial Control Systems (ICSs) open new vulnerability surfaces, exposing such systems to malicious attackers. Furthermore, since ICSs are often employed in critical infrastructures (e.g., nuclear plants) and manufacturing companies (e.g., chemical industries), attacks can lead to devastating physical damages. In dealing with this security requirement, the research community focuses on developing new security mechanisms such as Intrusion Detection Systems (IDSs), facilitated by leveraging modern machine learning techniques. However, these algorithms require a testing platform and a considerable amount of data to be trained and tested accurately. To satisfy this prerequisite, Academia, Industry, and Government are increasingly proposing testbed (i.e., scaled-down versions of ICSs or simulations) to test the performances of the IDSs. Furthermore, to enable researchers to cross-validate security systems (e.g., security-by-design concepts or anomaly detectors), several datasets have been collected from testbeds and shared with the community. In this paper, we provide a deep and comprehensive overview of ICSs, presenting the architecture design, the employed devices, and the security protocols implemented. We then collect, compare, and describe testbeds and datasets in the literature, highlighting key challenges and design guidelines to keep in mind in the design phases. Furthermore, we enrich our work by reporting the best performing IDS algorithms tested on every dataset to create a baseline in state of the art for this field. Finally, driven by knowledge accumulated during this survey's development, we report advice and good practices on the development, the choice, and the utilization of testbeds, datasets, and IDSs

Machine Tool Communication (MTComm) Method and Its Applications in a Cyber-Physical Manufacturing Cloud

The integration of cyber-physical systems and cloud manufacturing has the potential to revolutionize existing manufacturing systems by enabling better accessibility, agility, and efficiency. To achieve this, it is necessary to establish a communication method of manufacturing services over the Internet to access and manage physical machines from cloud applications. Most of the existing industrial automation protocols utilize Ethernet based Local Area Network (LAN) and are not designed specifically for Internet enabled data transmission. Recently MTConnect has been gaining popularity as a standard for monitoring status of machine tools through RESTful web services and an XML based messaging structure, but it is only designed for data collection and interpretation and lacks remote operation capability. This dissertation presents the design, development, optimization, and applications of a service-oriented Internet-scale communication method named Machine Tool Communication (MTComm) for exchanging manufacturing services in a Cyber-Physical Manufacturing Cloud (CPMC) to enable manufacturing with heterogeneous physically connected machine tools from geographically distributed locations over the Internet. MTComm uses an agent-adapter based architecture and a semantic ontology to provide both remote monitoring and operation capabilities through RESTful services and XML messages. MTComm was successfully used to develop and implement multi-purpose applications in in a CPMC including remote and collaborative manufacturing, active testing-based and edge-based fault diagnosis and maintenance of machine tools, cross-domain interoperability between Internet-of-things (IoT) devices and supply chain robots etc. To improve MTComm’s overall performance, efficiency, and acceptability in cyber manufacturing, the concept of MTComm’s edge-based middleware was introduced and three optimization strategies for data catching, transmission, and operation execution were developed and adopted at the edge. Finally, a hardware prototype of the middleware was implemented on a System-On-Chip based FPGA device to reduce computational and transmission latency. At every stage of its development, MTComm’s performance and feasibility were evaluated with experiments in a CPMC testbed with three different types of manufacturing machine tools. Experimental results demonstrated MTComm’s excellent feasibility for scalable cyber-physical manufacturing and superior performance over other existing approaches

Machine Tool Communication (MTComm) Method and Its Applications in a Cyber-Physical Manufacturing Cloud

The integration of cyber-physical systems and cloud manufacturing has the potential to revolutionize existing manufacturing systems by enabling better accessibility, agility, and efficiency. To achieve this, it is necessary to establish a communication method of manufacturing services over the Internet to access and manage physical machines from cloud applications. Most of the existing industrial automation protocols utilize Ethernet based Local Area Network (LAN) and are not designed specifically for Internet enabled data transmission. Recently MTConnect has been gaining popularity as a standard for monitoring status of machine tools through RESTful web services and an XML based messaging structure, but it is only designed for data collection and interpretation and lacks remote operation capability. This dissertation presents the design, development, optimization, and applications of a service-oriented Internet-scale communication method named Machine Tool Communication (MTComm) for exchanging manufacturing services in a Cyber-Physical Manufacturing Cloud (CPMC) to enable manufacturing with heterogeneous physically connected machine tools from geographically distributed locations over the Internet. MTComm uses an agent-adapter based architecture and a semantic ontology to provide both remote monitoring and operation capabilities through RESTful services and XML messages. MTComm was successfully used to develop and implement multi-purpose applications in in a CPMC including remote and collaborative manufacturing, active testing-based and edge-based fault diagnosis and maintenance of machine tools, cross-domain interoperability between Internet-of-things (IoT) devices and supply chain robots etc. To improve MTComm’s overall performance, efficiency, and acceptability in cyber manufacturing, the concept of MTComm’s edge-based middleware was introduced and three optimization strategies for data catching, transmission, and operation execution were developed and adopted at the edge. Finally, a hardware prototype of the middleware was implemented on a System-On-Chip based FPGA device to reduce computational and transmission latency. At every stage of its development, MTComm’s performance and feasibility were evaluated with experiments in a CPMC testbed with three different types of manufacturing machine tools. Experimental results demonstrated MTComm’s excellent feasibility for scalable cyber-physical manufacturing and superior performance over other existing approaches

