Applying Lessons from Cyber Attacks on Ukrainian Infrastructures to Secure Gateways onto the Industrial Internet of Things

Previous generations of safety-related industrial control systems were ‘air gapped’. In other words, process control components including Programmable Logic Controllers (PLCs) and smart sensor/actuators were disconnected and isolated from local or wide area networks. This provided a degree of protection; attackers needed physical access to compromise control systems components. Over time this ‘air gap’ has gradually been eroded. Switches and gateways have subsequently interfaced industrial protocols, including Profibus and Modbus, so that data can be drawn from safety-related Operational Technology into enterprise information systems using TCP/IP. Senior management uses these links to monitor production processes and inform strategic planning. The Industrial Internet of Things represents another step in this evolution – enabling the coordination of physically distributed resources from a centralized location. The growing range and sophistication of these interconnections create additional security concerns for the operation and management of safety-critical systems. This paper uses lessons learned from recent attacks on Ukrainian critical infrastructures to guide a forensic analysis of an IIoT switch. The intention is to identify and mitigate vulnerabilities that would enable similar attacks to be replicated across Europe and North America

Forensic Attacks Analysis and the Cyber Security of Safety-Critical Industrial Control Systems

Industrial Control Systems (ICS) and SCADA (Supervisory Control And Data Acquisition) applications monitor and control a wide range of safety-related functions. These include energy generation where failures could have significant, irreversible consequences. They also include the control systems that are used in the manufacture of safety-related products. In this case bugs in an ICS/SCADA system could introduce flaws in the production of components that remain undetected before being incorporated into safety-related applications. Industrial Control Systems, typically, use devices and networks that are very different from conventional IP-based infrastructures. These differences prevent the re-use of existing cyber-security products in ICS/SCADA environments; the architectures, file formats and process structures are very different. This paper supports the forensic analysis of industrial control systems in safety-related applications. In particular, we describe how forensic attack analysis is used to identify weaknesses in devices so that we can both protect components but also determine the information that must be analyzed during the aftermath of a cyber-incident. Simulated attacks detect vulnerabilities; a risk-based approach can then be used to assess the likelihood and impact of any breach. These risk assessments are then used to justify both immediate and longer-term countermeasures

Defending Against Firmware Cyber Attacks on Safety-Critical Systems

In the past, it was not possible to update the underlying software in many industrial control devices. Engineering teams had to “rip and replace” obsolete components. However, the ability to make firmware updates has provided significant benefits to companies who use Programmable Logic Controllers (PLCs), switches, gateways and bridges, as well as an array of smart sensor/actuators. While these updates — which include security patches when vulnerabilities are identified in existing devices — can be distributed by physical media, they are increasingly downloaded over Internet connections. These mechanisms pose a growing threat to the cyber security of safety-critical applications, which is illustrated by recent attacks on safety-related infrastructures across the Ukraine. This paper explains how malware can be distributed within firmware updates. Even when attackers cannot reverse engineer the code necessary to disguise their attack, they can undermine a device by forcing it into a constant upload cycle in which the firmware installation never terminates. In this paper, we present means of mitigating the risks of firmware attacks on safety-critical systems as part of wider initiatives to secure national critical infrastructures. Technical solutions, including firmware hashing, must be augmented by organizational measures to secure the supply chain within individual plants, across companies and throughout safety-related industries

Forensic Attacks Analysis and the Cyber Security of Safety-Critical Industrial Control Systems

Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) applications monitor and control a wide range of safety-related functions. These include energy generation, where failures could have significant, irreversible consequences. They also include the control systems that are used in the manufacture of safety-related products. In this case, “bugs” in an ICS/SCADA system could introduce flaws in the production of components; these flaws remain undetected before being incorporated into safety-related applications. Industrial Control Systems, typically, use devices and networks that are different from conventional IP-based infrastructures. These differences prevent the re-use of existing cyber-security products in ICS/SCADA environments; the architectures, file formats and process structures are all different. This paper supports the forensic analysis of industrial control systems in safety-related applications. In particular, we describe how forensic attack analysis is used to identify weaknesses in devices so that we can both protect components and determine the information that must be analyzed during the aftermath of a cyber-incident. Simulated attacks detect vulnerabilities; a risk-based approach can then be used to assess the likelihood and impact of any breach. These risk assessments are then used to justify both immediate and longer-term countermeasures

