An integrated risk analysis framework for safety and cybersecurity of industrial SCADA system

The industrial control system (ICS) refers to a collection of various types of control systems commonly found in industrial sectors and critical infrastructures such as energy, oil and gas, transportation, and manufacturing. The supervisory control and data acquisition (SCADA) system is a type of ICS that controls and monitors operations and industrial processes scattered across a large geographic area. SCADA systems are relying on information and communication technology to improve the efficiency of operations. This integration means that SCADA systems are targeted by the same threats and vulnerabilities that affect ICT assets. This means that the cybersecurity problem in SCADA system is exacerbated by the IT heritage issue. If the control system is compromised due to this connection, serious consequences may follow. This leads to the necessity to have an integrated framework that covers both safety and security risk analysis in this context. This thesis proposes an integrated risk analysis framework that comprise of four stages, and that build on the advances of risk science and industry standards, to improve understanding of SCADA system complexity, and manage risks considering process safety and cybersecurity in a holistic approach. The suggested framework is committed to improving safety and security risk analysis by examining the expected consequences through integrated risk identifications and identifying adequate safeguards and countermeasures to defend cyber-attack scenarios. A simplified SCADA system and an undesirable scenario of overpressure in the pipeline are presented in which the relevant stages of the framework are applied

Cyber Infrastructure Protection: Vol. III

Despite leaps in technological advancements made in computing system hardware and software areas, we still hear about massive cyberattacks that result in enormous data losses. Cyberattacks in 2015 included: sophisticated attacks that targeted Ashley Madison, the U.S. Office of Personnel Management (OPM), the White House, and Anthem; and in 2014, cyberattacks were directed at Sony Pictures Entertainment, Home Depot, J.P. Morgan Chase, a German steel factory, a South Korean nuclear plant, eBay, and others. These attacks and many others highlight the continued vulnerability of various cyber infrastructures and the critical need for strong cyber infrastructure protection (CIP). This book addresses critical issues in cybersecurity. Topics discussed include: a cooperative international deterrence capability as an essential tool in cybersecurity; an estimation of the costs of cybercrime; the impact of prosecuting spammers on fraud and malware contained in email spam; cybersecurity and privacy in smart cities; smart cities demand smart security; and, a smart grid vulnerability assessment using national testbed networks.https://press.armywarcollege.edu/monographs/1412/thumbnail.jp

Industrial control systems cybersecurity analysis and countermeasures

Industrial Control Systems (ICS) are frequently used in the manufacturing industry and critical infrastructures, such as water, oil and transportation. Disruption of these industries could have disastrous consequences, leading to financial loss or even human lives. Over time, technological development has improved ICS components; however, little research has been done to improve its security posture. In this research, a novel attack vector addressed to the Input and Output memory of the latest SIMATIC S7-1500 PLC is presented. The results obtained during the experimentation process show that attacks on the PLC memory can have a significantly detrimental effect on the operations of the control system. Furthermore, this research describes implements and evaluates the physical, hybrid and virtual model of a Clean Water Supply System developed for the cybersecurity analysis of the Industrial Control System. The physical testbed is implemented on the Festo MPA platform, while the virtual representation of this platform is implemented in MATLAB. The results obtained during the evaluation of the three testbeds show the strengths and weaknesses of each implementation. Likewise, this research proposes two approaches for Industrial Control Systems cyber-security analysis. The first approach involves an attack detection and mitigation mechanism that focuses on the input memory of PLC and is implemented as part of its code. The response mechanism involves three different techniques: optimized data blocks, switching between control strategies, and obtaining sensor readings directly from the analogue channel. The Clean Water Supply System described above is employed for the practical evaluation of this approach. The second approach corresponds to a supervised energy-based system to anomaly detection using a novel energy-based dataset. The results obtained during the experimentation process show that machine learning algorithms can classify the variations of energy produced by the execution of cyber-attacks as anomalous. The results show the feasibility of the approach presented in this research by achieving an F1-Score of 95.5%, and 6.8% FNR with the Multilayer Perceptron Classifier

