Cybersecurity analysis of a SCADA system under current standards, client requisites, and penetration testing

Supervisory Control and Data Acquisition (SCADA) systems are essential for monitoring and controlling a country's Critical Infrastructures (CI) such as electrical power grids, gas, water supply, and transportation services. These systems used to be mostly isolated and secure, but this is no longer true due to the use of wider and interconnected communication networks to reap benefits such as scalability, reliability, usability, and integration. This architectural change together with the critical importance of these systems made them desirable cyber-attack targets. Just as in other Information Technology (IT) systems, standards and best practices have been developed to provide guidance for SCADA developers to increase the security of their systems against cyber-attacks.With the assistance of EFACEC, this work provides an analysis of a SCADA system under current standards, client requisites, and testing of vulnerabilities in an actual prototype system. Our aim is to provide guidance by example on how to evaluate and improve the security of SCADA systems, using a basic prototype of EFACEC's ScateX# SCADA system, following both a theoretical and practical approach. For the theoretical approach, a list of the most commonly adopted ICS (Industrial Control Systems) and IT standards is compiled, and then sets of a generic client's cybersecurity requisites are analyzed and confronted with the prototype's specifications. A study of the system's architecture is also performed to identify vulnerabilities and non-compliances with both the client's requisites and the standards and, for the identified vulnerabilities, corrective and mitigation measures are suggested. For the practical approach, a threat model was developed to help identify desirable assets on SCADA systems and possible attack vectors that could allow access to such assets. Penetration tests were performed on the prototype in order to validate the attack vectors, to evaluate compliance, and to provide evidence of the effectiveness of the corrective measures

Viral genetic clustering and transmission dynamics of the 2022 mpox outbreak in Portugal

Pathogen genome sequencing during epidemics enhances our ability to identify and understand suspected clusters and investigate their relationships. Here, we combine genomic and epidemiological data of the 2022 mpox outbreak to better understand early viral spread, diversification and transmission dynamics. By sequencing 52% of the confirmed cases in Portugal, we identified the mpox virus sublineages with the highest impact on case numbers and fitted them into a global context, finding evidence that several international sublineages probably emerged or spread early in Portugal. We estimated a 62% infection reporting rate and that 1.3% of the population of men who have sex with men in Portugal were infected. We infer the critical role played by sexual networks and superspreader gatherings, such as sauna attendance, in the dissemination of mpox virus. Overall, our findings highlight genomic epidemiology as a tool for the real-time monitoring and control of mpox epidemics, and can guide future vaccine policy in a highly susceptible population.info:eu-repo/semantics/publishedVersio

Viral genetic clustering and transmission dynamics of the 2022 mpox outbreak in Portugal.

Acknowledgements: We gratefully acknowledge the engagement and willingness of all participants to share information critical to the investigation. We are grateful to the authors and laboratories that originated and submitted the genetic sequences released in GenBank. The acquisition of equipment associated with whole-genome sequencing used in this study (including the Illumina NextSeq 2000) was funded by the HERA (Human and Environmental Risk Assessment) project (Grant/2021/PHF/23776), supported by the European Commission through the European Centre for Disease Prevention and Control (ECDC), and partially funded by the GenomePT project (POCI-01-0145-FEDER-022184), supported by COMPETE 2020 (Operational Programme for Competitiveness and Internationalisation (POCI)), Lisboa Portugal Regional Operational Programme (Lisboa2020), Algarve Portugal Regional Operational Programme (CRESC Algarve2020) under the PORTUGAL 2020 Partnership Agreement through the European Regional Development Fund (ERDF), and by the Portuguese Science and Technology Foundation (FCT). This study was also supported by the ERINHA-Advance project (funded by the European Union’s Horizon 2020 Research & Innovation program, grant agreement no. 824061) and benefited from co-funding from the European Union’s Horizon 2020 Research and Innovation programme under grant agreement no. 773830 (One Health European Joint Programme), in particular by the co-funding of the post-doctoral fellowships of J.S.D. and V.M. and the development of INSaFLU. We also thank M. Pinheiro (iBiMED at the Universidade de Aveiro) for his continuous support in updating the INSaFLU platform and the Infraestrutura Nacional de Computação Distribuída (INCD) for providing computational resources for testing it. INCD was funded by the FCT and FEDER under the project 22153-01/SAICT/2016. M.P.D. is funded by the Gates Cambridge Scholarship (no. OPP1144). The funders had no role in study design, data collection and analysis, decision to publish or preparation of the manuscript. The GAT-Intendente team also thanks A. Vasques, L. Fortuna, J. Moreira, I. Correia and Á. Baginha.Pathogen genome sequencing during epidemics enhances our ability to identify and understand suspected clusters and investigate their relationships. Here, we combine genomic and epidemiological data of the 2022 mpox outbreak to better understand early viral spread, diversification and transmission dynamics. By sequencing 52% of the confirmed cases in Portugal, we identified the mpox virus sublineages with the highest impact on case numbers and fitted them into a global context, finding evidence that several international sublineages probably emerged or spread early in Portugal. We estimated a 62% infection reporting rate and that 1.3% of the population of men who have sex with men in Portugal were infected. We infer the critical role played by sexual networks and superspreader gatherings, such as sauna attendance, in the dissemination of mpox virus. Overall, our findings highlight genomic epidemiology as a tool for the real-time monitoring and control of mpox epidemics, and can guide future vaccine policy in a highly susceptible population