Charlie and the CryptoFactory: Towards Secure and Trusted Manufacturing Environments

The modernisation that stems from Industry 4.0 started populating the manufacturing sector with networked devices, complex sensors, and a significant proportion of physical actuation components. However, new capabilities in networked cyber-physical systems demand more complex infrastructure and algorithms and often lead to new security flaws and operational risks that increase the attack surface area exponentially. The interconnected nature of Industry 4.0-driven operations and the pace of digital transformation mean that cyber-attacks can have far more extensive effects than ever before. Based on that, the core ideas of this paper are driven by the observation that cyber security is one of the key enablers of Industry 4.0. Having this in mind, we propose CryptoFactory – a forward looking design of a layered-based architecture that can be used as a starting point for building secure and privacy-preserving smart factories. CryptoFactory aims to change the security outlook in smart manufacturing by discussing a set of fundamental requirements and functionality that modern factories should support in order to be resistant to both internal and external attacks. To this end, CryptoFactory first focuses on how to build trust relationships between the hardware devices in the factory. Then, we look on how to use several cryptographic approaches to allow IoT devices to securely collect, store and share their data while we also touch upon the emerging topic of secure and privacy-preserving communication and collaboration between manufacturing environments and value chains. Finally, we look into the problem of how to perform privacy-preserving analytics by leveraging Trusted Execution Environments and the promising concept of Functional Encryption

The Federal Information Security Management Act of 2002: A Potemkin Village

Due to the daunting possibilities of cyberwarfare, and the ease with which cyberattacks may be conducted, the United Nations has warned that the next world war could be initiated through worldwide cyberattacks between countries. In response to the growing threat of cyberwarfare and the increasing importance of information security, Congress passed the Federal Information Security Management Act of 2002 (FISMA). FISMA recognizes the importance of information security to the national economic and security interests of the United States. However, this Note argues that FISMA has failed to significantly bolster information security, primarily because FISMA treats information security as a technological problem and not an economic problem. This Note analyzes existing proposals to incentivize heightened software quality assurance, and proposes a new solution designed to strengthen federal information security in light of the failings of FISMA and the trappings of Congress’s 2001 amendment to the Computer Fraud and Abuse Act

A time-strain monitoring system fabricated via offset lithographic printing

This paper reports progress in the development of strain sensors fabricated using the Conductive Lithographic Film (CLF) printing process. Strain sensitive structures printed via an unmodified offset lithographic printing press using a silver loaded conductive ink have been deposited concurrently with circuit interconnect, to form an electronic smart packaging system. A system populated with SMT components has proven successful in interpreting and logging deformation incidences subjected to a package during testing. It is proposed that with further development such a system could be printed in sync with packaging graphics using a single printing process to form an integrated time – strain monitoring system

External Verification of SCADA System Embedded Controller Firmware

Critical infrastructures such as oil and gas pipelines, the electric power grid, and railways, rely on the proper operation of supervisory control and data acquisition (SCADA) systems. Current SCADA systems, however, do not have sufficient tailored electronic security solutions. Solutions available are developed primarily for information technology (IT) systems. Indeed, the toolkit for SCADA incident prevention and response is unavailing as the operating parameters associated with SCADA systems are different from IT systems. The unique environment necessitates tailored solutions. Consider the programmable logic controllers (PLCs) that directly connect to end physical systems for control and monitoring of operating parameters -- the compromise of a PLC could result in devastating physical consequences. Yet PLCs remain particularly vulnerable due to a lack of firmware auditing capabilities. This research presents a tool we developed specifically for the SCADA environment to verify PLC firmware. The tool does not require any modifications to the SCADA system and can be implemented on a variety of systems and platforms. The tool captures serial data during firmware uploads and then verifies them against a known good firmware baseline. Attempts to inject modified and/or malicious firmware are identified by the tool. Additionally, the tool can replay and analyze captured data by emulating a PLC during firmware upload. The emulation capability enables verification of the firmware upload from an interface computer without requiring modifications to or interactions with the operational SCADA system. The ability to isolate the tool from production systems and verify the validity of firmware makes the tool a viable application for SCADA incident response teams and security engineers

Copyright Protection for Computer Software: an International View

The best method for protection of computer software has been a topic of debate and considerable controversy during the past few decades both in the United States, and in technologically advanced countries throughout the world. Current legal theories of protection include patent, trade secret and copyright law. Although each theory has its particular merits, this Note will focus on the growing trend toward copyright protection for computer software