A Continuous Risk Management Approach for Cyber-Security in Industrial Control Systems

In industrial networks, a cyber-incident can have, as a consequence, the interference with physical processes, which can potentially cause damages to property, to humans’ health and safety, and to the environment. Currently most safeguards built into Industrial Control Systems provide mitigations against accidents and faults but are not necessarily effective against malicious acts. Moreover, even if cyber-threats can be contained, significant costs will be incurred whenever operations have to shut down in response to a cyber-attack. As there are important gaps in Industrial Control Systems, they have increasingly been targeted over the past decade, creating concern among the cyber-security and the process control engineering communities. Operators may be reluctant or unable to implement standard cyber-security controls in this type of systems because they might interfere with time-sensitive control loops, interrupt continuous operation or potentially compromise safety. This situation calls for a more proactive approach to monitor cyber-risks since many of them cannot be totally eliminated or properly controlled by preventative measures. Traditional risk management approaches do not address this, since they are not conceived to work at the same speed that changes can occur in cyber-security operations. This thesis aims to facilitate the adoption of Continuous Risk Management in industrial networks by proposing a risk assessment methodology focused mainly on the aspect of risk likelihood updates. The approach proposed is based on a Continuous Risk Assessment Methodology, which is derived from a typical Risk Management process and modified to work in a continuous basis. The methodology consists of workflows and a description of each process involved, including its inputs and outputs. Additionally, a number of resources to support the implementation of the methodology on industrial environments were developed. These resources consist of the introduction and categorisation of the concept of “Indicator of Risk” (IoR), a knowledge base, containing a set of different categories of IoRs, named as the “IoR Library” and the implementation of this knowledge base on a Bayesian Network template. Finally, behavioural anomaly detection using sensors data is demonstrated to illustrate the use of IoRs based on data from physical processes as a resource to detect possible cyber-risks. These resources provided concrete means to address issues in industrial cyber-security risk management such as the availability and quality of information, the complexity of defining rules and identifying normal and abnormal states, the limited scope of academic work, and the lack of integration between risk management and cyber-security operations

Use Case Based Blended Teaching of IIoT Cybersecurity in the Industry 4.0 Era

[Abstract] Industry 4.0 and Industrial Internet of Things (IIoT) are paradigms that are driving current industrial revolution by connecting to the Internet industrial machinery, management tools or products so as to control and gather data about them. The problem is that many IIoT/Industry 4.0 devices have been connected to the Internet without considering the implementation of proper security measures, thus existing many examples of misconfigured or weakly protected devices. Securing such systems requires very specific skills, which, unfortunately, are not taught extensively in engineering schools. This article details how Industry 4.0 and IIoT cybersecurity can be learned through practical use cases, making use of a methodology that allows for carrying out audits to students that have no previous experience in IIoT or industrial cybersecurity. The described teaching approach is blended and has been imparted at the University of A Coruña (Spain) during the last years, even during the first semester of 2020, when the university was closed due to the COVID-19 pandemic lockdown. Such an approach is supported by online tools like Shodan, which ease the detection of vulnerable IIoT devices. The feedback results provided by the students show that they consider useful the proposed methodology, which allowed them to find that 13% of the IIoT/Industry 4.0 systems they analyzed could be accessed really easily. In addition, the obtained teaching results indicate that the established course learning outcomes are accomplished. Therefore, this article provides useful guidelines for teaching industrial cybersecurity and thus train the next generation of security researchers and developers.This work has been funded by the Xunta de Galicia (ED431G 2019/01), the Agencia Estatal de Investigación of Spain (TEC2016-75067-C4-1-R, RED2018-102668-T, PID2019-104958RB-C42) and ERDF funds of the EU (AEI/FEDER, UE)Xunta de Galicia; ED431G 2019/0

Software Defined Networking Firewall for Industry 4.0 Manufacturing Systems

[EN] Purpose: In order to leverage automation control data, Industry 4.0 manufacturing systems require industrial devices to be connected to the network. Potentially, this can increase the risk of cyberattacks, which can compromise connected industrial devices to acquire production data or gain control over the production process. Search engines such as Sentient Hyper-Optimized Data Access Network (SHODAN) can be perverted by attackers to acquire network information that can be later used for intrusion. To prevent this, cybersecurity standards propose network architectures divided into several networks segments based on system functionalities. In this architecture, Firewalls limit the exposure of industrial control devices in order to minimize security risks. This paper presents a novel Software Defined Networking (SDN) Firewall that automatically applies this standard architecture without compromising network flexibility. Design/methodology/approach: The proposed SDN Firewall changes filtering rules in order to implement the different network segments according to application level access control policies. The Firewall applies two filtering techniques described in this paper: temporal filtering and spatial filtering, so that only applications in a white list can connect to industrial control devices. Network administrators need only to configure this application-oriented white lists to comply with security standards for ICS. This simplifies to a great extent network management tasks. Authors have developed a prototype implementation based on the OPC UA Standard and conducted security tests in order to test the viability of the proposal. Findings: Network segmentation and segregation are effective counter-measures against network scanning attacks. The proposed SDN Firewall effectively configures a flat network into virtual LAN segments according to security standard guidelines. Research limitations/implications: The prototype implementation still needs to implement several features to exploit the full potential of the proposal. Next steps for development are discussed in a separate section. Practical implications: The proposed SDN Firewall has similar security features to commercially available application Firewalls, but SDN Firewalls offer additional security features. First, SDN technology provides improved performance, since SDN low-level processing functions are much more efficient. Second, with SDN, security functions are rooted in the network instead of being centralized in particular network elements. Finally, SDN provides a more flexible and dynamic, zero configuration framework for secure manufacturing systems by automating the rollout of security standard-based network architectures. Social implications: SDN Firewalls can facilitate the deployment of secure Industry 4.0 manufacturing systems, since they provide ICS networks with many of the needed security capabilities without compromising flexibility. Originality/value: The paper proposes a novel SDN Firewall specifically designed to secure ICS networks. A prototype implementation of the proposed SDN Firewall has been tested in laboratory conditions. The prototype implementation complements the security features of the OPC UA communication standard to provide a holistic security framework for ICS networks.This research has been partially funded by the European Commission, under Grant Agreement 723710.Tsuchiya, A.; Fraile Gil, F.; Koshijima, I.; Ortiz Bas, Á.; Poler, R. (2018). Software Defined Networking Firewall for Industry 4.0 Manufacturing Systems. Journal of Industrial Engineering and Management. 11(2):318-332. https://doi.org/10.3926/jiem.2534S31833211