PICSEL: Portable ICS Extensible Lab

Trabalho de projeto de mestrado, Segurança Informática, Universidade de Lisboa, Faculdade de Ciências, 2020Critical infrastructures such as electric power grids, nuclear plants, oil and gas refineries, transportations systems or pharmaceutical industries, play an increasingly important role in our lives due to technological advancement and the precision industry. Traditionally, most of these infrastructures, also called industrial control systems (ICS), are large-scale cyber-physical systems (CPS) which all use supervisory control and data acquisition (SCADA). Over recent years, malicious actors have realized the importance and impact of these infrastructures. Combining this with the deprivation of security features in ICS resulted in a large quantity of high value targets just waiting to be exploited. Since these systems are based on equipment with a really long lifetime and, in most of the cases, have an extremely high availability requirement, its important to, somehow, gather information and perform security tests in order to protect these infrastructures, without compromising a live operation. Normally these infrastructures are very complex and often have a remarkable diversity of equipment, communication protocols and transmission technologies. This thesis presents a portable testbed, PICSEL, which was designed and developed to achieve the following goals: to be a portable testbed testing existing exploits and new security solutions whilst exploring new vulnerabilities within the equipment or the environment. Several requirements were considered in the design of the testbed: for instance, choosing the equipment that allowed for more environment configurations; choosing power supplies that support additional equipment; and designing a static electrical diagram based on each device’s requirements. With these requirements, the testbed must be able to support different types of equipment and architectures, allowing for applications in multiple industries, inside which it can be easily reconfigured. The thesis describes the testbed architecture and discusses the design decisions, presenting two test scenarios that were studied and implemented using PICSEL. In each of these test scenarios, different attacks were performed validating each of the PICSEL goals. Testing known vulnerabilities, testing exploits in the wild and exporting information from PICSEL equipment to an external tool were very important steps to validate the results. Therefore, this thesis provides proof of concept confirming the key value of a modular and reconfigurable testbed, PICSEL

Kommunikation und Bildverarbeitung in der Automation

In diesem Open Access-Tagungsband sind die besten Beiträge des 11. Jahreskolloquiums "Kommunikation in der Automation" (KommA 2020) und des 7. Jahreskolloquiums "Bildverarbeitung in der Automation" (BVAu 2020) enthalten. Die Kolloquien fanden am 28. und 29. Oktober 2020 statt und wurden erstmalig als digitale Webveranstaltung auf dem Innovation Campus Lemgo organisiert. Die vorgestellten neuesten Forschungsergebnisse auf den Gebieten der industriellen Kommunikationstechnik und Bildverarbeitung erweitern den aktuellen Stand der Forschung und Technik. Die in den Beiträgen enthaltenen anschauliche Anwendungsbeispiele aus dem Bereich der Automation setzen die Ergebnisse in den direkten Anwendungsbezug

Traffic characterization in a communications channel for monitoring and control in real-time systems

The response time for remote monitoring and control in real-time systems is a sensitive issue in device interconnection elements. Therefore, it is necessary to analyze the traffic of the communication system in pre-established time windows. In this paper, a methodology based on computational intelligence is proposed for identifying the availability of a data channel and the variables or characteristics that affect the performance and data transfer, which is made up of four stages: a) integration of a communication system with an acquisition module and a final control structure; b) communication channel characterization by means of traffic variables; and c) relevance analysis from the characterization space using SFFS (sequential forward oating selection); d) Channel congestion classification as Low or High using a classifier based on Naive Bayes algorithm. The experimental setup emulates a real process using an on/off remote control of a DC motor on an Ethernet network. The communication time between the client and server was integrated with the operation and control times, to study the whole response time. This proposed approach allows support decisions about channel availability, to establish predictions about the length of the time window when the availability conditions are unknown

Cybersecurity in Industrial Networks: Artificial Intelligence Techniques Applied to Intrusion Detection Systems

Industrial control systems (ICS) operate on serial based networks which lack proper security safeguards by design. They are also becoming more integrated to corporate networks, creating new vulnerabilities which expose ICS networks to increasing levels of risk with potentially significant impact. Despite those risks, only a few mechanisms have been suggested and are available in practice as cybersecurity safeguards for the ICS network layer, maybe because they might not be commercially viable. Intrusion detection systems (IDS) are typically deployed in the corporate networks to protect against attacks since they are based on TCP/IP. However, IDS are not used in serial based ICS networks yet. This study examines and compares modern Artificial Intelligence (AI) techniques applied in IDS that are potentially useful for serial-based ICS networks. The results showed that current AI-based IDS methods are viable in such networks. A mix of AI techniques would be the best way forward to detect known attacks via rules and novel attacks, not previously mapped, via supervised and unsupervised techniques. Despite these strategies’ limited use in serial-based networks, their adoption could significantly strengthen cybersecurity of ICS networks