Capability-based access control for cyber physical systems

Cyber Physical Systems (CPS) couple digital systems with the physical environment, creating technical, usability, and economic security challenges beyond those of information systems. Their distributed and hierarchical nature, real-time and safety-critical requirements, and limited resources create new vulnerability classes and severely constrain the security solution space. This dissertation explores these challenges, focusing on Industrial Control Systems (ICS), but demonstrating broader applicability to the whole domain. We begin by systematising the usability and economic challenges to secure ICS. We fingerprint and track more than 10\,000 Internet-connected devices over four years and show the population is growing, continuously-connected, and unpatched. We then explore adversarial interest in this vulnerable population. We track 150\,000 botnet hosts, sift 70 million underground forum posts, and perform the largest ICS honeypot study to date to demonstrate that the cybercrime community has little competence or interest in the domain. We show that the current heterogeneity, cost, and level of expertise required for large-scale attacks on ICS are economic deterrents when targets in the IoT domain are available. The ICS landscape is changing, however, and we demonstrate the imminent convergence with the IoT domain as inexpensive hardware, commodity operating Cyber Physical Systems (CPS) couple digital systems with the physical environment, creating technical, usability, and economic security challenges beyond those of information systems. Their distributed and hierarchical nature, real-time and safety-critical requirements, and limited resources create new vulnerability classes and severely constrain the security solution space. This dissertation explores these challenges, focusing on Industrial Control Systems (ICS), but demonstrating broader applicability to the whole domain. We begin by systematising the usability and economic challenges to secure ICS. We fingerprint and track more than 10,000 Internet-connected devices over four years and show the population is growing, continuously-connected, and unpatched. We then explore adversarial interest in this vulnerable population. We track 150,000 botnet hosts, sift 70 million underground forum posts, and perform the largest ICS honeypot study to date to demonstrate that the cybercrime community has little competence or interest in the domain. We show that the current heterogeneity, cost, and level of expertise required for large-scale attacks on ICS are economic deterrents when targets in the IoT domain are available. The ICS landscape is changing, however, and we demonstrate the imminent convergence with the IoT domain as inexpensive hardware, commodity operating systems, and wireless connectivity become standard. Industry's security solution is boundary defence, pushing privilege to firewalls and anomaly detectors; however, this propagates rather than minimises privilege and leaves the hierarchy vulnerable to a single boundary compromise. In contrast, we propose, implement, and evaluate a security architecture based on distributed capabilities. Specifically, we show that object capabilities, representing physical resources, can be constructed, delegated, and used anywhere in a distributed CPS by composing hardware-enforced architectural capabilities and cryptographic network tokens. Our architecture provides defence-in-depth, minimising privilege at every level of the CPS hierarchy, and both supports and adds integrity protection to legacy CPS protocols. We implement distributed capabilities in robotics and ICS demonstrators, and we show that our architecture adds negligible overhead to realistic integrations and can be implemented without significant modification to existing source code. In contrast, we propose, implement, and evaluate a security architecture based on distributed capabilities. Specifically, we show that object capabilities, representing physical resources, can be constructed, delegated, and used anywhere in a distributed CPS by composing hardware-enforced architectural capabilities and cryptographic network tokens. Our architecture provides defence-in-depth, minimising privilege at every level of the CPS hierarchy, and both supports and adds integrity protection to legacy CPS protocols. We implement distributed capabilities in robotics and ICS demonstrators, and we show that our architecture adds negligible overhead to realistic integrations and can be implemented without significant modification to existing source code

Analysis and design of security mechanisms in the context of Advanced Persistent Threats against critical infrastructures

Industry 4.0 can be defined as the digitization of all components within the industry, by combining productive processes with leading information and communication technologies. Whereas this integration has several benefits, it has also facilitated the emergence of several attack vectors. These can be leveraged to perpetrate sophisticated attacks such as an Advanced Persistent Threat (APT), that ultimately disrupts and damages critical infrastructural operations with a severe impact. This doctoral thesis aims to study and design security mechanisms capable of detecting and tracing APTs to ensure the continuity of the production line. Although the basic tools to detect individual attack vectors of an APT have already been developed, it is important to integrate holistic defense solutions in existing critical infrastructures that are capable of addressing all potential threats. Additionally, it is necessary to prospectively analyze the requirements that these systems have to satisfy after the integration of novel services in the upcoming years. To fulfill these goals, we define a framework for the detection and traceability of APTs in Industry 4.0, which is aimed to fill the gap between classic security mechanisms and APTs. The premise is to retrieve data about the production chain at all levels to correlate events in a distributed way, enabling the traceability of an APT throughout its entire life cycle. Ultimately, these mechanisms make it possible to holistically detect and anticipate attacks in a timely and autonomous way, to deter the propagation and minimize their impact. As a means to validate this framework, we propose some correlation algorithms that implement it (such as the Opinion Dynamics solution) and carry out different experiments that compare the accuracy of response techniques that take advantage of these traceability features. Similarly, we conduct a study on the feasibility of these detection systems in various Industry 4.0 scenarios

