260 research outputs found
The impact of cybersecurity on industrial processes. Understand the risks and how to mitigate the consequences
La ciberseguretat s'està convertint en un tema cada dia més important que les empreses no poden ignorar, sobretot perquè actualment la majoria d'atacs han evolucionat fins al punt de fer que l'antivirus i el tallafocs siguin insuficients per garantir la protecció de la pròpia organització, estimulant els responsables en la ciberseguretat a invertir. cada cop més per estar al dia amb les amenaces cada cop més complexes.
S'ha arribat a un punt en què els atacants, donada la creixent dificultat per dur a terme ciberatacs a les xarxes informà tiques, han començat a plantejar-se la possibilitat d'orientar-se envers empreses manufactureres en els entorns on són més vulnerables, maquinà ria i xarxes industrials.
Actualment aquestes han perdut la protecció per la segregació que tenien en els darrers anys, degut a la introducció massiva de l'IoT i als nous paradigmes de la indústria 4.0 que estan imposant l'obertura cap a sistemes externs com el núvol i una estreta integració amb els sistemes empresarials. Això és molt perillós perquè fins i tot s'ha exposat maquinà ria frà gil que podria perdre la disponibilitat fins i tot amb atacs simples o accions aparentment inofensives, basades en versions obsoletes de programari i sistemes operatius, que es comuniquen entre entre sà amb protocols de comunicació clars, sense autenticació, ni criptografia.
Aquest projecte es posiciona en aquesta à rea i tracta de la seguretat d'una lÃnia de panells de recent compra que s'ha d'inserir en una de les instal·lacions de producció de Fincantieri, respectant totes les polÃtiques de ciberseguretat corporativa, bones prà ctiques, limitant l'augment al mÃnim de la superfÃcie d'atac després de la seva inserció.
Les activitats s'han centrat en l'anà lisi dels riscos potencials als quals podria estar exposat aquest sistema i la definició dels correctius.
Tenint en compte l'entorn en el qual operem, no sempre és possible actuar sobre l'origen del problema i sovint s'han de trobar mesures alternatives.La ciberseguridad se está convirtiendo dÃa a dÃa en un tema cada vez más importante que las empresas no pueden ignorar, sobre todo porque hoy en dÃa la mayorÃa de los ataques han evolucionado hasta el punto de hacer que los antivirus y firewall sean insuficientes para garantizar la protección de la propia organización, estimulando a los responsables en la ciberseguridad a invertir más y más para mantenerse al dÃa con las amenazas cada vez más complejas.
Se ha llegado a un punto en el que los atacantes, ante la creciente dificultad para realizar ciberataques en redes IT, han comenzado a apuntar las empresas manufactureras en los entornos donde son más vulnerables, maquinaria y redes industriales.
Hoy en dÃa estas redes han perdido la protección por la segregación que tenÃan en los últimos años, debido a la introducción masiva de IoT y los nuevos paradigmas de Industria 4.0 que están imponiendo la apertura hacia sistemas externos como la nube y una estrecha integración con los sistemas de negocios. Esto es muy peligroso porque incluso se ha expuesto maquinaria frágil que podrÃa perder disponibilidad también con simples ataques o acciones aparentemente inofensivas, basadas en versiones obsoletas de software y sistemas operativos, que se comunican entre sà con protocolos de comunicación claros, sin autenticación ni criptografÃa.
Este proyecto se posiciona en esta área y trata de la seguridad de una lÃnea de paneles recientemente comprada que debe insertarse en uno de los sitios de producción de Fincantieri, respetando todas las polÃticas corporativas de ciberseguridad, las mejores prácticas, limitando al mÃnimo el aumento de la superficie de ataque para la empresa tras su inserción.
Las actividades se centraron en el análisis de los riesgos a los que podrÃa estar expuesto dicho sistema y la definición de remediación.
Teniendo en cuenta el entorno en el que operamos, no siempre es posible actuar sobre el origen del problema y muchas veces se deben encontrar alternativas.Cybersecurity is becoming an increasingly important topic day after day that cannot be ignored anymore by companies, especially since nowadays most attacks have evolved to the point of making antivirus and firewalls insufficient to guarantee the protection of organizations, pushing who is deputed to cybersecurity to invest more and more to keep up with the increasingly complex threats.
Security has reached a level that attackers, given the increasing difficulty in carrying out cyber-attacks in IT networks, have begun to consider the possibility of targeting manufacturing companies in environments where they are most vulnerable: industrial systems and networks.
