Operational Technology Preparedness:A Risk-Based Safety Approach to Scoping Security Tests for Cyber Incident Response and Recovery

Following the advent of Industry 4.0, there have been significant benefits to industrial process optimisation through increased interconnectivity and the integration of Information Technology (IT) and Operational Technology (OT). However, this has also led to an increased attack surface for cyber threat actors to target. A growing number of cyber attacks on industrial environments, including Critical National Infrastructure, has, subsequently, been observed. In response, government and standardisation organisations alike have invested considerable resources in improving the cyber security of these environments. This includes response and recovery, often used as a last line of defence against cyber attacks. However, due to the unique design philosophies of Industrial Control Systems (ICS), several challenges exist for effectively securing these systems against digital threats. Through an analysis of standards and guidelines, used for assessing and improving cyber incident response and recovery capabilities, and stakeholder engagement on the implementation of these in practice, this thesis first identifies the challenges that exist when it comes to preparing for cyber incidents targeting ICS/OT environments. In particular, risk management, which involves identifying, evaluating, and prioritising risks and finding solutions to minimise, monitor, and control these, was found to be essential for improving preparation for cyber incidents. Assurance techniques are used as part of risk management to generate evidence for making claims of assurances about security. Alongside this, adversary-centric security tests such as penetration tests are used to evaluate and improve cyber resilience and incident response capabilities by emulating the actions of malicious actors. However, despite the benefits that these provide, they are currently not implemented to their full potential due to the safety and operational risks that exist in ICS/OT environments. This thesis contributes to academic and industry knowledge by proposing a framework that incorporates methods for identifying and quantifying the safety and operational risks of conducting adversary-centric security tests within ICS/OT environments. In understanding the risks, these engagements can be scoped using precise constraints so as to maximise the depth of testing while minimising risk to safety and the operational process. The framework is then evaluated through a qualitative study involving industry experts, confirming the framework's validity for implementation in practice

Observations on the Effects of Oil Field Brines on the Fish and Bentric Macro-invertebrate Populations of a Central Oklahoma - Intermittent Stream

This study contrasts populations of fish and benthic macro-invertebrates in an oil field brine contaminated stream with those in a nearby, uncontaminated stream. The streams were selected on the basis of similar morphometric and hydrologic characteristics. Sampling frequency was impacted by drought. Significant differences in the community structures of the streams were evident despite the low sample numbers. The study was funded by a grant from The U.S. Fish and Wildlife Service.Zoolog

A Framework to Support ICS Cyber Incident Response and Recovery

During the past decade there has been a steady increase in cyber attacks targeting Critical National Infrastructure. In order to better protect against an ever-expanding threat landscape, governments, standards bodies, and a plethora of industry experts have produced relevant guidance for operators in response to incidents. However, in a context where safety, reliability, and availability are key, combined with the industrial nature of operational systems, advice on the right practice remains a challenge. This is further compounded by the volume of available guidance, raising questions on where operators should start, which guidance set should be followed, and how confidence in the adopted approach can be established. In this paper, an analysis of existing guidance with a focus on cyber incident response and recovery is provided. From this, a work in progress framework is posited, to better support operators in the development of response and recovery operations

An Analysis of Adversary-Centric Security Testing within Information and Operational Technology Environments

Assurance techniques such as adversary-centric security testing are an essential part of the risk assessment process for improving risk mitigation and response capabilities against cyber attacks. While the use of these techniques, including vulnerability assessments, penetration tests, and red team engagements, is well established within Information Technology (IT) environments, there are challenges to conducting these within Operational Technology (OT) environments, often due to the critical nature of the OT system. In this paper, we provide an analysis of the technical differences between IT and OT from an asset management perspective. This analysis provides a base for identifying how these differences affect the phases of adversary-centric security tests within industrial environments. We then evaluate these findings by using adversary-centric security testing techniques on an industrial control system testbed. Results from this work demonstrate that while legacy OT is highly susceptible to disruption during adversary-centric security testing, modern OT that uses better hardware and more optimised software is significantly more resilient to tools and techniques used for security testing. Clear requirements can, therefore, be identified for ensuring appropriate adversary-centric security testing within OT environments by quantifying the risks that the tools and techniques used during such engagements present to the operational process

Risk-Based Safety Scoping of Adversary-Centric Security Testing on Operational Technology

