The impact of cybersecurity on industrial processes. Understand the risks and how to mitigate the consequences

La ciberseguretat s'està convertint en un tema cada dia més important que les empreses no poden ignorar, sobretot perquè actualment la majoria d'atacs han evolucionat fins al punt de fer que l'antivirus i el tallafocs siguin insuficients per garantir la protecció de la pròpia organització, estimulant els responsables en la ciberseguretat a invertir. cada cop més per estar al dia amb les amenaces cada cop més complexes. S'ha arribat a un punt en què els atacants, donada la creixent dificultat per dur a terme ciberatacs a les xarxes informàtiques, han començat a plantejar-se la possibilitat d'orientar-se envers empreses manufactureres en els entorns on són més vulnerables, maquinària i xarxes industrials. Actualment aquestes han perdut la protecció per la segregació que tenien en els darrers anys, degut a la introducció massiva de l'IoT i als nous paradigmes de la indústria 4.0 que estan imposant l'obertura cap a sistemes externs com el núvol i una estreta integració amb els sistemes empresarials. Això és molt perillós perquè fins i tot s'ha exposat maquinària fràgil que podria perdre la disponibilitat fins i tot amb atacs simples o accions aparentment inofensives, basades en versions obsoletes de programari i sistemes operatius, que es comuniquen entre entre sí amb protocols de comunicació clars, sense autenticació, ni criptografia. Aquest projecte es posiciona en aquesta àrea i tracta de la seguretat d'una línia de panells de recent compra que s'ha d'inserir en una de les instal·lacions de producció de Fincantieri, respectant totes les polítiques de ciberseguretat corporativa, bones pràctiques, limitant l'augment al mínim de la superfície d'atac després de la seva inserció. Les activitats s'han centrat en l'anàlisi dels riscos potencials als quals podria estar exposat aquest sistema i la definició dels correctius. Tenint en compte l'entorn en el qual operem, no sempre és possible actuar sobre l'origen del problema i sovint s'han de trobar mesures alternatives.La ciberseguridad se está convirtiendo día a día en un tema cada vez más importante que las empresas no pueden ignorar, sobre todo porque hoy en día la mayoría de los ataques han evolucionado hasta el punto de hacer que los antivirus y firewall sean insuficientes para garantizar la protección de la propia organización, estimulando a los responsables en la ciberseguridad a invertir más y más para mantenerse al día con las amenazas cada vez más complejas. Se ha llegado a un punto en el que los atacantes, ante la creciente dificultad para realizar ciberataques en redes IT, han comenzado a apuntar las empresas manufactureras en los entornos donde son más vulnerables, maquinaria y redes industriales. Hoy en día estas redes han perdido la protección por la segregación que tenían en los últimos años, debido a la introducción masiva de IoT y los nuevos paradigmas de Industria 4.0 que están imponiendo la apertura hacia sistemas externos como la nube y una estrecha integración con los sistemas de negocios. Esto es muy peligroso porque incluso se ha expuesto maquinaria frágil que podría perder disponibilidad también con simples ataques o acciones aparentemente inofensivas, basadas en versiones obsoletas de software y sistemas operativos, que se comunican entre sí con protocolos de comunicación claros, sin autenticación ni criptografía. Este proyecto se posiciona en esta área y trata de la seguridad de una línea de paneles recientemente comprada que debe insertarse en uno de los sitios de producción de Fincantieri, respetando todas las políticas corporativas de ciberseguridad, las mejores prácticas, limitando al mínimo el aumento de la superficie de ataque para la empresa tras su inserción. Las actividades se centraron en el análisis de los riesgos a los que podría estar expuesto dicho sistema y la definición de remediación. Teniendo en cuenta el entorno en el que operamos, no siempre es posible actuar sobre el origen del problema y muchas veces se deben encontrar alternativas.Cybersecurity is becoming an increasingly important topic day after day that cannot be ignored anymore by companies, especially since nowadays most attacks have evolved to the point of making antivirus and firewalls insufficient to guarantee the protection of organizations, pushing who is deputed to cybersecurity to invest more and more to keep up with the increasingly complex threats. Security has reached a level that attackers, given the increasing difficulty in carrying out cyber-attacks in IT networks, have begun to consider the possibility of targeting manufacturing companies in environments where they are most vulnerable: industrial systems and networks. Nowadays these networks have lost the protection due to segregation they had in the past years because of the massive introduction of IoT and the new paradigms of Industry 4.0 that are imposing the opening towards external systems such as the cloud and a tight integration with the corporate systems. This is very dangerous because even fragile machinery that could lose availability even with simple attacks or apparently harmless actions has been exposed. These assets are often based on obsolete versions of software and operating systems that communicate each other with clear text communication protocols, without any authentication or cryptography. This project is positioned in this area and deals with securing a recently purchased panel line that has been inserted in one of Fincantieri's production sites, respecting all corporate cybersecurity policies, best practices, limiting the increase of the attack surface due to its insertion in the company to the minimum. The activities focused on the analysis of the potential risks to which this system could be exposed and the definition of remediation. Considering the environment in which it has been operated, it is not always possible to act on the source of the problem and alternative measures must often be found that limit the criticalities highlighted

