Development of simulation-based testing environment for safety-critical software

Recently, a software program has been used in nuclear power plants (NPPs) to digitalize many instrumentation and control systems. To guarantee NPP safety, the reliability of the software used in safety-critical instrumentation and control systems must be quantified and verified with proper test cases and test environment. In this study, a software testing method using a simulation-based software test bed is proposed. The test bed is developed by emulating the microprocessor architecture of the programmable logic controller used in NPP safety-critical applications and capturing its behavior at each machine instruction. The effectiveness of the proposed method is demonstrated via a case study. To represent the possible states of software input and the internal variables that contribute to generating a dedicated safety signal, the software test cases are developed in consideration of the digital characteristics of the target system and the plant dynamics. The method provides a practical way to conduct exhaustive software testing, which can prove the software to be error free and minimize the uncertainty in software reliability quantification. Compared with existing testing methods, it can effectively reduce the software testing effort by emulating the programmable logic controller behavior at the machine level

An integrated risk analysis framework for safety and cybersecurity of industrial SCADA system

The industrial control system (ICS) refers to a collection of various types of control systems commonly found in industrial sectors and critical infrastructures such as energy, oil and gas, transportation, and manufacturing. The supervisory control and data acquisition (SCADA) system is a type of ICS that controls and monitors operations and industrial processes scattered across a large geographic area. SCADA systems are relying on information and communication technology to improve the efficiency of operations. This integration means that SCADA systems are targeted by the same threats and vulnerabilities that affect ICT assets. This means that the cybersecurity problem in SCADA system is exacerbated by the IT heritage issue. If the control system is compromised due to this connection, serious consequences may follow. This leads to the necessity to have an integrated framework that covers both safety and security risk analysis in this context. This thesis proposes an integrated risk analysis framework that comprise of four stages, and that build on the advances of risk science and industry standards, to improve understanding of SCADA system complexity, and manage risks considering process safety and cybersecurity in a holistic approach. The suggested framework is committed to improving safety and security risk analysis by examining the expected consequences through integrated risk identifications and identifying adequate safeguards and countermeasures to defend cyber-attack scenarios. A simplified SCADA system and an undesirable scenario of overpressure in the pipeline are presented in which the relevant stages of the framework are applied

STANDARDIZING FUNCTIONAL SAFETY ASSESSMENTS FOR OFF-THE-SHELF INSTRUMENTATION AND CONTROLS

It is typical for digital instrumentation and controls, used to manage significant risk, to undergo substantial amounts of scrutiny. The equipment must be proven to have the necessary level of design integrity. The details of the scrutiny vary based on the particular industry, but the ultimate goal is to provide sufficient evidence that the equipment will operate successfully when performing their required functions. To be able to stand up to the scrutiny and more importantly, successfully perform the required safety functions, the equipment must be designed to defend against random hardware failures and also to prevent systematic faults. These design activities must also have been documented in a manner that sufficiently proves their adequacy. The variability in the requirements of the different industries makes this task difficult for instrumentation and controls equipment manufacturers. To assist the manufacturers in dealing with these differences, a standardization of requirements is needed to facilitate clear communication of expectations. The IEC 61508 set of standards exists to fulfill this role, but it is not yet universally embraced. After that occurs, various industries, from nuclear power generation to oil & gas production, will benefit from the existence of a wider range of equipment that has been designed to perform in these critical roles and that also includes the evidence necessary to prove its integrity. The manufacturers will then be able to enjoy the benefit of having a larger customer base interested in their products. The use of IEC 61508 will also help industries avoid significant amounts of uncertainty when selecting commercial off-the-shelf equipment. It is currently understood that it cannot be assumed that a typical commercial manufacturer’s equipment designs and associated design activities will be adequate to allow for success in these high risk applications. In contrast, a manufacturer that seeks to comply with IEC 61508 and seeks to achieve certification by an independent third party can be assumed to be better suited for meeting the needs of these demanding situations. Use of these manufacturers help to avoid substantial uncertainty and risk