Due to the recent increase in cyber attacks targeting Critical National Infrastructure, governments and organisations alike have invested considerably into improving the security of their underlying infrastructure, commonly known as Operational Technology (OT). The use of adversary-centric security tests such as vulnerability assessments, penetration tests and red team engagements has gained significant traction due to these engagements' goal to emulate threat actors in preparation for genuine cyber attacks. Challenges arise, however, when performing security tests on these as the nature of OT results in additional safety and operational risk needing to be considered. This paper proposes a framework for incorporating the assessment of safety and operational risks within an overall scoping methodology for adversary-centric security testing in OT environments. Within this framework, we also propose a hybrid testing model derived from the Purdue Enterprise Reference Architecture and the Defense in Depth model to identify and quantify safety and operational risk at a per-layer level, separating high and low-risk layers and being subsequently used for defining rules of engagement. As a result, this framework can aid vendors and clients in appropriately scoping adversary-centric security tests so that depth-of-testing is maximised while minimising the risk to safety and to the operational process. The framework is then evaluated through a qualitative study involving industry experts, confirming the framework's validity for implementation in practice

Activity of ceftazidime/avibactam against problem Enterobacteriaceae and Pseudomonas aeruginosa in the UK, 2015-2016

Background: Ceftazidime/avibactam combines an established oxyimino-cephalosporin with the first diazabicyclooctane β-lactamase inhibitor to enter clinical use. We reviewed its activity against Gram-negative isolates, predominantly from the UK, referred for resistance investigation in the first year of routine testing, beginning in July 2015. Methods: Isolates were as received from referring laboratories; there is a bias to submit those with suspected carbapenem resistance. Identification was by MALDI-TOF mass spectroscopy, and susceptibility testing by BSAC agar dilution. Carbapenemase genes were sought by PCR; other resistance mechanisms were inferred using genetic data and interpretive reading. Results: Susceptibility rates to ceftazidime/avibactam exceeded 95% for: (i) Enterobacteriaceae with KPC, GES or other Class A carbapenemases; (ii) Enterobacteriaceae with OXA-48-like enzymes; and (iii) for ESBL or AmpC producers, even when these had impermeability-mediated ertapenem resistance. Almost all isolates with metallo-carbapenemases were resistant. Potentiation of ceftazidime by avibactam was seen for 87% of ceftazidime-resistant Enterobacteriaceae with ‘unassigned’ ceftazidime resistance mechanisms, including two widely referred groups of Klebsiella pneumoniae where no synergy was seen between cephalosporins and established β-lactamase inhibitors. Potentiation here may be a diazabicyclooctane/cephalosporin enhancer effect. Activity was seen against Pseudomonas aeruginosa with derepressed AmpC, but not for those with efflux-mediated resistance. Conclusions: Of the available β-lactams or inhibitor combinations, ceftazidime/avibactam has the widest activity spectrum against problem Enterobacteriaceae, covering all major types except metallo-carbapenemase producers; against P. aeruginosa it has a slightly narrower spectrum than ceftolozane/tazobactam, which also covers efflux-type resistance

Activity of ceftolozane/tazobactam against surveillance and ‘problem’ Enterobacteriaceae, Pseudomonas aeruginosa and non-fermenters from the British Isles

Background: We assessed the activity of ceftolozane/tazobactam against consecutive isolates collected in the BSAC Bacteraemia Surveillance from 2011 to 2015 and against ‘problem’ isolates sent to the UK national reference laboratory from July 2015, when routine testing began. Methods: Susceptibility testing was by BSAC agar dilution with resistance mechanisms identified by PCR and interpretive reading. Results: Data were reviewed for 6080 BSAC surveillance isolates and 5473 referred organisms. Ceftolozane/tazobactam had good activity against unselected ESBL producers in the BSAC series, but activity was reduced against ertapenem-resistant ESBL producers, which were numerous among reference submissions. AmpC-derepressed Enterobacter spp. were widely resistant, but Escherichia coli with raised chromosomal AmpC frequently remained susceptible, as did Klebsiella pneumoniae with acquired DHA-1-type AmpC. Carbapenemase-producing Enterobacteriaceae were mostly resistant, except for ceftazidime-susceptible isolates with OXA-48-like enzymes. Ceftolozane/tazobactam was active against 99.8% of the BSAC Pseudomonas aeruginosa isolates; against referred P. aeruginosa it was active against 99.7% with moderately raised efflux, 94.7% with strongly raised efflux and 96.6% with derepressed AmpC. Resistance in P. aeruginosa was largely confined to isolates with metallo-β-lactamases (MBLs) or ESBLs. MICs for referred Burkholderia spp. and Stenotrophomonas maltophilia were 2–4-fold lower than those of ceftazidime. Conclusions: Ceftolozane/tazobactam is active against ESBL-producing Enterobacteriaceae; gains against other problem Enterobacteriaceae groups were limited. Against P. aeruginosa it overcame the two most prevalent mechanisms (up-regulated efflux and derepressed AmpC) and was active against 51.9% of isolates non-susceptible to all other β-lactams, rising to 80.9% if ESBL and MBL producers were excluded

Accuracy of Different Bioinformatics Methods in Detecting Antibiotic Resistance and Virulence Factors from Staphylococcus aureus Whole-Genome Sequences.

