Towards a High-Fidelity Network Emulation of IEC 104 SCADA Systems

With the rise of malware targeting industrial control systems, researchers need more tools to develop a better understanding of the networks under attack, the potential behavior of malware, and design possible defenses. One of the most important protocols used in practice today is IEC 104, which is used to monitor and control the Power Grid of several countries, as well as to monitor and control other critical infrastructures such as gas, oil, and water systems. In this paper we present our preliminary results in implementing the IEC 104 industrial protocol standard in Python and integrate it to a network emulation tool supported by Mininet

Hazard driven threat modelling for cyber physical systems

Adversarial actors have shown their ability to infiltrate enterprise networks deployed around Cyber Physical Systems (CPSs) through social engineering, credential stealing and file-less infections. When inside, they can gain enough privileges to maliciously call legitimate APIs and apply unsafe control actions to degrade the system performance and undermine its safety. Our work lies at the intersection of security and safety, and aims to understand dependencies among security, reliability and safety in CPS/IoT. We present a methodology to perform hazard driven threat modelling and impact assessment in the context of CPSs. The process starts from the analysis of behavioural, functional and architectural models of the CPS. We then apply System Theoretic Process Analysis (STPA) on the functional model to highlight high-level abuse cases. We lever-age a mapping between the architectural and the system theoretic(ST) models to enumerate those components whose impairment provides the attacker with enough privileges to tamper with or disrupt the data-flows. This enables us to find a causal connection between the attack surface (in the architectural model) and system level losses. We then link the behavioural and system theoretic representations of the CPS to quantify the impact of the attack. Using our methodology it is possible to compute a comprehensive attack graph of the known attack paths and to perform both a qualitative and quantitative impact assessment of the exploitation of vulnerabilities affecting target nodes. The framework and methodology are illustrated using a small scale example featuring a Communication Based Train Control (CBTC) system. Aspects regarding the scalability of our methodology and its application in real world scenarios are also considered. Finally, we discuss the possibility of using the results obtained to engineer both design time and real time defensive mechanisms

Circumpolar terrestrial arthropod monitoring: a review of ongoing activities, opportunities and challenges with a focus on spiders

The terrestrial chapter of the Circumpolar Biodiversity Monitoring Programme (CBMP) has the potential to bring international multi-taxon, long-term monitoring together, but detailed fundamental species information for Arctic arthropods lags far behind that for vertebrates and plants. In this paper, we demonstrate this major challenge to the CBMP by focussing on spiders (Order: Araneae) as an example group. We collate available circumpolar data on the distribution of spiders and highlight the current monitoring opportunities and identify the key knowledge gaps to address before monitoring can become efficient. We found spider data to be more complete than data for other taxa, but still variable in quality and availability between Arctic regions, highlighting the need for greater international co-operation for baseline studies and data sharing. There is also a dearth of long-term datasets for spiders and other arthropod groups from which to assess status and trends of biodiversity. Therefore, baseline studies should be conducted at all monitoring stations and we make recommendations for the development of the CBMP in relation to terrestrial arthropods more generally