Nowadays these networks have lost the protection due to segregation they had in the past years because of the massive introduction of IoT and the new paradigms of Industry 4.0 that are imposing the opening towards external systems such as the cloud and a tight integration with the corporate systems. This is very dangerous because even fragile machinery that could lose availability even with simple attacks or apparently harmless actions has been exposed. These assets are often based on obsolete versions of software and operating systems that communicate each other with clear text communication protocols, without any authentication or cryptography.
This project is positioned in this area and deals with securing a recently purchased panel line that has been inserted in one of Fincantieri's production sites, respecting all corporate cybersecurity policies, best practices, limiting the increase of the attack surface due to its insertion in the company to the minimum.
The activities focused on the analysis of the potential risks to which this system could be exposed and the definition of remediation.
Considering the environment in which it has been operated, it is not always possible to act on the source of the problem and alternative measures must often be found that limit the criticalities highlighted
Cyber-security and governance for industrial control systems (ICS) in South Africa.
Master of Commence in Information Systems and Technology. University of KwaZulu-Natal, Westville 2016.Industrial control systems (ICS) and supervisory, control, and data acquisition (SCADA) systems have evolved from operating in a relatively trusting environment to the current prevalence of public networks. Cyber-threats are evolving to become more sophisticated. The Stuxnet malware brought home how vulnerable ICS/SCADA systems potentially are. There is no or limited information available as to the current state of ICS/SCADA in South Africa including the factors influencing ICS/SCADA and how they are secured and governed. Due to the nature of the systems, ICS/SCADA cyber-security and governance faces additional challenges compared to the corporate networks, and critical systems may be left exposed. There exists control frameworks internationally, however there are new South African legislation that needs to be taken into account. South Africa is also falling behind in cyber-security, therefore there is a concern in securing ICS controlling key infrastructure critical to the South African economy as there are little known facts about this.
This aim of the study is to assess the current state of ICS/SCADA in South Africa, determine the main governance frameworks employed, and to develop a control framework addressing the shortfalls. Elements of the Technology Acceptance Model (TAM) and the Protection Motivation Theory (PMT) are used to guide the study. Quantitative methods are used to determine the perceived susceptibility, security confidence, and governance for ICS/SCADA environment. Qualitative methods were used to review the current control frameworks, standards and legislation relevant to this environment.
The study found that the top threat/risk for ICS/SCADA are malware and the top vulnerability is unpatched systems. Furthermore, the framework used most in South Africa to secure and govern ICS/SCADA environments are Control Objectives for Information and Related Technology (COBIT) and from the document analysis the best suited framework overall is Centre for the Protection of National Infrastructure (CPNI). Taking these frameworks into account as well as relevant risks, threats and vulnerabilities, a consolidated framework aligned to South Africa were developed suggesting leading practices for securing and governing ICS/SCADA systems in South Africa
Social Aspects of Water Scarcity and Drought
Water scarcity and droughts are socio-environmental hazards that affect the lives of millions of people every year. This chapter examines the multi-faceted dimensions of these phenomena and their implications to human societies. Various aspects will be considered, including the relation with climate change, economic and socio-political dimensions, under the main focus of development studies. The introductory section discusses water scarcity and drought in the light of the international development goals and global environmental change. The second part will provide some popular definitions of concepts and measures, i.e., water scarcity/stress indicators and management strategies, water poverty and drought. The third part will consider relevant social-environmental concepts that are discussed in literature such as vulnerability, resilience, and adaptation. The fourth part will present case studies especially from Europe, Africa and the Middle East, to illustrate the relevance of human (including socio-cultural-political) structures shaping adaptation to drought. In this line, water scarcity and drought will be studied: 1) as a normal condition in some areas of the world (e.g., in the Saharan and Sahelian belts of Africa), where populations have established resilient socio-ecological systems; 2) in terms of climate change and progressive deterioration of the environment to which communities have either been able to adapt to (e.g., in southern Europe), or have been forced to experience crises, poverty and migrations (e.g., in Sudan, Morocco, Kenya); and 3) in terms of conflicts and residential segregation that makes water inaccessible to certain groups (e.g., in the West Bank). Finally, this chapter will conclude with some international conventions and regulations, like the UNFCCC and the European guidelines for drought risk management, addressing social problems related to drought.Peer reviewe
Cybersecurity for Manufacturers: Securing the Digitized and Connected Factory
As manufacturing becomes increasingly digitized and data-driven, manufacturers will find themselves at serious risk. Although there has yet to be a major successful cyberattack on a U.S. manufacturing operation, threats continue to rise. The complexities of multi-organizational dependencies and data-management in modern supply chains mean that vulnerabilities are multiplying.
