Securing the Participation of Safety-Critical SCADA Systems in the Industrial Internet of Things

In the past, industrial control systems were ‘air gapped’ and isolated from more conventional networks. They used specialist protocols, such as Modbus, that are very different from TCP/IP. Individual devices used proprietary operating systems rather than the more familiar Linux or Windows. However, things are changing. There is a move for greater connectivity – for instance so that higher-level enterprise management systems can exchange information that helps optimise production processes. At the same time, industrial systems have been influenced by concepts from the Internet of Things; where the information derived from sensors and actuators in domestic and industrial components can be addressed through network interfaces. This paper identifies a range of cyber security and safety concerns that arise from these developments. The closing sections introduce potential solutions and identify areas for future research

Tracking advanced persistent threats in critical infrastructures through opinion dynamics

Advanced persistent threats pose a serious issue for modern industrial environments, due to their targeted and complex attack vectors that are difficult to detect. This is especially severe in critical infrastructures that are accelerating the integration of IT technologies. It is then essential to further develop effective monitoring and response systems that ensure the continuity of business to face the arising set of cyber-security threats. In this paper, we study the practical applicability of a novel technique based on opinion dynamics, that permits to trace the attack throughout all its stages along the network by correlating different anomalies measured over time, thereby taking the persistence of threats and the criticality of resources into consideration. The resulting information is of essential importance to monitor the overall health of the control system and cor- respondingly deploy accurate response procedures. Advanced Persistent Threat Detection Traceability Opinion Dynamics.Universidad de Málaga. Campus de Excelencia Internacional Andalucía Tech

Why We Cannot (Yet) Ensure the Cybersecurity of Safety-Critical Systems

There is a growing threat to the cyber-security of safety-critical systems. The introduction of Commercial Off The Shelf (COTS) software, including Linux, specialist VOIP applications and Satellite Based Augmentation Systems across the aviation, maritime, rail and power-generation infrastructures has created common, vulnerabilities. In consequence, more people now possess the technical skills required to identify and exploit vulnerabilities in safety-critical systems. Arguably for the first time there is the potential for cross-modal attacks leading to future ‘cyber storms’. This situation is compounded by the failure of public-private partnerships to establish the cyber-security of safety critical applications. The fiscal crisis has prevented governments from attracting and retaining competent regulators at the intersection of safety and cyber-security. In particular, we argue that superficial similarities between safety and security have led to security policies that cannot be implemented in safety-critical systems. Existing office-based security standards, such as the ISO27k series, cannot easily be integrated with standards such as IEC61508 or ISO26262. Hybrid standards such as IEC 62443 lack credible validation. There is an urgent need to move beyond high-level policies and address the more detailed engineering challenges that threaten the cyber-security of safety-critical systems. In particular, we consider the ways in which cyber-security concerns undermine traditional forms of safety engineering, for example by invalidating conventional forms of risk assessment. We also summarise the ways in which safety concerns frustrate the deployment of conventional mechanisms for cyber-security, including intrusion detection systems

Commercial critical systems and critical infrastructure protection : a future research agenda

Secure management of Australia&rsquo;s commercial critical infrastructure presents ongoing challenges to owners and the government. Although it is currently managed through high-level information sharing via collaboration, but does this suit the commercial sector. One of the issues facing Australia is that the majority of critical infrastructure resides under the control of the business sector and certain aspects such of the critical infrastructure such as Supply Chain Management (SCM) systems are distributed entities and not a single entity. The paper focuses upon the security issues associated with SCM systems and critical infrastructure protection.<br /

Examining potential benefits and challenges associated with the Internet of Things integration in supply chains

Purpose The Internet of Things (IoT) is expected to have a huge impact on businesses and, especially, the way we think about supply chain management. However, there is still a paucity of studies on the impact of IoT adoption on supply chains and on different aspects of the business in general. The research aims to examine the perception of the academic community of the impact of the Internet of Things (IoT) adoption in organizational supply chains with a view to verify potential key benefits and challenges existent in the literature. The research presents the impact on an organization along with the impact across its entire supply chain. Design/methodology/approach Data was collected through the use of an online survey and 87 participants completed the survey. Participants were mainly from the academic community and were university scholars based in different countries located in six continents. Participants were authors, or co-authors, of academic papers published in the Decision Science Institute 2015 and 2016 annual conference proceedings, the 21st International Symposium of Sustainable Transport and Supply Chain Innovations, the Supply Chain Management : An International Journal 2016 issues, and the Operations and Supply Chain Management : an International Journal 2016 issues. Findings We were able to confirm the significance of some of the examined potential benefits to individual organizations and their entire supply chains. However, the study identified other potential benefits that were not seen as a direct impact of IoT adoption. Most of the examined potential benefits were found to contribute to a number of critical success factors for implementing successful supply chain management. We were also able to confirm that some of the examined potential challenges were still perceived as key hinders to IoT adoption but examined potential challenges were not seen as hurdles to IoT adoption. Originality/value To our best knowledge, this is the first study of its kind. Although some literature attempted to provide an overview about the IoT management, no study has specifically explored potential benefits and challenges related to the adoption of IoT in supply chains and ranked them based on their significance. The results can be beneficial to; academic scholars interested in the researched topic, business professionals, organizations within different sectors, and any other party interested in understanding more about the impact of adopting IoT on supply chain management