Deterministic Industrial Network Communication: Fundamentals

Industrial networks came into existence with the third industrial revolution to support manufacturing and automation. Over the years, there has been technical advancement in different aspects of networking technologies in order to make production and governing automation efficient and intelligent. This also brought along advancing threats leading to the need of advancements in counterattacking or prevention methods. However, to contribute in challenging the Advanced Persistent Threats (APTs) the understanding of the fundamentals of industrial communication is needed. Determinism is at the core of automation, hence this report comprehends various literature sources on the industrial network communication strategies to achieve deterministic industrial network communication

POET: A Self-learning Framework for PROFINET Industrial Operations Behaviour

Since 2010, multiple cyber incidents on industrial infrastructure, such as Stuxnet and CrashOverride, have exposed the vulnerability of Industrial Control Systems (ICS) to cyber threats. The industrial systems are commissioned for longer duration amounting to decades, often resulting in non-compliance to technological advancements in industrial cybersecurity mechanisms. The unavailability of network infrastructure information makes designing the security policies or configuring the cybersecurity countermeasures such as Network Intrusion Detection Systems (NIDS) challenging. An empirical solution is to self-learn the network infrastructure information of an industrial system from its monitored network traffic to make the network transparent for downstream analyses tasks such as anomaly detection. In this work, a Python-based industrial communication paradigm-aware framework, named PROFINET Operations Enumeration and Tracking (POET), that enumerates different industrial operations executed in a deterministic order of a PROFINET-based industrial system is reported. The operation-driving industrial network protocol frames are dissected for enumeration of the operations. For the requirements of capturing the transitions between industrial operations triggered by the communication events, the Finite State Machines (FSM) are modelled to enumerate the PROFINET operations of the device, connection and system. POET extracts the network information from network traffic to instantiate appropriate FSM models (Device, Connection or System) and track the industrial operations. It successfully detects and reports the anomalies triggered by a network attack in a miniaturized PROFINET-based industrial system, executed through valid network protocol exchanges and resulting in invalid PROFINET operation transition for the device

Towards data-driven cyber attack damage and vulnerability estimation for manufacturing enterprises

Defending networks against cyber attacks is often reactive rather than proactive. Attacks against enterprises are often monetary driven and are targeted to compromise data. While the best practices in enterprise-level cyber security of IT infrastructures are well established, the same cannot be said for critical infrastructures that exist in the manufacturing industry. Often guided by these best practices, manufacturing enterprises apply blanket cyber security in order to protect their networks, resulting in either under or over protection. In addition, these networks comprise heterogeneous entities such as machinery, control systems, digital twins and interfaces to the external supply chain making them susceptible to cyber attacks that cripple the manufacturing enterprise. Therefore, it is necessary to analyse, comprehend and quantify the essential metrics of providing targeted and optimised cyber security for manufacturing enterprises. This paper presents a novel data-driven approach to develop the essential metrics, namely, Damage Index (DI) and Vulnerability Index (VI) that quantify the extent of damage a manufacturing enterprise could suffer due to a cyber attack and the vulnerabilities of the heterogeneous entities within the enterprise respectively. A use case for computing the metrics is also demonstrated. This work builds a strong foundation for development of an adaptive cyber security architecture with optimal use of IT resources for manufacturing enterprises

Industrial Network Topology Analysis with Episode Mining

Industrial network communication is highly deterministic as result of availability requirement of control systems in automated industrial production systems. This deterministic character helps with initial step of self-learning anomaly detection systems to detect periodic production cycle in industrial network communication. The methods for frequent episode mining in event sequences fits well to solve the challenge of production cycle detection for self-learning system. We encode the network communication events to serial and parallel episodes. Methods for discovery of frequent episodes in event sequences are briefly explained. These methods would be further adapted in future to our encoded network communication traffic to extract production cycle comprised of serial and parallel episodes

POET: A Self-learning Framework for PROFINET Industrial Operations Behaviour

Since 2010, multiple cyber incidents on industrial infrastructure, such as Stuxnet and CrashOverride, have exposed the vulnerability of Industrial Control Systems (ICS) to cyber threats. The industrial systems are commissioned for longer duration amounting to decades, often resulting in non-compliance to technological advancements in industrial cybersecurity mechanisms. The unavailability of network infrastructure information makes designing the security policies or configuring the cybersecurity countermeasures such as Network Intrusion Detection Systems (NIDS) challenging. An empirical solution is to self-learn the network infrastructure information of an industrial system from its monitored network traffic to make the network transparent for downstream analyses tasks such as anomaly detection. In this work, a Python-based industrial communication paradigm-aware framework, named PROFINET Operations Enumeration and Tracking (POET), that enumerates different industrial operations executed in a deterministic order of a PROFINET-based industrial system is reported. The operation-driving industrial network protocol frames are dissected for enumeration of the operations. For the requirements of capturing the transitions between industrial operations triggered by the communication events, the Finite State Machines (FSM) are modelled to enumerate the PROFINET operations of the device, connection and system. POET extracts the network information from network traffic to instantiate appropriate FSM models (Device, Connection or System) and track the industrial operations. It successfully detects and reports the anomalies triggered by a network attack in a miniaturized PROFINET-based industrial system, executed through valid network protocol exchanges and resulting in invalid PROFINET operation transition for the device.Comment: To be published in the proceedings of EAI TRIDENTCOM 202

Secure Web System Development

The recent development in the field of Web system technology has transformed the software industry radically by integrating a wide range of web users, vendors, and enterprise applications worldwide. In Web-based system, a security requirement is a critical issue. This difficulty is due to the complexity level of such systems as well as their variety and increasing distribution. The World Wide Web has become a highly adopted platform for web system. In order to avoid the high impacts of software vulnerabilities, it is necessary to specify security requirements early in the development on a detailed level and it needs to be built into the application design up-front by explicitly stating the security approach. A current web system faces major security problems because security design is not integrated into the Web Engineering Development Process. Due to insufficient support for a concrete and assessable level the application security and the software security is invaded. This paper emphasizes on need of security at Development Lifecycle (SDLC) of web system and integration of security in web system development life cycle

A cross-domain physical testbed environment for cybersecurity performance evaluations

PCAPs of the paper "CrossTest: A cross-domain physical testbed environment for cybersecurity performance evaluations"

Modeling and analysis of a printed circuit heat exchanger for supercritical CO2 power cycle applications

The supercritical carbon dioxide (S-CO2) based Brayton cycle is a good alternative to conventional power cycles because of high cycle efficiency, compact turbo machinery and compact heat exchangers. In this cycle, the majority of heat transfer (approximately 60-70% of total cycle heat transfer) occurs in the regenerator. For the regenerator, micro-channel heat exchanger is an attractive option because of its high surface-area-to-volume ratio. In this study, the performance of a printed circuit heat exchanger (PCHE) with straight and zigzag channels is evaluated. The study is performed for fully turbulent conditions. The channel diameter and the operating Reynolds number play significant roles in the overall heat transfer and pressure drop of hot and cold channels of S-CO2. For zigzag channels, it is found that a larger bend angle and smaller linear pitch perform better than a smaller bend angle and large linear pitch combination. Correlations for Nusselt number and friction factor are developed using ANSYS Fluent and are subsequently utilized in one dimensional (1D) thermal modeling of the heat exchanger. For the same thermal capacity, the model indicates that the zigzag channel PCHE volume is significantly smaller than that of a straight channel PCHE because of higher heat transfer coefficient. However, the pressure drop incurred in the former design is larger. (C) 2016 Elsevier Ltd. All rights reserved