There is widespread agreement among manufacturers, government agencies, cybersecurity firms, and leading academic computer science departments that U.S. industrial firms are doing too little to address these looming challenges. Unfortunately, manufacturers in general do not see themselves to be at particular risk. This lack of recognition of the threat may represent the greatest risk of cybersecurity failure for manufacturers. Public and private stakeholders must act before a significant attack on U.S. manufacturers provides a wake-up call.
Cybersecurity for the manufacturing supply chain is a particularly serious need. Manufacturing supply chains are connected, integrated, and interdependent; security of the entire supply chain depends on security at the local factory level. Increasing digitization in manufacturing— especially with the rise of Digital Manufacturing, Smart Manufacturing, the Smart Factory, and Industry 4.0, combined with broader market trends such as the Internet of Things (IoT)— exponentially increases connectedness. At the same time, the diversity of manufacturers—from large, sophisticated corporations to small job shops—creates weakest-link vulnerabilities that can be addressed most effectively by public-private partnerships.
Experts consulted in the development of this report called for more holistic thinking in industrial cybersecurity: improvements to technologies, management practices, workforce training, and learning processes that span units and supply chains. Solving the emerging security challenges will require commitment to continuous improvement, as well as investments in research and development (R&D) and threat-awareness initiatives. This holistic thinking should be applied across interoperating units and supply chains.National Science Foundation, Grant No. 1552534https://deepblue.lib.umich.edu/bitstream/2027.42/145442/1/MForesight_CybersecurityReport_Web.pd
A critical review of cyber-physical security for building automation systems
Modern Building Automation Systems (BASs), as the brain that enables the
smartness of a smart building, often require increased connectivity both among
system components as well as with outside entities, such as optimized
automation via outsourced cloud analytics and increased building-grid
integrations. However, increased connectivity and accessibility come with
increased cyber security threats. BASs were historically developed as closed
environments with limited cyber-security considerations. As a result, BASs in
many buildings are vulnerable to cyber-attacks that may cause adverse
consequences, such as occupant discomfort, excessive energy usage, and
unexpected equipment downtime. Therefore, there is a strong need to advance the
state-of-the-art in cyber-physical security for BASs and provide practical
solutions for attack mitigation in buildings. However, an inclusive and
systematic review of BAS vulnerabilities, potential cyber-attacks with impact
assessment, detection & defense approaches, and cyber-secure resilient control
strategies is currently lacking in the literature. This review paper fills the
gap by providing a comprehensive up-to-date review of cyber-physical security
for BASs at three levels in commercial buildings: management level, automation
level, and field level. The general BASs vulnerabilities and protocol-specific
vulnerabilities for the four dominant BAS protocols are reviewed, followed by a
discussion on four attack targets and seven potential attack scenarios. The
impact of cyber-attacks on BASs is summarized as signal corruption, signal
delaying, and signal blocking. The typical cyber-attack detection and defense
approaches are identified at the three levels. Cyber-secure resilient control
strategies for BASs under attack are categorized into passive and active
resilient control schemes. Open challenges and future opportunities are finally
discussed.Comment: 38 pages, 7 figures, 6 tables, submitted to Annual Reviews in Contro
Evaluating Information Assurance Control Effectiveness on an Air Force Supervisory Control and Data Acquisition (SCADA) System
Supervisory Control and Data Acquisition (SCADA) systems are increasingly being connected to corporate networks which has dramatically expanded their attack surface to remote cyber attack. Adversaries are targeting these systems with increasing frequency and sophistication. This thesis seeks to answer the research question addressing which Information Assurance (IA) controls are most significant for network defenders and SCADA system managers/operators to focus on in order to increase the security of critical infrastructure systems against a Stuxnet-like cyber attack. This research applies the National Institute of Science and Technology (NIST) IA controls to an attack tree modeled on a remote Stuxnet-like cyber attack against the WPAFB fuels operation. The probability of adversary success of specific attack scenarios is developed via the attack tree. Then an impact assessment is obtained via a survey of WPAFB fuels operation subject matter experts (SMEs). The probabilities of adversary success and impact analysis are used to create a Risk Level matrix, which is analyzed to identify recommended IA controls. The culmination of this research identified 14 IA controls associated with mitigating an adversary from gaining remote access and deploying an exploit as the most influential for SCADA managers, operators and network defenders to focus on in order to maximize system security against a Stuxnet-like remote cyber attack