Cyber-security and governance for industrial control systems (ICS) in South Africa.

Master of Commence in Information Systems and Technology. University of KwaZulu-Natal, Westville 2016.Industrial control systems (ICS) and supervisory, control, and data acquisition (SCADA) systems have evolved from operating in a relatively trusting environment to the current prevalence of public networks. Cyber-threats are evolving to become more sophisticated. The Stuxnet malware brought home how vulnerable ICS/SCADA systems potentially are. There is no or limited information available as to the current state of ICS/SCADA in South Africa including the factors influencing ICS/SCADA and how they are secured and governed. Due to the nature of the systems, ICS/SCADA cyber-security and governance faces additional challenges compared to the corporate networks, and critical systems may be left exposed. There exists control frameworks internationally, however there are new South African legislation that needs to be taken into account. South Africa is also falling behind in cyber-security, therefore there is a concern in securing ICS controlling key infrastructure critical to the South African economy as there are little known facts about this. This aim of the study is to assess the current state of ICS/SCADA in South Africa, determine the main governance frameworks employed, and to develop a control framework addressing the shortfalls. Elements of the Technology Acceptance Model (TAM) and the Protection Motivation Theory (PMT) are used to guide the study. Quantitative methods are used to determine the perceived susceptibility, security confidence, and governance for ICS/SCADA environment. Qualitative methods were used to review the current control frameworks, standards and legislation relevant to this environment. The study found that the top threat/risk for ICS/SCADA are malware and the top vulnerability is unpatched systems. Furthermore, the framework used most in South Africa to secure and govern ICS/SCADA environments are Control Objectives for Information and Related Technology (COBIT) and from the document analysis the best suited framework overall is Centre for the Protection of National Infrastructure (CPNI). Taking these frameworks into account as well as relevant risks, threats and vulnerabilities, a consolidated framework aligned to South Africa were developed suggesting leading practices for securing and governing ICS/SCADA systems in South Africa

Social Aspects of Water Scarcity and Drought

Water scarcity and droughts are socio-environmental hazards that affect the lives of millions of people every year. This chapter examines the multi-faceted dimensions of these phenomena and their implications to human societies. Various aspects will be considered, including the relation with climate change, economic and socio-political dimensions, under the main focus of development studies. The introductory section discusses water scarcity and drought in the light of the international development goals and global environmental change. The second part will provide some popular definitions of concepts and measures, i.e., water scarcity/stress indicators and management strategies, water poverty and drought. The third part will consider relevant social-environmental concepts that are discussed in literature such as vulnerability, resilience, and adaptation. The fourth part will present case studies especially from Europe, Africa and the Middle East, to illustrate the relevance of human (including socio-cultural-political) structures shaping adaptation to drought. In this line, water scarcity and drought will be studied: 1) as a normal condition in some areas of the world (e.g., in the Saharan and Sahelian belts of Africa), where populations have established resilient socio-ecological systems; 2) in terms of climate change and progressive deterioration of the environment to which communities have either been able to adapt to (e.g., in southern Europe), or have been forced to experience crises, poverty and migrations (e.g., in Sudan, Morocco, Kenya); and 3) in terms of conflicts and residential segregation that makes water inaccessible to certain groups (e.g., in the West Bank). Finally, this chapter will conclude with some international conventions and regulations, like the UNFCCC and the European guidelines for drought risk management, addressing social problems related to drought.Peer reviewe

