Securing the Participation of Safety-Critical SCADA Systems in the Industrial Internet of Things

In the past, industrial control systems were ‘air gapped’ and isolated from more conventional networks. They used specialist protocols, such as Modbus, that are very different from TCP/IP. Individual devices used proprietary operating systems rather than the more familiar Linux or Windows. However, things are changing. There is a move for greater connectivity – for instance so that higher-level enterprise management systems can exchange information that helps optimise production processes. At the same time, industrial systems have been influenced by concepts from the Internet of Things; where the information derived from sensors and actuators in domestic and industrial components can be addressed through network interfaces. This paper identifies a range of cyber security and safety concerns that arise from these developments. The closing sections introduce potential solutions and identify areas for future research

When Operation Technology Meets Information Technology: Challenges and Opportunities

Industry 4.0 has revolutionized process innovation while facilitating and encouraging many new possibilities. The objective of Industry 4.0 is the radical enhancement of productivity, a goal that presupposes the integration of Operational Technology (OT) networks with Information Technology (IT) networks, which were hitherto isolated. This disruptive approach is enabled by adopting several emerging technologies in Enterprise processes. In this manuscript, we discuss what we believe to be one of the main challenges preventing the full employment of Industry 4.0, namely, the integration of Operation Technology networking and Information Technology networking. We discuss the technical challenges alongside the potential tools while providing a state-of-the-art use case scenario. We showcase a possible solution based on the Asset Administration Shell approach, referring to the use case of camera synchronization for collaborative tasks

Digital twin of experimental smart manufacturing assembly system for Industry 4.0 concept

This article deals with the creation of a digital twin for an experimental assembly system based on a belt conveyor system and an automatized line for quality production check. The point of interest is a Bowden holder assembly from a 3D printer, which consists of a stepper motor, plastic components, and some fastener parts. The assembly was positioned in a fixture with ultra high frequency (UHF) tags and internet of things (IoT) devices for identification of status and position. The main task was parts identification and inspection, with the synchronization of all data to a digital twin model. The inspection system consisted of an industrial vision system for dimension, part presence, and errors check before and after assembly operation. A digital twin is realized as a 3D model, created in CAD design software (CDS) and imported to a Tecnomatix platform to simulate all processes. Data from the assembly system were collected by a programmable logic controller (PLC) system and were synchronized by an open platform communications (OPC) server to a digital twin model and a cloud platform (CP). Digital twins can visualize the real status of a manufacturing system as 3D simulation with real time actualization. Cloud platforms are used for data mining and knowledge representation in timeline graphs, with some alarms and automatized protocol generation. Virtual digital twins can be used for online optimization of an assembly process without the necessity to stop that is involved in a production line. © 2020 by the authors.European Union's Horizon 2020 research and innovation program under the Marie Sklodowska-CurieEuropean Union (EU) [734713]; Ministry of Industry and Trade of the Czech Republic [FV20419]; Ministry of Education of the Slovak Republic [VEGA 1/0700/20, 055TUKE-4/2020

The future roadmap of in-vehicle network processing: a HW-centric (R-)evolution

© 2022 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes,creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.The automotive industry is undergoing a deep revolution. With the race towards autonomous driving, the amount of technologies, sensors and actuators that need to be integrated in the vehicle increases exponentially. This imposes new great challenges in the vehicle electric/electronic (E/E) architecture and, especially, in the In-Vehicle Network (IVN). In this work, we analyze the evolution of IVNs, and focus on the main network processing platform integrated in them: the Gateway (GW). We derive the requirements of Network Processing Platforms that need to be fulfilled by future GW controllers focusing on two perspectives: functional requirements and structural requirements. Functional requirements refer to the functionalities that need to be delivered by these network processing platforms. Structural requirements refer to design aspects which ensure the feasibility, usability and future evolution of the design. By focusing on the Network Processing architecture, we review the available options in the state of the art, both in industry and academia. We evaluate the strengths and weaknesses of each architecture in terms of the coverage provided for the functional and structural requirements. In our analysis, we detect a gap in this area: there is currently no architecture fulfilling all the requirements of future automotive GW controllers. In light of the available network processing architectures and the current technology landscape, we identify Hardware (HW) accelerators and custom processor design as a key differentiation factor which boosts the devices performance. From our perspective, this points to a need - and a research opportunity - to explore network processing architectures with a strong HW focus, unleashing the potential of next-generation network processors and supporting the demanding requirements of future autonomous and connected vehicles.Peer ReviewedPostprint (published version

