Resilience to cyber-attacks in critical infrastructures of Portugal

As infraestruturas críticas são sempre um potencial alvo para ciberataques, uma vez que a repercussão de um ataque bem-sucedido pode ser catastrófica, visto que esses sistemas controlam e permitem o acesso aos principais serviços do país. Um dos sistemas que fazem parte deste grupo de infraestruturas críticas de um país são os Sistemas de Controlo Industrial (ICSs), utilizados para automatizar e controlar os processos das várias infraestruturas industriais. No passado, os ICSs eram utilizados em ambiente isolado, no entanto, com o passar do tempo e para satisfazer as exigências do mercado moderno, começaram a estar ligados com o ambiente externo. Isto trouxe muitos benefícios, mas também aumentou o nível de exposição e vulnerabilidade dos mesmos. Embora estes sistemas sejam vitais para o bom funcionamento de um país, não há nenhum trabalho público que avalie o estado de segurança destes sistemas em Portugal. Este trabalho teve como maior objetivo, identificar os ICSs expostos na Internet em Portugal e investigar o nível de risco dos mesmos em termos de segurança. Com base nisso, foi desenvolvido uma metodologia que implicou a identificação dos ICSs, o cálculo do risco dos mesmos de acordo com as características que apresentam, e o desenvolvimento de uma data warehouse para juntar e organizar os dados, e permitir uma análise de forma fácil. Ao analisar os resultados verificamos que existem muitos ICSs expostos e facilmente encontrados na Internet em Portugal. A maioria deles estão localizados em Lisboa e têm pelo menos uma característica que apresenta um risco elevado à segurança do sistema. A maioria dos sistemas não têm disponível um algoritmo de encriptação para assegurar a segurança da ligação. Dos que têm, uma enorme percentagem utiliza algoritmos que não são considerados seguros. A maioria dos sistemas identificados têm pelo menos uma porta a correr o protocolo HTTP, uma ligação que há muito tempo já não é considerada segura. Dos sistemas que estão a correr portas com risco elevado, a maioria está a correr o protocolo FTP, um protocolo não construído para ser seguro. Muitas das organizações não possuem infraestruturas próprias para gerir as políticas de rede dos seus sistemas. Nesta situação, não é possível identificar as organizações porque escondem atrás dos ISPs. Isto pode ser vantajoso porque as organizações não são facilmente identificadas pelos hackers, no entanto, ficam dependentes dos ISPs, no sentido de que, se este sofrer um ataque, todas as organizações ligadas a ela podem ser severamente afetadas. Os resultados encontrados neste trabalho permitem à Dognædis ter uma base de conhecimento sobre o estado dos ICSs expostos na Internet em Portugal, tornando possível sugerir melhorias de segurança. Também permite que a indústria e todas as organizações que têm ICSs estejam conscientes de quão expostos e vulneráveis estão os seus sistemas, de forma a dedicarem mais atenção aos sistemas que possam estar em risco de um ataque cibernético

Mapping Big Data into Knowledge Space with Cognitive Cyber-Infrastructure

Big data research has attracted great attention in science, technology, industry and society. It is developing with the evolving scientific paradigm, the fourth industrial revolution, and the transformational innovation of technologies. However, its nature and fundamental challenge have not been recognized, and its own methodology has not been formed. This paper explores and answers the following questions: What is big data? What are the basic methods for representing, managing and analyzing big data? What is the relationship between big data and knowledge? Can we find a mapping from big data into knowledge space? What kind of infrastructure is required to support not only big data management and analysis but also knowledge discovery, sharing and management? What is the relationship between big data and science paradigm? What is the nature and fundamental challenge of big data computing? A multi-dimensional perspective is presented toward a methodology of big data computing.Comment: 59 page