Defending Against Firmware Cyber Attacks on Safety-Critical Systems

In the past, it was not possible to update the underlying software in many industrial control devices. Engineering teams had to ‘rip and replace’ obsolete components. However, the ability to make firmware updates has provided significant benefits to the companies who use Programmable Logic Controllers (PLCs), switches, gateways and bridges as well as an array of smart sensor/actuators. These updates include security patches when vulnerabilities are identified in existing devices; they can be distributed by physical media but are increasingly downloaded over Internet connections. These mechanisms pose a growing threat to the cyber security of safety-critical applications, which are illustrated by recent attacks on safety-related infrastructures across the Ukraine. Subsequent sections explain how malware can be distributed within firmware updates. Even when attackers cannot reverse engineer the code necessary to disguise their attack, they can undermine a device by forcing it into a constant upload cycle where the firmware installation never terminates. In this paper, we present means of mitigating the risks of firmware attack on safety-critical systems as part of wider initiatives to secure national critical infrastructures. Technical solutions, including firmware hashing, must be augmented by organizational measures to secure the supply chain within individual plants, across companies and throughout safety-related industries

A novel footwear intervention to assist in the gait of patients with intermittent claudication

Peripheral arterial disease is characterised by blocking of the peripheral arteries. A common symptom is intermittent claudication, a cramping pain felt intermittently during activity such as walking. This is due to muscle oxygen demand surpassing the available supply and can significantly reduce mobility and quality of life. One noninvasive treatment option is the use of footwear and orthoses to alter muscle activity and delay the onset of calf pain. The aim of the research in this thesis was to determine the gait characteristics of individuals with intermittent claudication and to assess the effects of footwear and orthotic interventions on their gait. Three studies were completed. The first compared gait of individuals with intermittent claudication to that of healthy age-matched controls. The second assessed the effectiveness of three rocker soled shoes (with and without an anklefoot orthosis) in altering lower limb kinetics and muscle activity. The third investigated the effectiveness of the most effective rocker soled shoe intervention (in study two) in increasing mobility during gait and in real world situations. People with intermittent claudication adopt a slower walking speed and shorter step length and have reduced internal ankle moment and ankle power production during push-off phase of gait. The peak EMG activity of their soleus muscle also appears to be lower than healthy counterparts. A rocker soled shoe, consisting of three curves blended into one, was found to be the most effective at decreasing the moment, power and muscle activity demand at the ankle during the gait of individuals with intermittent claudication. The findings indicated the potential ability of the shoe to reduce the oxygen demand of the calf, such that it might delay onset of intermittent claudication pain. However, when tested under real world conditions this rocker soled shoe did not significantly delay the onset of pain in people with intermittent claudication during over ground gait, or increase maximum walking distance. Further modifications to the rocker soled design will be required to further reduce oxygen required by the lower limb muscles before a clinically significant delay in intermittent claudication pain can be achieved

Benign multicystic peritoneal mesothelioma in a postmenopausal woman complicated with an ovarian cyst: a case report

Benign multicystic peritoneal mesothelioma is a rare cystic neoplasm, characterized by subtle symptoms, that occurs predominantly in reproductive-aged women. The pathogenesis and etiology of the disease are yet to be determined. We herein present a 71-year-old woman presented to our clinic with persistent low back pain. The clinical examination showed a palpable mass in the abdominal area. The magnetic resonance imaging revealed multiple cystic lesions that occupy the largest part of the pelvis, posterior to the uterus. The patient underwent cyst excision, total hysterectomy with bilateral salpingo-oophorectomy, omentectomy and lymph node dissection. Postoperative course was uneventful and histopathology of the specimen revealed a benign multicystic peritoneal mesothelioma. Complete tumor resection is considered the optimal therapeutic approach of peritoneal mesothelioma. Histopathological analysis is required to confirm the diagnosis of multicystic peritoneal mesothelioma

Feedback on Teaching: Non-standard Minute Paper Methods

The importance of feedback in the learning and teaching context is widely recognised. In recent years, its primary focus has been on the provision of feedback to students, a unidirectional flow of information from educators to students on their formative and summative assignments. Feedback on teaching makes learning visible; however, this visibility depends on the teacher awareness of their impact on students. The uptake of end of class student feedback is relatively small in large classes. This paper reports on three lecturers’ account in collecting and responding to regular feedback on teaching in the School of Computing Science at the University of Glasgow. The lecturers’ accounts of their experience may be used as a starting point for educators willing to implement regular routine feedback on their teaching. Based on our experience, we propose guidelines emphasising structure and regularity in the collection of feedback on teaching