Methodology for Designing Decision Support Systems for Visualising and Mitigating Supply Chain Cyber Risk from IoT Technologies

This paper proposes a methodology for designing decision support systems for visualising and mitigating the Internet of Things cyber risks. Digital technologies present new cyber risk in the supply chain which are often not visible to companies participating in the supply chains. This study investigates how the Internet of Things cyber risks can be visualised and mitigated in the process of designing business and supply chain strategies. The emerging DSS methodology present new findings on how digital technologies affect business and supply chain systems. Through epistemological analysis, the article derives with a decision support system for visualising supply chain cyber risk from Internet of Things digital technologies. Such methods do not exist at present and this represents the first attempt to devise a decision support system that would enable practitioners to develop a step by step process for visualising, assessing and mitigating the emerging cyber risk from IoT technologies on shared infrastructure in legacy supply chain systems

Dynamic real-time risk analytics of uncontrollable states in complex internet of things systems, cyber risk at the edge

The Internet of Things (IoT) triggers new types of cyber risks. Therefore, the integration of new IoT devices and services requires a self-assessment of IoT cyber security posture. By security posture this article refers to the cybersecurity strength of an organisation to predict, prevent and respond to cyberthreats. At present, there is a gap in the state of the art, because there are no self-assessment methods for quantifying IoT cyber risk posture. To address this gap, an empirical analysis is performed of 12 cyber risk assessment approaches. The results and the main findings from the analysis is presented as the current and a target risk state for IoT systems, followed by conclusions and recommendations on a transformation roadmap, describing how IoT systems can achieve the target state with a new goal-oriented dependency model. By target state, we refer to the cyber security target that matches the generic security requirements of an organisation. The research paper studies and adapts four alternatives for IoT risk assessment and identifies the goal-oriented dependency modelling as a dominant approach among the risk assessment models studied. The new goal-oriented dependency model in this article enables the assessment of uncontrollable risk states in complex IoT systems and can be used for a quantitative self-assessment of IoT cyber risk posture

Security and computer forensics in web engineering education

The integration of security and forensics into Web Engineering curricula is imperative! Poor security in web-based applications is continuing to cost organizations millions and the losses are still increasing annually. Security is frequently taught as a stand-alone course, assuming that security can be 'bolted on' to a web application at some point. Security issues must be integrated into Web Engineering processes right from the beginning to create secure solutions and therefore security should be an integral part of a Web Engineering curriculum. One aspect of Computer forensics investigates failures in security. Hence, students should be aware of the issues in forensics and how to respond when security failures occur; collecting evidence is particularly difficult for Web-based applications

Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

An Assurance Framework for Independent Co-assurance of Safety and Security

Integrated safety and security assurance for complex systems is difficult for many technical and socio-technical reasons such as mismatched processes, inadequate information, differing use of language and philosophies, etc.. Many co-assurance techniques rely on disregarding some of these challenges in order to present a unified methodology. Even with this simplification, no methodology has been widely adopted primarily because this approach is unrealistic when met with the complexity of real-world system development. This paper presents an alternate approach by providing a Safety-Security Assurance Framework (SSAF) based on a core set of assurance principles. This is done so that safety and security can be co-assured independently, as opposed to unified co-assurance which has been shown to have significant drawbacks. This also allows for separate processes and expertise from practitioners in each domain. With this structure, the focus is shifted from simplified unification to integration through exchanging the correct information at the right time using synchronisation activities

Italian hybrid fire prevention code

Fire safety of residential buildings and activities subjected to fire inspection is a difficult task, especially when the safety targets have to be adopted in built buildings or in activities that are going to be modified into more complex ones. Generally, these circumstances show more constraints and it could be difficult to achieve an acceptable level of fire residual risk by prescriptive based fireregulations. Therefore, the Italian National Fire Rescue and Service in charge for fire safety, in August 2015 issued a new Fire Prevention Code whose design methodology is more oriented to fire performance based design rather than prescriptive fire codes. The flexibility of this new fire design methodology offers a very complex tool to experts in order to design fire safety measures and strategies of buildings and activities subjected to fire inspection. The present paper aims tohighlig hts the contents and the fire safety strategy design methodology of the new Italian Fire Prevention Code