Forensic Attacks Analysis and the Cyber Security of Safety-Critical Industrial Control Systems

Industrial Control Systems (ICS) and SCADA (Supervisory Control And Data Acquisition) applications monitor and control a wide range of safety-related functions. These include energy generation where failures could have significant, irreversible consequences. They also include the control systems that are used in the manufacture of safety-related products. In this case bugs in an ICS/SCADA system could introduce flaws in the production of components that remain undetected before being incorporated into safety-related applications. Industrial Control Systems, typically, use devices and networks that are very different from conventional IP-based infrastructures. These differences prevent the re-use of existing cyber-security products in ICS/SCADA environments; the architectures, file formats and process structures are very different. This paper supports the forensic analysis of industrial control systems in safety-related applications. In particular, we describe how forensic attack analysis is used to identify weaknesses in devices so that we can both protect components but also determine the information that must be analyzed during the aftermath of a cyber-incident. Simulated attacks detect vulnerabilities; a risk-based approach can then be used to assess the likelihood and impact of any breach. These risk assessments are then used to justify both immediate and longer-term countermeasures

Forensic Attacks Analysis and the Cyber Security of Safety-Critical Industrial Control Systems

Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) applications monitor and control a wide range of safety-related functions. These include energy generation, where failures could have significant, irreversible consequences. They also include the control systems that are used in the manufacture of safety-related products. In this case, “bugs” in an ICS/SCADA system could introduce flaws in the production of components; these flaws remain undetected before being incorporated into safety-related applications. Industrial Control Systems, typically, use devices and networks that are different from conventional IP-based infrastructures. These differences prevent the re-use of existing cyber-security products in ICS/SCADA environments; the architectures, file formats and process structures are all different. This paper supports the forensic analysis of industrial control systems in safety-related applications. In particular, we describe how forensic attack analysis is used to identify weaknesses in devices so that we can both protect components and determine the information that must be analyzed during the aftermath of a cyber-incident. Simulated attacks detect vulnerabilities; a risk-based approach can then be used to assess the likelihood and impact of any breach. These risk assessments are then used to justify both immediate and longer-term countermeasures

Defending Against Firmware Cyber Attacks on Safety-Critical Systems

In the past, it was not possible to update the underlying software in many industrial control devices. Engineering teams had to ‘rip and replace’ obsolete components. However, the ability to make firmware updates has provided significant benefits to the companies who use Programmable Logic Controllers (PLCs), switches, gateways and bridges as well as an array of smart sensor/actuators. These updates include security patches when vulnerabilities are identified in existing devices; they can be distributed by physical media but are increasingly downloaded over Internet connections. These mechanisms pose a growing threat to the cyber security of safety-critical applications, which are illustrated by recent attacks on safety-related infrastructures across the Ukraine. Subsequent sections explain how malware can be distributed within firmware updates. Even when attackers cannot reverse engineer the code necessary to disguise their attack, they can undermine a device by forcing it into a constant upload cycle where the firmware installation never terminates. In this paper, we present means of mitigating the risks of firmware attack on safety-critical systems as part of wider initiatives to secure national critical infrastructures. Technical solutions, including firmware hashing, must be augmented by organizational measures to secure the supply chain within individual plants, across companies and throughout safety-related industries

Between life and death: exploring the sociocultural context of antenatal mental distress in rural Ethiopia

The high prevalence of antenatal common mental disorders in sub-Saharan Africa compared to high-income countries is poorly understood. This qualitative study explored the sociocultural context of antenatal mental distress in a rural Ethiopian community. Five focus group discussions and 25 in-depth interviews were conducted with purposively sampled community stakeholders. Inductive analysis was used to develop final themes. Worry about forthcoming delivery and fears for the woman’s survival were prominent concerns of all participants, but only rarely perceived to be pathological in intensity. Sociocultural practices such as continuing physical labour, dietary restriction, prayer and rituals to protect against supernatural attack were geared towards safe delivery and managing vulnerability. Despite strong cultural norms to celebrate pregnancy, participants emphasised that many pregnancies were unwanted and an additional burden on top of pre-existing economic and marital difficulties. Short birth interval and pregnancy out of wedlock were both seen as shameful and potent sources of mental distress. The notion that pregnancy in traditional societies is uniformly a time of joy and happiness is misplaced. Although antenatal mental distress may be self-limiting for many women, in those with enduring life difficulties, including poverty and abusive relationships, poor maternal mental health may persist