Towards Standardisation Measures to Support the Security of Control and Real-Time Systems for Energy Critical Infrastructures

This report outlines the context for control and real time systems vulnerability in the energy sector, their role in energy critical infrastructures and their emerging vulnerabilities as they were put in light by some recent episodes. Then it provides a survey on the current efforts to set up reference frameworks addressing the broad issue of supervisory and control systems security. It discusses the role of standards and outlines the reference approaches in that respect. The current attitude of Europe towards the issue of control systems security is discussed and compared with the US situation, based on a stakeholder consultation, and gaps and challenges are outlined. A set of recommendations for policy measures to address the issue is given.JRC.DG.G.6-Security technology assessmen

Safety lifecycle management in the process industries : the development of a qualitative safety related information analysis technique

XXII+189hlm.;24c

Introduction to industrial control networks

An industrial control network is a system of interconnected equipment used to monitor and control physical equipment in industrial environments. These networks differ quite significantly from traditional enterprise networks due to the specific requirements of their operation. Despite the functional differences between industrial and enterprise networks, a growing integration between the two has been observed. The technology in use in industrial networks is also beginning to display a greater reliance on Ethernet and web standards, especially at higher levels of the network architecture. This has resulted in a situation where engineers involved in the design and maintenance of control networks must be familiar with both traditional enterprise concerns, such as network security, as well as traditional industrial concerns such as determinism and response time. This paper highlights some of the differences between enterprise and industrial networks, presents a brief history of industrial networking, gives a high level explanation of some operations specific to industrial networks, provides an overview of the popular protocols in use and describes current research topics. The purpose of this paper is to serve as an introduction to industrial control networks, aimed specifically at those who have had minimal exposure to the field, but have some familiarity with conventional computer networks.http://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=9739hb2016Electrical, Electronic and Computer Engineerin

Towards Identifying and closing Gaps in Assurance of autonomous Road vehicleS - a collection of Technical Notes Part 2

This report provides an introduction and overview of the Technical Topic Notes (TTNs) produced in the Towards Identifying and closing Gaps in Assurance of autonomous Road vehicleS (Tigars) project. These notes aim to support the development and evaluation of autonomous vehicles. Part 1 addresses: Assurance-overview and issues, Resilience and Safety Requirements, Open Systems Perspective and Formal Verification and Static Analysis of ML Systems. This report is Part 2 and discusses: Simulation and Dynamic Testing, Defence in Depth and Diversity, Security-Informed Safety Analysis, Standards and Guidelines

Detection techniques in operational technology infrastructure

In previous decades, cyber-attacks have not been considered a threat to critical infrastructure. However, as the Information Technology (IT) and Operational Technology (OT) domains converge, the vulnerability of OT infrastructure is being exploited. Nation-states, cyber criminals and hacktivists are moving to benefit from economic and political gains. The OT network, i.e. Industrial Control System (ICS) is referred to within OT infrastructure as Supervisory Control and Data Acquisition (SCADA). SCADA systems were introduced primarily to optimise the data transfer within OT network infrastructure. The introduction of SCADA can be traced back to the 1960’s, a time where cyber-attacks were not considered. Hence SCADA networks and associated systems are highly vulnerable to cyber-attacks which can ultimately result in catastrophic events. Historically, when deployed, intrusion detection systems in converged IT/OT networks are deployed and monitor the IT side of the network. While academic research into OT specific intrusion detection is not a new direction, application to real systems are few and lack the contextual information required to make intrusion detection systems actionable. This paper provides an overview of cyber security in OT SCADA networks. Through evaluating the historical development of OT systems and protocols, a range of current issues caused by the IT/OT convergence is presented. A number of publicly disclosed SCADA vulnerabilities are outlined, in addition to approaches for detecting attacks in OT networks. The paper concludes with a discussion of what the future of interconnected OT systems should entail, and the potential risks of continuing with an insecure design philosophy