Incident Analysis & Digital Forensics in SCADA and Industrial Control Systems

SCADA and industrial control systems have been traditionally isolated in physically protected environments. However, developments such as standardisation of data exchange protocols and increased use of IP, emerging wireless sensor networks and machine-to-machine communication mean that in the near future related threat vectors will require consideration too outside the scope of traditional SCADA security and incident response. In the light of the significance of SCADA for the resilience of critical infrastructures and the related targeted incidents against them (e.g. the development of stuxnet), cyber security and digital forensics emerge as priority areas. In this paper we focus on the latter, exploring the current capability of SCADA operators to analyse security incidents and develop situational awareness based on a robust digital evidence perspective. We look at the logging capabilities of a typical SCADA architecture and the analytical techniques and investigative tools that may help develop forensic readiness to the level of the current threat environment requirements. We also provide recommendations for data capture and retention

IoT and Industry 4.0 technologies in Digital Manufacturing Transformation

The evolution of internet of things, cyber physical system, digital twin and artificial intelligence is stimulating the transformation of the product-centric processes toward smart control digital service-oriented ones. With the implementation of artificial intelligence and machine learning algorithms, IoT has accelerated the movement from connecting devices to the Internet to collecting and analyzing data by using sensors to extract data throughout the lifecycle of the product, in order to create value and knowledge from the huge amount of the collected data, such as the knowledge of the product performance and conditions. The importance of internet of things technology in manufacturing comes from its ability to collect real time data and extract valuable knowledge from these huge amount of data which can be supported through the implementation of smart IoT-based servitization framework which was presented in this research together with a 10-steps approach diagram. Moreover, literature review has been carried out to develop the research and deepen the knowledge in the field of IoT, CPS, DT and Artificial Intelligence, and then interviews with experts have been conducted to validate the contents, since DT is a quite new technology, so there are different points of view about certain concepts of this technology. The main scope and objective of this research is to allow organizational processes and companies to benefit form the value added information that can be achieved through the right implementation of advanced technologies such as IoT, DT, CPS, and artificial intelligence which can provide financial benefits to the manufacturing companies and competitive advantages to make them stand among the other competitors in the market. The effectiveness of such technologies can not only improve the financial benefits of the companies, but the workers\u2019 safety and health through the real time monitoring of the work environment. Here in this research the main aim is to present the right frameworks that can be used in the literature through companies and researchers to allow them to implement these technologies correctly in the boundaries of their businesses. In addition to that, the Smart factory concept, as introduced in the context of Industry 4.0, promotes the development of a new interconnected manufacturing environment where human operators cooperate with machines. While the role of the operator in the smart factory is substantially being rediscussed, the industrial approach towards safety and ergonomics still appears frequently outdated and inadequate. This research approaches such topic referring to the vibration risk, a well-known cause of work-related pathologies, and proposes an original methodology for mapping the risk exposure related to the performed activities. A miniaturized wearable device is employed to collect vibration data, and the obtained signals are segmented and processed in order to extract the significant features. An original machine learning classifier is then employed to recognize the worker\u2019s activity and evaluate the related exposure to vibration risks. Finally, the results obtained from the experimental analysis demonstrate feasibility and the effectiveness of the proposed methodology

An artificial intelligence-based collaboration approach in industrial IoT manufacturing : key concepts, architectural extensions and potential applications

The digitization of manufacturing industry has led to leaner and more efficient production, under the Industry 4.0 concept. Nowadays, datasets collected from shop floor assets and information technology (IT) systems are used in data-driven analytics efforts to support more informed business intelligence decisions. However, these results are currently only used in isolated and dispersed parts of the production process. At the same time, full integration of artificial intelligence (AI) in all parts of manufacturing systems is currently lacking. In this context, the goal of this manuscript is to present a more holistic integration of AI by promoting collaboration. To this end, collaboration is understood as a multi-dimensional conceptual term that covers all important enablers for AI adoption in manufacturing contexts and is promoted in terms of business intelligence optimization, human-in-the-loop and secure federation across manufacturing sites. To address these challenges, the proposed architectural approach builds on three technical pillars: (1) components that extend the functionality of the existing layers in the Reference Architectural Model for Industry 4.0; (2) definition of new layers for collaboration by means of human-in-the-loop and federation; (3) security concerns with AI-powered mechanisms. In addition, system implementation aspects are discussed and potential applications in industrial environments, as well as business impacts, are presented