Aggregation tests identify new gene associations with breast cancer in populations with diverse ancestry

Low-frequency variants play an important role in breast cancer (BC) susceptibility. Gene-based methods can increase power by combining multiple variants in the same gene and help identify target genes. We evaluated the potential of gene-based aggregation in the Breast Cancer Association Consortium cohorts including 83,471 cases and 59,199 controls. Low-frequency variants were aggregated for individual genes' coding and regulatory regions. Association results in European ancestry samples were compared to single-marker association results in the same cohort. Gene-based associations were also combined in meta-analysis across individuals with European, Asian, African, and Latin American and Hispanic ancestry. In European ancestry samples, 14 genes were significantly associated (q < 0.05) with BC. Of those, two genes, FMNL3 (P = 6.11 × 10 ) and AC058822.1 (P = 1.47 × 10 ), represent new associations. High FMNL3 expression has previously been linked to poor prognosis in several other cancers. Meta-analysis of samples with diverse ancestry discovered further associations including established candidate genes ESR1 and CBLB. Furthermore, literature review and database query found further support for a biologically plausible link with cancer for genes CBLB, FMNL3, FGFR2, LSP1, MAP3K1, and SRGAP2C. Using extended gene-based aggregation tests including coding and regulatory variation, we report identification of plausible target genes for previously identified single-marker associations with BC as well as the discovery of novel genes implicated in BC development. Including multi ancestral cohorts in this study enabled the identification of otherwise missed disease associations as ESR1 (P = 1.31 × 10 ), demonstrating the importance of diversifying study cohorts. [Abstract copyright: © 2023. The Author(s).

Polygenic Risk Scores for Prediction of Breast Cancer and Breast Cancer Subtypes

Stratification of women according to their risk of breast cancer based on polygenic risk scores (PRSs) could improve screening and prevention strategies. Our aim was to develop PRSs, optimized for prediction of estrogen receptor (ER)-specific disease, from the largest available genome-wide association dataset and to empirically validate the PRSs in prospective studies. The development dataset comprised 94,075 case subjects and 75,017 control subjects of European ancestry from 69 studies, divided into training and validation sets. Samples were genotyped using genome-wide arrays, and single-nucleotide polymorphisms (SNPs) were selected by stepwise regression or lasso penalized regression. The best performing PRSs were validated in an independent test set comprising 11,428 case subjects and 18,323 control subjects from 10 prospective studies and 190,040 women from UK Biobank (3,215 incident breast cancers). For the best PRSs (313 SNPs), the odds ratio for overall disease per 1 standard deviation in ten prospective studies was 1.61 (95%CI: 1.57-1.65) with area under receiver-operator curve (AUC) = 0.630 (95%CI: 0.628-0.651). The lifetime risk of overall breast cancer in the top centile of the PRSs was 32.6%. Compared with women in the middle quintile, those in the highest 1% of risk had 4.37- and 2.78-fold risks, and those in the lowest 1% of risk had 0.16- and 0.27-fold risks, of developing ER-positive and ER-negative disease, respectively. Goodness-of-fit tests indicated that this PRS was well calibrated and predicts disease risk accurately in the tails of the distribution. This PRS is a powerful and reliable predictor of breast cancer risk that may improve breast cancer prevention programs.NovartisEli Lilly and CompanyAstraZenecaAbbViePfizer UKCelgeneEisaiGenentechMerck Sharp and DohmeRocheCancer Research UKGovernment of CanadaArray BioPharmaGenome CanadaNational Institutes of HealthEuropean CommissionMinistère de l'Économie, de l’Innovation et des Exportations du QuébecSeventh Framework ProgrammeCanadian Institutes of Health Researc

Genome-wide association study identifies 32 novel breast cancer susceptibility loci from overall and subtype-specific analyses.