The Coordination and control of smart inverters utilizing Volt-VAr and Volt-Watt in low voltage networks, and opportunities for South Africa
Thesis (MEng)--Stellenbosch University, 2022.ENGLISH ABSTRACT: Increasing photovoltaic (PV) penetration in the low-voltage (LV) distribution
network leads to grid-interconnection issues for electric utilities. These issues
include voltage violations, equipment overloading and frequency instability. To
mitigate these problems, advanced smart inverter functionality is becoming
increasingly popular in states and countries with high renewable energy
penetration levels. Although smart inverters have a wide range of benefits for
the utility, these benefits are limited to the local level due to autonomous
inverter control. This research investigates the benefits of coordinated inverter
control in mitigating voltage violations in LV feeders due to increasing PV
penetrations. A critical literature review on the grid interconnection
requirements and smart inverter functionality guidelines informs on the gaps
that need to be addressed to allow for increased smart inverter deployment in
South Africa. The literature review also explores the benefits of distributed
energy resource management systems (DERMS) and virtual power plants
(VPPs), and the requirements for each platform. Based on the literature
review’s findings, a simulation has been conducted to investigate the benefits
of coordinated smart inverter voltage regulation control, particularly Volt-VAr
and Volt-Watt, to increase hosting capacity in LV networks. The proposed
methodology considers the feeder-wide voltage conditions instead of local point
of connection (PoC) conditions using sensor measurements, and the fairness
of voltage regulation and active power curtailment among customers on a feeder. This proposed methodology can be used as an intermediate solution
for coordinating smart inverters without the use of extensive communication
infrastructure and advanced aggregating platforms. The simulation results
show an improvement in voltage profiles using coordinated Volt-VAr and Volt Watt inverter control and feeder-wide awareness. The improved voltage profiles
can accommodate higher levels of PV penetration and thus increase hosting
capacities in LV feeders.AFRIKAANSE OPSOMMING: Toenemende fotovoltaïese (PV) penetrasie in die laagspanning (LV)
verspreidings netwerk lei tot probleme vir die elektrisiteitverskaffer. Hierdie
kwessies sluit spanning skendings, oorlading van toerusting en onstabiliteit in
frekwensie in.Gevorderde slim-omsetter funksionaliteit word gebruik om hierdie
probleme te verlig en raak dus al hoe meer gewild in state en lande met ʼn hoë
opname van hernubare energie. Alhoewel slim omsetters 'n wye
verskeidenheid voordele vir die kragstelsel inhou, is hierdie voordele beperk tot
die plaaslike vlak as gevolg van outonome omsetter-beheer. Hierdie navorsing
ondersoek die voordele van gekoördineerde omsetterbeheer om
spanningskendings in LV-netwerke te minimeer. 'n Kritiese literatuuroorsig in
netwerkverbindingsvereistes en riglyne vir slim-omsetter funksionaliteit lig uit
die leemtes wat opgelos moet word om 'n groter implementering van slimomsetters in Suid Afrika moontlik te maak. Die literatuuroorsig ondersoek ook
die voordele van verspreide energiehulpbronbestuurstelsels en virtuele kragstasies, en die vereistes vir elke platform. Op grond van die bevindinge van die literatuurstudie is 'n simulasie uitgevoer om die voordele van
gekoördineerde slim-omsetter spanningsreguleringsbeheer, veral Volt-VAr en Volt-Watt, in LV-netwerke te ondersoek om gasheervermoë te verhoog.
Die voorgestelde metodologie neem in ag die toevoer-wye
spanningstoestande, die billikheid van spanning regulering, en die aktiewe
kragbeperking onder kliënte. Hierdie voorgestelde metodologie kan gebruik
word as 'n intermediêre oplossing vir die koördinering van slim-omsetters
sonder die gebruik van uitgebreide kommunikasie-infrastruktuur en gevorderde
samevoegings platforms. Die simulasie resultate van om die gekoördineerde
Volt-Watt-omsetterbeheer en netwerk-wye bewustheid te gebruik, toon 'n
verbetering in spanningsprofiele. Die verbeterde spanningsprofiele kan hoër
vlakke van PV-opname akkommodeer en dus gasheer kapasiteit in LVnetwerke vergroot.Master
- …