System-on-chip architecture for secure sub-microsecond synchronization systems

213 p.En esta tesis, se pretende abordar los problemas que conlleva la protección cibernética del Precision Time Protocol (PTP). Éste es uno de los protocolos de comunicación más sensibles de entre los considerados por los organismos de estandarización para su aplicación en las futuras Smart Grids o redes eléctricas inteligentes. PTP tiene como misión distribuir una referencia de tiempo desde un dispositivo maestro al resto de dispositivos esclavos, situados dentro de una misma red, de forma muy precisa. El protocolo es altamente vulnerable, ya que introduciendo tan sólo un error de tiempo de un microsegundo, pueden causarse graves problemas en las funciones de protección del equipamiento eléctrico, o incluso detener su funcionamiento. Para ello, se propone una nueva arquitectura System-on-Chip basada en dispositivos reconfigurables, con el objetivo de integrar el protocolo PTP y el conocido estándar de seguridad MACsec para redes Ethernet. La flexibilidad que los modernos dispositivos reconfigurables proporcionan, ha sido aprovechada para el diseño de una arquitectura en la que coexisten procesamiento hardware y software. Los resultados experimentales avalan la viabilidad de utilizar MACsec para proteger la sincronización en entornos industriales, sin degradar la precisión del protocolo

The use of Sensor Networks to create smart environments

Internet of Things is taking the world in order to be the next big thing since the Internet, with almost every object being connected to gather data and allow control through mobile and web devices. But this revolution has some barriers with the lack of standardization in communications or sensors. In this dissertation we present a proposal of a system dedicated to creating smart environments using sensor networks, with a practical application developed to achieve automation, efficiency and versatility, allowing real-time monitoring and remote control of any object or environment improving user experience, tasks efficiency and leading to costs reduction. The developed system, that includes software and hardware, is based on adaptive and Artificial Intelligence algorithms and low cost IoT devices, taking advantage of the best communication protocols, allowing the developed system to be suited and easily adapted to any specification by any person. We evaluate the best communication and devices for the desired implementa tion and demonstrate how to create all the network nodes, including the build of a custom IoT Gateway and Sensor Node. We also demonstrate the efficiency of the developed system in real case scenarios. The main contributions of our study are the design and implementation of a novel architecture for adaptive IoT projects focus on environment efficiency, with practical demonstration, as well as comparison study for the best suited communication protocols for low cost IoT devices.A Internet of Things está a atingir o mundo de modo a tornar-se a próxima grande revolução depois da Internet, com quase todos os objectos a estarem ligados para recolher dados e permitir o controlo através de dispositivos móveis. Mas esta revolução depara-se com vários desafios devido à falta de standards no que toca a comunicações ou sensores. Nesta dissertação apresentamos uma proposta para um sistema dedicado a criar ambientes inteligentes usando redes de sensores, com uma aplicação prática desenvolvida para oferecer automação, eficiência e versatilidade, permitindo uma monitorização e controlo remoto seguro em tempo real de qualquer objecto ou ambiente, melhorando assim a experiência do utilizador e a eficiência das tarefas evando a redução de custos. O sistema desenvolvido, que inclui software e hard ware, usa algoritmos adaptáveis com Inteligência Artificial e dispositivos IoT de baixo custo, utilizando os melhores protocolos de comunicação, permitindo que o mesmo seja apropriado e facilmente adaptado para qualquer especificação por qualquer pessoa. Avaliamos os melhores métodos de comunicação e dispositivos necessários para a implementação e demonstramos como criar todos os nós da rede, incluindo a construção de IoT Gateway e Sensor Node personalizados. Demonstramos também a eficácia do sistema desenvolvido através da aplicação do mesmo em casos reais. As principais contribuições do nosso estudo passam pelo desenho e implemen tação de uma nova arquitectura para projectos adaptáveis de IoT com foco na eficiência do objecto, incluindo a demonstração pratica, tal como um estudo com parativo sobre os melhores protocolos de comunicação para dispositivos IoT de baixo custo