Cybersecurity for Manufacturers: Securing the Digitized and Connected Factory

As manufacturing becomes increasingly digitized and data-driven, manufacturers will find themselves at serious risk. Although there has yet to be a major successful cyberattack on a U.S. manufacturing operation, threats continue to rise. The complexities of multi-organizational dependencies and data-management in modern supply chains mean that vulnerabilities are multiplying. There is widespread agreement among manufacturers, government agencies, cybersecurity firms, and leading academic computer science departments that U.S. industrial firms are doing too little to address these looming challenges. Unfortunately, manufacturers in general do not see themselves to be at particular risk. This lack of recognition of the threat may represent the greatest risk of cybersecurity failure for manufacturers. Public and private stakeholders must act before a significant attack on U.S. manufacturers provides a wake-up call. Cybersecurity for the manufacturing supply chain is a particularly serious need. Manufacturing supply chains are connected, integrated, and interdependent; security of the entire supply chain depends on security at the local factory level. Increasing digitization in manufacturing— especially with the rise of Digital Manufacturing, Smart Manufacturing, the Smart Factory, and Industry 4.0, combined with broader market trends such as the Internet of Things (IoT)— exponentially increases connectedness. At the same time, the diversity of manufacturers—from large, sophisticated corporations to small job shops—creates weakest-link vulnerabilities that can be addressed most effectively by public-private partnerships. Experts consulted in the development of this report called for more holistic thinking in industrial cybersecurity: improvements to technologies, management practices, workforce training, and learning processes that span units and supply chains. Solving the emerging security challenges will require commitment to continuous improvement, as well as investments in research and development (R&D) and threat-awareness initiatives. This holistic thinking should be applied across interoperating units and supply chains.National Science Foundation, Grant No. 1552534https://deepblue.lib.umich.edu/bitstream/2027.42/145442/1/MForesight_CybersecurityReport_Web.pd

A critical review of cyber-physical security for building automation systems

Modern Building Automation Systems (BASs), as the brain that enables the smartness of a smart building, often require increased connectivity both among system components as well as with outside entities, such as optimized automation via outsourced cloud analytics and increased building-grid integrations. However, increased connectivity and accessibility come with increased cyber security threats. BASs were historically developed as closed environments with limited cyber-security considerations. As a result, BASs in many buildings are vulnerable to cyber-attacks that may cause adverse consequences, such as occupant discomfort, excessive energy usage, and unexpected equipment downtime. Therefore, there is a strong need to advance the state-of-the-art in cyber-physical security for BASs and provide practical solutions for attack mitigation in buildings. However, an inclusive and systematic review of BAS vulnerabilities, potential cyber-attacks with impact assessment, detection & defense approaches, and cyber-secure resilient control strategies is currently lacking in the literature. This review paper fills the gap by providing a comprehensive up-to-date review of cyber-physical security for BASs at three levels in commercial buildings: management level, automation level, and field level. The general BASs vulnerabilities and protocol-specific vulnerabilities for the four dominant BAS protocols are reviewed, followed by a discussion on four attack targets and seven potential attack scenarios. The impact of cyber-attacks on BASs is summarized as signal corruption, signal delaying, and signal blocking. The typical cyber-attack detection and defense approaches are identified at the three levels. Cyber-secure resilient control strategies for BASs under attack are categorized into passive and active resilient control schemes. Open challenges and future opportunities are finally discussed.Comment: 38 pages, 7 figures, 6 tables, submitted to Annual Reviews in Contro

Evaluating Information Assurance Control Effectiveness on an Air Force Supervisory Control and Data Acquisition (SCADA) System

Supervisory Control and Data Acquisition (SCADA) systems are increasingly being connected to corporate networks which has dramatically expanded their attack surface to remote cyber attack. Adversaries are targeting these systems with increasing frequency and sophistication. This thesis seeks to answer the research question addressing which Information Assurance (IA) controls are most significant for network defenders and SCADA system managers/operators to focus on in order to increase the security of critical infrastructure systems against a Stuxnet-like cyber attack. This research applies the National Institute of Science and Technology (NIST) IA controls to an attack tree modeled on a remote Stuxnet-like cyber attack against the WPAFB fuels operation. The probability of adversary success of specific attack scenarios is developed via the attack tree. Then an impact assessment is obtained via a survey of WPAFB fuels operation subject matter experts (SMEs). The probabilities of adversary success and impact analysis are used to create a Risk Level matrix, which is analyzed to identify recommended IA controls. The culmination of this research identified 14 IA controls associated with mitigating an adversary from gaining remote access and deploying an exploit as the most influential for SCADA managers, operators and network defenders to focus on in order to maximize system security against a Stuxnet-like remote cyber attack

