14,888 research outputs found
Applying Lessons from Cyber Attacks on Ukrainian Infrastructures to Secure Gateways onto the Industrial Internet of Things
Previous generations of safety-related industrial control systems were ‘air gapped’. In other words, process control
components including Programmable Logic Controllers (PLCs) and smart sensor/actuators were disconnected and
isolated from local or wide area networks. This provided a degree of protection; attackers needed physical access to
compromise control systems components. Over time this ‘air gap’ has gradually been eroded. Switches and
gateways have subsequently interfaced industrial protocols, including Profibus and Modbus, so that data can be
drawn from safety-related Operational Technology into enterprise information systems using TCP/IP. Senior
management uses these links to monitor production processes and inform strategic planning. The Industrial Internet
of Things represents another step in this evolution – enabling the coordination of physically distributed resources
from a centralized location. The growing range and sophistication of these interconnections create additional
security concerns for the operation and management of safety-critical systems. This paper uses lessons learned
from recent attacks on Ukrainian critical infrastructures to guide a forensic analysis of an IIoT switch. The intention
is to identify and mitigate vulnerabilities that would enable similar attacks to be replicated across Europe and North
America
Adding Salt to Pepper: A Structured Security Assessment over a Humanoid Robot
The rise of connectivity, digitalization, robotics, and artificial
intelligence (AI) is rapidly changing our society and shaping its future
development. During this technological and societal revolution, security has
been persistently neglected, yet a hacked robot can act as an insider threat in
organizations, industries, public spaces, and private homes. In this paper, we
perform a structured security assessment of Pepper, a commercial humanoid
robot. Our analysis, composed by an automated and a manual part, points out a
relevant number of security flaws that can be used to take over and command the
robot. Furthermore, we suggest how these issues could be fixed, thus, avoided
in the future. The very final aim of this work is to push the rise of the
security level of IoT products before they are sold on the public market.Comment: 8 pages, 3 figures, 4 table
Data centric trust evaluation and prediction framework for IOT
© 2017 ITU. Application of trust principals in internet of things (IoT) has allowed to provide more trustworthy services among the corresponding stakeholders. The most common method of assessing trust in IoT applications is to estimate trust level of the end entities (entity-centric) relative to the trustor. In these systems, trust level of the data is assumed to be the same as the trust level of the data source. However, most of the IoT based systems are data centric and operate in dynamic environments, which need immediate actions without waiting for a trust report from end entities. We address this challenge by extending our previous proposals on trust establishment for entities based on their reputation, experience and knowledge, to trust estimation of data items [1-3]. First, we present a hybrid trust framework for evaluating both data trust and entity trust, which will be enhanced as a standardization for future data driven society. The modules including data trust metric extraction, data trust aggregation, evaluation and prediction are elaborated inside the proposed framework. Finally, a possible design model is described to implement the proposed ideas
The future of Cybersecurity in Italy: Strategic focus area
This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management
- …