Applying Lessons from Cyber Attacks on Ukrainian Infrastructures to Secure Gateways onto the Industrial Internet of Things

Previous generations of safety-related industrial control systems were ‘air gapped’. In other words, process control components including Programmable Logic Controllers (PLCs) and smart sensor/actuators were disconnected and isolated from local or wide area networks. This provided a degree of protection; attackers needed physical access to compromise control systems components. Over time this ‘air gap’ has gradually been eroded. Switches and gateways have subsequently interfaced industrial protocols, including Profibus and Modbus, so that data can be drawn from safety-related Operational Technology into enterprise information systems using TCP/IP. Senior management uses these links to monitor production processes and inform strategic planning. The Industrial Internet of Things represents another step in this evolution – enabling the coordination of physically distributed resources from a centralized location. The growing range and sophistication of these interconnections create additional security concerns for the operation and management of safety-critical systems. This paper uses lessons learned from recent attacks on Ukrainian critical infrastructures to guide a forensic analysis of an IIoT switch. The intention is to identify and mitigate vulnerabilities that would enable similar attacks to be replicated across Europe and North America

Forensic Attacks Analysis and the Cyber Security of Safety-Critical Industrial Control Systems

Industrial Control Systems (ICS) and SCADA (Supervisory Control And Data Acquisition) applications monitor and control a wide range of safety-related functions. These include energy generation where failures could have significant, irreversible consequences. They also include the control systems that are used in the manufacture of safety-related products. In this case bugs in an ICS/SCADA system could introduce flaws in the production of components that remain undetected before being incorporated into safety-related applications. Industrial Control Systems, typically, use devices and networks that are very different from conventional IP-based infrastructures. These differences prevent the re-use of existing cyber-security products in ICS/SCADA environments; the architectures, file formats and process structures are very different. This paper supports the forensic analysis of industrial control systems in safety-related applications. In particular, we describe how forensic attack analysis is used to identify weaknesses in devices so that we can both protect components but also determine the information that must be analyzed during the aftermath of a cyber-incident. Simulated attacks detect vulnerabilities; a risk-based approach can then be used to assess the likelihood and impact of any breach. These risk assessments are then used to justify both immediate and longer-term countermeasures

Defending Against Firmware Cyber Attacks on Safety-Critical Systems

In the past, it was not possible to update the underlying software in many industrial control devices. Engineering teams had to “rip and replace” obsolete components. However, the ability to make firmware updates has provided significant benefits to companies who use Programmable Logic Controllers (PLCs), switches, gateways and bridges, as well as an array of smart sensor/actuators. While these updates — which include security patches when vulnerabilities are identified in existing devices — can be distributed by physical media, they are increasingly downloaded over Internet connections. These mechanisms pose a growing threat to the cyber security of safety-critical applications, which is illustrated by recent attacks on safety-related infrastructures across the Ukraine. This paper explains how malware can be distributed within firmware updates. Even when attackers cannot reverse engineer the code necessary to disguise their attack, they can undermine a device by forcing it into a constant upload cycle in which the firmware installation never terminates. In this paper, we present means of mitigating the risks of firmware attacks on safety-critical systems as part of wider initiatives to secure national critical infrastructures. Technical solutions, including firmware hashing, must be augmented by organizational measures to secure the supply chain within individual plants, across companies and throughout safety-related industries

Forensic Attacks Analysis and the Cyber Security of Safety-Critical Industrial Control Systems

Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) applications monitor and control a wide range of safety-related functions. These include energy generation, where failures could have significant, irreversible consequences. They also include the control systems that are used in the manufacture of safety-related products. In this case, “bugs” in an ICS/SCADA system could introduce flaws in the production of components; these flaws remain undetected before being incorporated into safety-related applications. Industrial Control Systems, typically, use devices and networks that are different from conventional IP-based infrastructures. These differences prevent the re-use of existing cyber-security products in ICS/SCADA environments; the architectures, file formats and process structures are all different. This paper supports the forensic analysis of industrial control systems in safety-related applications. In particular, we describe how forensic attack analysis is used to identify weaknesses in devices so that we can both protect components and determine the information that must be analyzed during the aftermath of a cyber-incident. Simulated attacks detect vulnerabilities; a risk-based approach can then be used to assess the likelihood and impact of any breach. These risk assessments are then used to justify both immediate and longer-term countermeasures

Defending Against Firmware Cyber Attacks on Safety-Critical Systems

In the past, it was not possible to update the underlying software in many industrial control devices. Engineering teams had to ‘rip and replace’ obsolete components. However, the ability to make firmware updates has provided significant benefits to the companies who use Programmable Logic Controllers (PLCs), switches, gateways and bridges as well as an array of smart sensor/actuators. These updates include security patches when vulnerabilities are identified in existing devices; they can be distributed by physical media but are increasingly downloaded over Internet connections. These mechanisms pose a growing threat to the cyber security of safety-critical applications, which are illustrated by recent attacks on safety-related infrastructures across the Ukraine. Subsequent sections explain how malware can be distributed within firmware updates. Even when attackers cannot reverse engineer the code necessary to disguise their attack, they can undermine a device by forcing it into a constant upload cycle where the firmware installation never terminates. In this paper, we present means of mitigating the risks of firmware attack on safety-critical systems as part of wider initiatives to secure national critical infrastructures. Technical solutions, including firmware hashing, must be augmented by organizational measures to secure the supply chain within individual plants, across companies and throughout safety-related industries

Feedback on Teaching: Non-standard Minute Paper Methods

The importance of feedback in the learning and teaching context is widely recognised. In recent years, its primary focus has been on the provision of feedback to students, a unidirectional flow of information from educators to students on their formative and summative assignments. Feedback on teaching makes learning visible; however, this visibility depends on the teacher awareness of their impact on students. The uptake of end of class student feedback is relatively small in large classes. This paper reports on three lecturers’ account in collecting and responding to regular feedback on teaching in the School of Computing Science at the University of Glasgow. The lecturers’ accounts of their experience may be used as a starting point for educators willing to implement regular routine feedback on their teaching. Based on our experience, we propose guidelines emphasising structure and regularity in the collection of feedback on teaching

Max-Planck-Institut fuer Mathematik, Bonn

Copy held by FIZ Karlsruhe; available from UB/TIB Hannover / FIZ - Fachinformationszzentrum Karlsruhe / TIB - Technische InformationsbibliothekSIGLEDEGerman

Implementation of Safety Techniques in a Cyber Domain

Due to the rise of Cyber crime it is important to explore the Cyber security area. The threats are real and can cause severe damage to both the system and its clients. Many examples can be given; one of them is BitBucket which encountered a denial of service attack (based on Amazon Cloud infrastructure) and led to 19 hours outage [6]. Bearing in mind the importance of the Cyber security and the factors that play a major role, the human factor was recognized as one of the most important.<p></p> For this reason, this paper focuses on the application of safety techniques to the Cyber domain. More specifically it investigates the possibility of a successful implementation of the Situation Awareness theory into a Networking Environment. By concentrating on the Network Intrusion Detection Systems and the human factor involved (Network Administrators / IT specialists), it is attempted to propose a procedure that can identify the influence level of the human factor's awareness in the case of an attack to the system.<p></p> In order to explain this approach the theory of Situation Awareness and its characteristics will be introduced. Moreover the most known Situation Awareness Measurement Techniques will be presented and their adoption to the Cyber domain will be discussed. There is a lack of research in the Situation Awareness Measurement Techniques for a network system which leads to the need for further exploration.<p></p&gt