The Coordination and control of smart inverters utilizing Volt-VAr and Volt-Watt in low voltage networks, and opportunities for South Africa

Thesis (MEng)--Stellenbosch University, 2022.ENGLISH ABSTRACT: Increasing photovoltaic (PV) penetration in the low-voltage (LV) distribution network leads to grid-interconnection issues for electric utilities. These issues include voltage violations, equipment overloading and frequency instability. To mitigate these problems, advanced smart inverter functionality is becoming increasingly popular in states and countries with high renewable energy penetration levels. Although smart inverters have a wide range of benefits for the utility, these benefits are limited to the local level due to autonomous inverter control. This research investigates the benefits of coordinated inverter control in mitigating voltage violations in LV feeders due to increasing PV penetrations. A critical literature review on the grid interconnection requirements and smart inverter functionality guidelines informs on the gaps that need to be addressed to allow for increased smart inverter deployment in South Africa. The literature review also explores the benefits of distributed energy resource management systems (DERMS) and virtual power plants (VPPs), and the requirements for each platform. Based on the literature review’s findings, a simulation has been conducted to investigate the benefits of coordinated smart inverter voltage regulation control, particularly Volt-VAr and Volt-Watt, to increase hosting capacity in LV networks. The proposed methodology considers the feeder-wide voltage conditions instead of local point of connection (PoC) conditions using sensor measurements, and the fairness of voltage regulation and active power curtailment among customers on a feeder. This proposed methodology can be used as an intermediate solution for coordinating smart inverters without the use of extensive communication infrastructure and advanced aggregating platforms. The simulation results show an improvement in voltage profiles using coordinated Volt-VAr and Volt Watt inverter control and feeder-wide awareness. The improved voltage profiles can accommodate higher levels of PV penetration and thus increase hosting capacities in LV feeders.AFRIKAANSE OPSOMMING: Toenemende fotovoltaïese (PV) penetrasie in die laagspanning (LV) verspreidings netwerk lei tot probleme vir die elektrisiteitverskaffer. Hierdie kwessies sluit spanning skendings, oorlading van toerusting en onstabiliteit in frekwensie in.Gevorderde slim-omsetter funksionaliteit word gebruik om hierdie probleme te verlig en raak dus al hoe meer gewild in state en lande met ʼn hoë opname van hernubare energie. Alhoewel slim omsetters 'n wye verskeidenheid voordele vir die kragstelsel inhou, is hierdie voordele beperk tot die plaaslike vlak as gevolg van outonome omsetter-beheer. Hierdie navorsing ondersoek die voordele van gekoördineerde omsetterbeheer om spanningskendings in LV-netwerke te minimeer. 'n Kritiese literatuuroorsig in netwerkverbindingsvereistes en riglyne vir slim-omsetter funksionaliteit lig uit die leemtes wat opgelos moet word om 'n groter implementering van slimomsetters in Suid Afrika moontlik te maak. Die literatuuroorsig ondersoek ook die voordele van verspreide energiehulpbronbestuurstelsels en virtuele kragstasies, en die vereistes vir elke platform. Op grond van die bevindinge van die literatuurstudie is 'n simulasie uitgevoer om die voordele van gekoördineerde slim-omsetter spanningsreguleringsbeheer, veral Volt-VAr en Volt-Watt, in LV-netwerke te ondersoek om gasheervermoë te verhoog. Die voorgestelde metodologie neem in ag die toevoer-wye spanningstoestande, die billikheid van spanning regulering, en die aktiewe kragbeperking onder kliënte. Hierdie voorgestelde metodologie kan gebruik word as 'n intermediêre oplossing vir die koördinering van slim-omsetters sonder die gebruik van uitgebreide kommunikasie-infrastruktuur en gevorderde samevoegings platforms. Die simulasie resultate van om die gekoördineerde Volt-Watt-omsetterbeheer en netwerk-wye bewustheid te gebruik, toon 'n verbetering in spanningsprofiele. Die verbeterde spanningsprofiele kan hoër vlakke van PV-opname akkommodeer en dus gasheer kapasiteit in LVnetwerke vergroot.Master