In principle, whole-genome sequencing (WGS) can predict phenotypic resistance directly from a genotype, replacing laboratory-based tests. However, the contribution of different bioinformatics methods to genotype-phenotype discrepancies has not been systematically explored to date. We compared three WGS-based bioinformatics methods (Genefinder [read based], Mykrobe [de Bruijn graph based], and Typewriter [BLAST based]) for predicting the presence/absence of 83 different resistance determinants and virulence genes and overall antimicrobial susceptibility in 1,379 Staphylococcus aureus isolates previously characterized by standard laboratory methods (disc diffusion, broth and/or agar dilution, and PCR). In total, 99.5% (113,830/114,457) of individual resistance-determinant/virulence gene predictions were identical between all three methods, with only 627 (0.5%) discordant predictions, demonstrating high overall agreement (Fleiss' kappa = 0.98, P < 0.0001). Discrepancies when identified were in only one of the three methods for all genes except the cassette recombinase, ccrC(b). The genotypic antimicrobial susceptibility prediction matched the laboratory phenotype in 98.3% (14,224/14,464) of cases (2,720 [18.8%] resistant, 11,504 [79.5%] susceptible). There was greater disagreement between the laboratory phenotypes and the combined genotypic predictions (97 [0.7%] phenotypically susceptible, but all bioinformatic methods reported resistance; 89 [0.6%] phenotypically resistant, but all bioinformatics methods reported susceptible) than within the three bioinformatics methods (54 [0.4%] cases, 16 phenotypically resistant, 38 phenotypically susceptible). However, in 36/54 (67%) cases, the consensus genotype matched the laboratory phenotype. In this study, the choice between these three specific bioinformatic methods to identify resistance determinants or other genes in S. aureus did not prove critical, with all demonstrating high concordance with each other and phenotypic/molecular methods. However, each has some limitations; therefore, consensus methods provide some assurance.This research was supported by the National Institute for Health Research Health Protection Research Unit (NIHR HPRU) in Healthcare Associated Infections and Antimicrobial Resistance at Oxford University in partnership with Public Health England ([PHE] grant HPRU-2012-10041) and the NIHR Oxford Biomedical Research Centre; D.C. and T.P. are NIHR senior investigators

Within-Host Dynamics of Multi-Species Infections: Facilitation, Competition and Virulence

Host individuals are often infected with more than one parasite species (parasites defined broadly, to include viruses and bacteria). Yet, research in infection biology is dominated by studies on single-parasite infections. A focus on single-parasite infections is justified if the interactions among parasites are additive, however increasing evidence points to non-additive interactions being the norm. Here we review this evidence and theoretically explore the implications of non-additive interactions between co-infecting parasites. We use classic Lotka-Volterra two-species competition equations to investigate the within-host dynamical consequences of various mixes of competition and facilitation between a pair of co-infecting species. We then consider the implications of these dynamics for the virulence (damage to host) of co-infections and consequent evolution of parasite strategies of exploitation. We find that whereas one-way facilitation poses some increased virulence risk, reciprocal facilitation presents a qualitatively distinct destabilization of within-host dynamics and the greatest risk of severe disease

Gothic Revival Architecture Before Horace Walpole's Strawberry Hill

The Gothic Revival is generally considered to have begun in eighteenth-century Britain with the construction of Horace Walpole’s villa, Strawberry Hill, Twickenham, in the late 1740s. As this chapter demonstrates, however, Strawberry Hill is in no way the first building, domestic or otherwise, to have recreated, even superficially, some aspect of the form and ornamental style of medieval architecture. Earlier architects who, albeit often combining it with Classicism, worked in the Gothic style include Sir Christopher Wren, Nicholas Hawksmoor, William Kent and Batty Langley, aspects of whose works are explored here. While not an exhaustive survey of pre-1750 Gothic Revival design, the examples considered in this chapter reveal how seventeenth- and eighteenth-century Gothic emerged and evolved over the course of different architects’ careers, and how, by the time that Walpole came to create his own Gothic ‘castle’, there was already in existence in Britain a sustained Gothic Revivalist tradition