Operational Technology Preparedness:A Risk-Based Safety Approach to Scoping Security Tests for Cyber Incident Response and Recovery

Following the advent of Industry 4.0, there have been significant benefits to industrial process optimisation through increased interconnectivity and the integration of Information Technology (IT) and Operational Technology (OT). However, this has also led to an increased attack surface for cyber threat actors to target. A growing number of cyber attacks on industrial environments, including Critical National Infrastructure, has, subsequently, been observed. In response, government and standardisation organisations alike have invested considerable resources in improving the cyber security of these environments. This includes response and recovery, often used as a last line of defence against cyber attacks. However, due to the unique design philosophies of Industrial Control Systems (ICS), several challenges exist for effectively securing these systems against digital threats. Through an analysis of standards and guidelines, used for assessing and improving cyber incident response and recovery capabilities, and stakeholder engagement on the implementation of these in practice, this thesis first identifies the challenges that exist when it comes to preparing for cyber incidents targeting ICS/OT environments. In particular, risk management, which involves identifying, evaluating, and prioritising risks and finding solutions to minimise, monitor, and control these, was found to be essential for improving preparation for cyber incidents. Assurance techniques are used as part of risk management to generate evidence for making claims of assurances about security. Alongside this, adversary-centric security tests such as penetration tests are used to evaluate and improve cyber resilience and incident response capabilities by emulating the actions of malicious actors. However, despite the benefits that these provide, they are currently not implemented to their full potential due to the safety and operational risks that exist in ICS/OT environments. This thesis contributes to academic and industry knowledge by proposing a framework that incorporates methods for identifying and quantifying the safety and operational risks of conducting adversary-centric security tests within ICS/OT environments. In understanding the risks, these engagements can be scoped using precise constraints so as to maximise the depth of testing while minimising risk to safety and the operational process. The framework is then evaluated through a qualitative study involving industry experts, confirming the framework's validity for implementation in practice

Gefährdungslage deutscher Arztpraxen (als Teil des Gesundheitswesens und der KMU) durch Cybercrime

Begünstigt durch den rapiden Technisierungsanstieg in der Gesellschaft stehen Erpressung und Datendiebstahl zunehmend im Fokus der gut organisierten Cyberkriminellen. Besonders deutlich wird dies in der Bedrohung durch Ransomware. Patientendaten haben sich als sehr begehrt für Kriminelle herausgestellt. In dieser Arbeit galt es herauszufinden, ob deutsche Arztpraxen in besonderem Maße durch Cybercrime bedroht sind. Eine Publikationenanalyse ergab, dass Einrichtungen des Gesundheitswesens tendenziell eher gefährdet sind als diejenigen anderer Bereiche. Gründe sind meist ein zu geringes Risikobewusstsein sowie eine Mitarbeiterüberforderung aufgrund der einhergehenden Komplexitätserhöhung. Geringe Investitionen und menschliches Fehlverhalten sind die Folge. Verstärkt wird dies durch einen wirtschaftlichen Handlungsdruck. Folgen von Cybercrime können vor allem IT- und Rechtskosten sowie Reputations- oder Approbationsverlust sein. Die Gefahr kompromittierter Praxis-WLANs wurde bisher nur unzureichend wissenschaftlich untersucht. Von daher erfolgte in dieser Arbeit eine mittels Wardriving durchgeführte Datenerhebung als Langzeitstudie in der Stadt Jena sowie eine Querschnittsstudie für die dortigen Psychotherapeuten und Ärzte mit neurologischem oder psychiatrischem Fachgebiet. In Jena konnte ein positiver Trend bezüglich der Verschlüsselung festgestellt werden (Anstieg von WPA2). Dieser wurde durch eine nicht optimale Konfiguration und eine wachsende Zahl von aktiviertem WPS ( vor allem bei WPA2) wieder relativiert. Somit sind WLANs durch Brute-Force-Angriffe bedroht. Die Zielgruppe organisierte sich in 58 Praxen (19 konnten ihrem WLAN zugeordnet werden). Diese WLANs wiesen eine sehr sichere Verschlüsselung auf (über dem Niveau des Stadtgebiets). Dem entgegen stand die hohe Zahl von aktivem WPS, auch wenn oftmals hochwertige Router zum Einsatz kamen. Zusammenfassend lässt sich feststellen, dass der beste Schutz der Praxis-WLANs die Nichtidentifizierbarkeit darstellt