Design and Development of Smart Brain-Machine-Brain Interface (SBMIBI) for Deep Brain Stimulation and Other Biomedical Applications

Machine collaboration with the biological body/brain by sending electrical information back and forth is one of the leading research areas in neuro-engineering during the twenty-first century. Hence, Brain-Machine-Brain Interface (BMBI) is a powerful tool for achieving such machine-brain/body collaboration. BMBI generally is a smart device (usually invasive) that can record, store, and analyze neural activities, and generate corresponding responses in the form of electrical pulses to stimulate specific brain regions. The Smart Brain-Machine-Brain-Interface (SBMBI) is a step forward with compared to the traditional BMBI by including smart functions, such as in-electrode local computing capabilities, and availability of cloud connectivity in the system to take the advantage of powerful cloud computation in decision making. In this dissertation work, we designed and developed an innovative form of Smart Brain-Machine-Brain Interface (SBMBI) and studied its feasibility in different biomedical applications. With respect to power management, the SBMBI is a semi-passive platform. The communication module is fully passive—powered by RF harvested energy; whereas, the signal processing core is battery-assisted. The efficiency of the implemented RF energy harvester was measured to be 0.005%. One of potential applications of SBMBI is to configure a Smart Deep-Brain-Stimulator (SDBS) based on the general SBMBI platform. The SDBS consists of brain-implantable smart electrodes and a wireless-connected external controller. The SDBS electrodes operate as completely autonomous electronic implants that are capable of sensing and recording neural activities in real time, performing local processing, and generating arbitrary waveforms for neuro-stimulation. A bidirectional, secure, fully-passive wireless communication backbone was designed and integrated into this smart electrode to maintain contact between the smart electrodes and the controller. The standard EPC-Global protocol has been modified and adopted as the communication protocol in this design. The proposed SDBS, by using a SBMBI platform, was demonstrated and tested through a hardware prototype. Additionally the SBMBI was employed to develop a low-power wireless ECG data acquisition device. This device captures cardiac pulses through a non-invasive magnetic resonance electrode, processes the signal and sends it to the backend computer through the SBMBI interface. Analysis was performed to verify the integrity of received ECG data

Oops I Did it Again:Further Adventures in the Land of ICS Security Testbeds

Research efforts in the security of Industrial Control Systems (ICS) have dramatically increased over the past few years. However, there is a limiting factor when work cannot be evaluated on real-world systems due to safety and operational reasons. This has led to multiple deployments of ICS testbeds covering multiple sectors including water treatment, power distribution and transportation networks. Over the last five years, we have designed and constructed ICS testbeds to support cyber security research. Our prior work in building testbeds culminated in a set of design principles and lessons learnt, formulated to support other researchers in designing and building their own ICS testbeds. In the last two years we have taken these lessons and used them to guide our own greenfield large-scale, complex and process-diverse security testbed affording a rare opportunity to design and build from the ground up – one in which we have been able to look back and validate those past lessons and principles. In this work we describe the process of building our new ICS and Industrial Internet of Things (IIoT) testbed, and give an overview of its architecture. We then reflect on our past lessons, and con- tribute five previously unrecognised additional lessons based on this experience

