5,901 research outputs found
Securing the Participation of Safety-Critical SCADA Systems in the Industrial Internet of Things
In the past, industrial control systems were ‘air gapped’ and
isolated from more conventional networks. They used
specialist protocols, such as Modbus, that are very different
from TCP/IP. Individual devices used proprietary operating
systems rather than the more familiar Linux or Windows.
However, things are changing. There is a move for greater
connectivity – for instance so that higher-level enterprise
management systems can exchange information that helps
optimise production processes. At the same time, industrial
systems have been influenced by concepts from the Internet
of Things; where the information derived from sensors and
actuators in domestic and industrial components can be
addressed through network interfaces. This paper identifies a
range of cyber security and safety concerns that arise from
these developments. The closing sections introduce potential
solutions and identify areas for future research
The FRT-Construction via Quantum Affine Algebras and Smash Products
For every element w in the Weyl group of a simple Lie algebra g, De Concini,
Kac, and Procesi defined a subalgebra U_q^w of the quantized universal
enveloping algebra U_q(g). The algebra U_q^w is a deformation of the universal
enveloping algebra U(n_+\cap w.n_-). We construct smash products of certain
finite-type De Concini-Kac-Procesi algebras to obtain ones of affine type; we
have analogous constructions in types A_n and D_n. We show that the
multiplication in the affine type De Concini-Kac-Procesi algebras arising from
this smash product construction can be twisted by a cocycle to produce certain
subalgebras related to the corresponding Faddeev-Reshetikhin-Takhtajan
bialgebras.Comment: 15 page
A Commentary on the WSIPP Report: Evaluating Whether a Risk Assessment Reduced Racial Disparity
The Washington State Institute for Public Policy (WSIPP) recently released a brief report on whether or not implementation of a risk assessment reduced racial disproportionality. This response to the report briefly reviews the findings, critiques the relevance of the research hypotheses, and describes limitations of the research design that undermine the credibility of the conclusions drawn from the study. It also describes a more comprehensive approach to reducing racial disparity and evaluating the success of these efforts
Applying Lessons from Cyber Attacks on Ukrainian Infrastructures to Secure Gateways onto the Industrial Internet of Things
Previous generations of safety-related industrial control systems were ‘air gapped’. In other words, process control
components including Programmable Logic Controllers (PLCs) and smart sensor/actuators were disconnected and
isolated from local or wide area networks. This provided a degree of protection; attackers needed physical access to
compromise control systems components. Over time this ‘air gap’ has gradually been eroded. Switches and
gateways have subsequently interfaced industrial protocols, including Profibus and Modbus, so that data can be
drawn from safety-related Operational Technology into enterprise information systems using TCP/IP. Senior
management uses these links to monitor production processes and inform strategic planning. The Industrial Internet
of Things represents another step in this evolution – enabling the coordination of physically distributed resources
from a centralized location. The growing range and sophistication of these interconnections create additional
security concerns for the operation and management of safety-critical systems. This paper uses lessons learned
from recent attacks on Ukrainian critical infrastructures to guide a forensic analysis of an IIoT switch. The intention
is to identify and mitigate vulnerabilities that would enable similar attacks to be replicated across Europe and North
America
Forensic Attacks Analysis and the Cyber Security of Safety-Critical Industrial Control Systems
Industrial Control Systems (ICS) and SCADA (Supervisory Control And Data Acquisition) applications monitor
and control a wide range of safety-related functions. These include energy generation where failures could have
significant, irreversible consequences. They also include the control systems that are used in the manufacture of
safety-related products. In this case bugs in an ICS/SCADA system could introduce flaws in the production of
components that remain undetected before being incorporated into safety-related applications. Industrial Control
Systems, typically, use devices and networks that are very different from conventional IP-based infrastructures.
These differences prevent the re-use of existing cyber-security products in ICS/SCADA environments; the
architectures, file formats and process structures are very different. This paper supports the forensic analysis of
industrial control systems in safety-related applications. In particular, we describe how forensic attack analysis is
used to identify weaknesses in devices so that we can both protect components but also determine the information
that must be analyzed during the aftermath of a cyber-incident. Simulated attacks detect vulnerabilities; a risk-based
approach can then be used to assess the likelihood and impact of any breach. These risk assessments are then used
to justify both immediate and longer-term countermeasures
- …