D1.1 DEMAND ASSESSMENT FRAMEWORK

This report proposes the initial draft of the LeADS ADS Framework composed by three major elements; identification and definition of technologies in scope; skills included under those technologies, and definition of job roles, where other skills frameworks are considered for comparison and alignment. The report summarises the first workshop held by the project with external constituencies even though the feedback will be incorporated in the final version of the framework, where the layer of job roles will be completed, and the others revised according to additional input. This framework serves as reference for the next step in LeADS: the assessment of the demand and the supply

Internet of robotic things : converging sensing/actuating, hypoconnectivity, artificial intelligence and IoT Platforms

The Internet of Things (IoT) concept is evolving rapidly and influencing newdevelopments in various application domains, such as the Internet of MobileThings (IoMT), Autonomous Internet of Things (A-IoT), Autonomous Systemof Things (ASoT), Internet of Autonomous Things (IoAT), Internetof Things Clouds (IoT-C) and the Internet of Robotic Things (IoRT) etc.that are progressing/advancing by using IoT technology. The IoT influencerepresents new development and deployment challenges in different areassuch as seamless platform integration, context based cognitive network integration,new mobile sensor/actuator network paradigms, things identification(addressing, naming in IoT) and dynamic things discoverability and manyothers. The IoRT represents new convergence challenges and their need to be addressed, in one side the programmability and the communication ofmultiple heterogeneous mobile/autonomous/robotic things for cooperating,their coordination, configuration, exchange of information, security, safetyand protection. Developments in IoT heterogeneous parallel processing/communication and dynamic systems based on parallelism and concurrencyrequire new ideas for integrating the intelligent “devices”, collaborativerobots (COBOTS), into IoT applications. Dynamic maintainability, selfhealing,self-repair of resources, changing resource state, (re-) configurationand context based IoT systems for service implementation and integrationwith IoT network service composition are of paramount importance whennew “cognitive devices” are becoming active participants in IoT applications.This chapter aims to be an overview of the IoRT concept, technologies,architectures and applications and to provide a comprehensive coverage offuture challenges, developments and applications

MONICA in Hamburg: Towards Large-Scale IoT Deployments in a Smart City

Modern cities and metropolitan areas all over the world face new management challenges in the 21st century primarily due to increasing demands on living standards by the urban population. These challenges range from climate change, pollution, transportation, and citizen engagement, to urban planning, and security threats. The primary goal of a Smart City is to counteract these problems and mitigate their effects by means of modern ICT to improve urban administration and infrastructure. Key ideas are to utilise network communication to inter-connect public authorities; but also to deploy and integrate numerous sensors and actuators throughout the city infrastructure - which is also widely known as the Internet of Things (IoT). Thus, IoT technologies will be an integral part and key enabler to achieve many objectives of the Smart City vision. The contributions of this paper are as follows. We first examine a number of IoT platforms, technologies and network standards that can help to foster a Smart City environment. Second, we introduce the EU project MONICA which aims for demonstration of large-scale IoT deployments at public, inner-city events and give an overview on its IoT platform architecture. And third, we provide a case-study report on SmartCity activities by the City of Hamburg and provide insights on recent (on-going) field tests of a vertically integrated, end-to-end IoT sensor application.Comment: 6 page

Return on Investment Program FYs 10, 11 and 12 Project Status Report, January 15, 2014

DAS is required to report on projects funded through the Return on Investment Program (ROI). The ROI program has been funded through an appropriation from the Technology Reinvestment Fund. The Technology Reinvestment Fund was created during the 2006 legislative session, and the first appropriations from this fund were for FY 2006-2007. The first report related to that fiscal year and was delivered to the legislature by January 1, 2008. This current report updates projects from fiscal years 10, 11 and 12

2014 OCIO Annual Report, Appendix B, 2015

2014 OCIO Annual Report, Appendix B, 201