Secure Control and Operation of Energy Cyber-Physical Systems Through Intelligent Agents

The operation of the smart grid is expected to be heavily reliant on microprocessor-based control. Thus, there is a strong need for interoperability standards to address the heterogeneous nature of the data in the smart grid. In this research, we analyzed in detail the security threats of the Generic Object Oriented Substation Events (GOOSE) and Sampled Measured Values (SMV) protocol mappings of the IEC 61850 data modeling standard, which is the most widely industry-accepted standard for power system automation and control. We found that there is a strong need for security solutions that are capable of defending the grid against cyber-attacks, minimizing the damage in case a cyber-incident occurs, and restoring services within minimal time. To address these risks, we focused on correlating cyber security algorithms with physical characteristics of the power system by developing intelligent agents that use this knowledge as an important second line of defense in detecting malicious activity. This will complement the cyber security methods, including encryption and authentication. Firstly, we developed a physical-model-checking algorithm, which uses artificial neural networks to identify switching-related attacks on power systems based on load flow characteristics. Secondly, the feasibility of using neural network forecasters to detect spoofed sampled values was investigated. We showed that although such forecasters have high spoofed-data-detection accuracy, they are prone to the accumulation of forecasting error. In this research, we proposed an algorithm to detect the accumulation of the forecasting error based on lightweight statistical indicators. The effectiveness of the proposed algorithms was experimentally verified on the Smart Grid testbed at FIU. The test results showed that the proposed techniques have a minimal detection latency, in the range of microseconds. Also, in this research we developed a network-in-the-loop co-simulation platform that seamlessly integrates the components of the smart grid together, especially since they are governed by different regulations and owned by different entities. Power system simulation software, microcontrollers, and a real communication infrastructure were combined together to provide a cohesive smart grid platform. A data-centric communication scheme was selected to provide an interoperability layer between multi-vendor devices, software packages, and to bridge different protocols together

Co-design of Security Aware Power System Distribution Architecture as Cyber Physical System

The modern smart grid would involve deep integration between measurement nodes, communication systems, artificial intelligence, power electronics and distributed resources. On one hand, this type of integration can dramatically improve the grid performance and efficiency, but on the other, it can also introduce new types of vulnerabilities to the grid. To obtain the best performance, while minimizing the risk of vulnerabilities, the physical power system must be designed as a security aware system. In this dissertation, an interoperability and communication framework for microgrid control and Cyber Physical system enhancements is designed and implemented taking into account cyber and physical security aspects. The proposed data-centric interoperability layer provides a common data bus and a resilient control network for seamless integration of distributed energy resources. In addition, a synchronized measurement network and advanced metering infrastructure were developed to provide real-time monitoring for active distribution networks. A hybrid hardware/software testbed environment was developed to represent the smart grid as a cyber-physical system through hardware and software in the loop simulation methods. In addition it provides a flexible interface for remote integration and experimentation of attack scenarios. The work in this dissertation utilizes communication technologies to enhance the performance of the DC microgrids and distribution networks by extending the application of the GPS synchronization to the DC Networks. GPS synchronization allows the operation of distributed DC-DC converters as an interleaved converters system. Along with the GPS synchronization, carrier extraction synchronization technique was developed to improve the system’s security and reliability in the case of GPS signal spoofing or jamming. To improve the integration of the microgrid with the utility system, new synchronization and islanding detection algorithms were developed. The developed algorithms overcome the problem of SCADA and PMU based islanding detection methods such as communication failure and frequency stability. In addition, a real-time energy management system with online optimization was developed to manage the energy resources within the microgrid. The security and privacy were also addressed in both the cyber and physical levels. For the physical design, two techniques were developed to address the physical privacy issues by changing the current and electromagnetic signature. For the cyber level, a security mechanism for IEC 61850 GOOSE messages was developed to address the security shortcomings in the standard