An Educational Framework to Support Industrial Control System Security Engineering

Industrial Control Systems (ICSs) are used to monitor and control critical infrastructure such as electricity and water. ICS were originally stand-alone systems, but are now widely being connected to corporate national IT networks, making remote monitoring and more timely control possible. While this connectivity has brought multiple benefits to ICS, such as cost reductions and an increase in redundancy and flexibility, ICS were not designed for open connectivity and therefore are more prone to security threats, creating a greater requirement for adequate security engineering approaches. The culture gap between developers and security experts is one of the main challenges of ICS security engineering. Control system developers play an important role in building secure systems; however, they lack security training and support throughout the development process. Security training, which is an essential activity in the defence-indepth strategy for ICS security, has been addressed, but has not been given sufficient attention in academia. Security support is a key means by which to tackle this challenge via assisting developers in ICS security by design. This thesis proposes a novel framework, the Industrial Control System Security Engineering Support (ICS-SES), which aims to help developers in designing secure control systems by enabling them to reuse secure design patterns and improve their security knowledge. ICS-SES adapts pattern-based approach to guide developers in security engineering, and an automated planning technique to provide adaptive on-the-job security training tailored to personal needs. The usability of ICS-SES has been evaluated using an empirical study in terms of its effectiveness in assisting the design of secure control systems and improving developers’ security knowledge. The results show that ICS-SES can efficiently help control system designers to mitigate security vulnerabilities and improve their security knowledge, reducing the difficulties associated with the security engineering process, and the results have been found to be statically significant. In summary, ICS-SES provides a unified method of supporting an ICS security by design approach. It fosters a development environment where engineers can improve their security knowledge while working in a control system production line.Libyan Embassy in London, U

Blockchain-based model for tracking software requirement compliance in industrial control systems with secure software development lifecycle

Disertacija se bavi istraživanjem je primena Hyperledger Fabric blokčejn rešenja za praćenje usklađenosti softvera sa bezbednosnim zahtevima u industrijskim upravljačkim sistemima. Definisan je model koji obuhvata učesnike, slučajeve korišćenja i princip bezbednosti podataka. Validacija modela sprovedena je kroz analizu bezbednosne prakse Upravljanje bezbednošću, deo standarda IEC 62443-4-1, koji obuhvata 13 zahteva. Model omogućava transparentnost, neporeljivost, sledljivost i dostupnost informacija, bitne osobine za industrijske upravljačke sisteme u kritičnim infrastrukturama. Poverljivost informacija obezbeđena je upotrebom privatne blokčejn mreže poput Hyperledger Fabric. Dalje, definisani su dijagrami slučajeva korišćenja i organizacije neophodni za funkcionalnost sistema. Korišćen je IPFS za skladištenje dokumenata, a zatim je postavljeno rešenje za Hyperledger Fabric blokčejnu mrežu. Ovaj pristup pruža uvid u usklađenost softvera, posebno u kritičnim sektorima, obezbeđujući sigurnost podataka i efikasnu implementaciju rešenja.This thesis investigates the application of the Hyperledger Fabric blockchain solution for monitoring software compliance with security requirements in industrial control systems. A model is defined that includes participants, use cases and the principle of data security. Validation of the model was carried out through the analysis of the safety practice Security management, part of the standard IEC 62443-4-1, which includes 13 requirements. The model enables transparency, non-repudiation, traceability and availability of information, essential features for industrial management systems in critical infrastructures. Information confidentiality is ensured by using a private blockchain network like Hyperledger Fabric. Furthermore, use case diagrams and organization necessary for system functionality are defined. IPFS was used to store documents, and then the solution was deployed on the Hyperledger Fabric blockchain network. This comprehensive approach provides insight into software compliance, particularly in critical sectors, ensuring data security and effective solution implementation