Breast cancer susceptibility variants frequently show heterogeneity in associations by tumor subtype1-3. To identify novel loci, we performed a genome-wide association study including 133,384 breast cancer cases and 113,789 controls, plus 18,908 BRCA1 mutation carriers (9,414 with breast cancer) of European ancestry, using both standard and novel methodologies that account for underlying tumor heterogeneity by estrogen receptor, progesterone receptor and human epidermal growth factor receptor 2 status and tumor grade. We identified 32 novel susceptibility loci (P < 5.0 × 10-8), 15 of which showed evidence for associations with at least one tumor feature (false discovery rate < 0.05). Five loci showed associations (P < 0.05) in opposite directions between luminal and non-luminal subtypes. In silico analyses showed that these five loci contained cell-specific enhancers that differed between normal luminal and basal mammary cells. The genetic correlations between five intrinsic-like subtypes ranged from 0.35 to 0.80. The proportion of genome-wide chip heritability explained by all known susceptibility loci was 54.2% for luminal A-like disease and 37.6% for triple-negative disease. The odds ratios of polygenic risk scores, which included 330 variants, for the highest 1% of quantiles compared with middle quantiles were 5.63 and 3.02 for luminal A-like and triple-negative disease, respectively. These findings provide an improved understanding of genetic predisposition to breast cancer subtypes and will inform the development of subtype-specific polygenic risk scores

Genome-wide association study of germline variants and breast cancer-specific mortality

BACKGROUND: We examined the associations between germline variants and breast cancer mortality using a large meta-analysis of women of European ancestry. METHODS: Meta-analyses included summary estimates based on Cox models of twelve datasets using ~10

Novel software solutions for automating biochemical assays.

Laboratory Automation is used throughout the pharmaceutical and biotechnology industries to assist research within the drug discovery process. Many software packages are commercially available for automating biochemical assays, such as the ELISA, as part of this process. However, it is often difficult for a scientist to translate their assay into what is essentially a piece of programming logic. Advanced users with an understanding of basic programming are often required. By shifting the development approach, a software product has been created that focuses on how the user can set up an assay as opposed to how the software will automate instrumentation. A review of existing software in the field of laboratory automation and the scheduling methods that are used has provided a basic platform from which a new product, Overlord2, has been written using the Microsoft .NET framework. A flow chart interface has been selected as the method of describing an assay. This has the distinct advantage of allowing the user to control how their assay will be processed unlike the commercial products that currently exist. A new method of event driven scheduling has been created that uses fully utilizes this new flow chart interface. A simple underlying architecture has also been created that separates the core functionality into discrete components. This design has significantly improved the development-testing lifecycle. Additionally, this has allowed custom applications, tailored to the users requirements, to be implemented that use a set of common components, a novel concept in the field of laboratory automation. A software package, Overlord2, has been produced as part of this work using the latest programming technologies. At its core, it uses an instantly recognisable flow chart interface for assay creation. A scientist with limited programming knowledge can automate, with this software, the most common type of assays carried out in the Drug Discovery process

Novel software solutions for automating biochemical assays.

Laboratory Automation is used throughout the pharmaceutical and biotechnology industries to assist research within the drug discovery process. Many software packages are commercially available for automating biochemical assays, such as the ELISA, as part of this process. However, it is often difficult for a scientist to translate their assay into what is essentially a piece of programming logic. Advanced users with an understanding of basic programming are often required. By shifting the development approach, a software product has been created that focuses on how the user can set up an assay as opposed to how the software will automate instrumentation. A review of existing software in the field of laboratory automation and the scheduling methods that are used has provided a basic platform from which a new product, Overlord2, has been written using the Microsoft .NET framework. A flow chart interface has been selected as the method of describing an assay. This has the distinct advantage of allowing the user to control how their assay will be processed unlike the commercial products that currently exist. A new method of event driven scheduling has been created that uses fully utilizes this new flow chart interface. A simple underlying architecture has also been created that separates the core functionality into discrete components. This design has significantly improved the development-testing lifecycle. Additionally, this has allowed custom applications, tailored to the users requirements, to be implemented that use a set of common components, a novel concept in the field of laboratory automation. A software package, Overlord2, has been produced as part of this work using the latest programming technologies. At its core, it uses an instantly recognisable flow chart interface for assay creation. A scientist with limited programming knowledge can automate, with this software, the most common type of assays carried out in the Drug Discovery process