Testbed diversity as a fundamental principle for effective ICS security research

The implementation of diversity in testbeds is essential to understanding and improving the security and resilience of Industrial Control Systems (ICS). Employing a wide spec- trum of equipment, diverse networks, and business processes, as deployed in real-life infrastructures, is particularly diffi- cult in experimental conditions. However, this level of di- versity is key from a security perspective, as attackers can exploit system particularities and process intricacies to their advantage. This paper presents an ICS testbed with specific focus on infrastructure diversity, and end-to-end business process replication. These qualities are illustrated through a case study mapping data flow/processing, user interactions, and two example attack scenarios

The Forgotten I in IIoT:A Vulnerability Scanner for Industrial Internet of Things

In moving towards highly connected integrated systems, the Industrial Internet of Thing (IIoT) promises a wealth of benefits. Enhanced usage of existing data sources, and integration of additional generation points, provide system users with greater visibility of industrial processes. This visibility can be used to identify and address inefficiencies. Within the context of discrete manufacturing, examples include reduction of waste materials and energy consumption. However, while one becomes engrossed in the use of big-data analytics, cloud technologies, and seamless adoption through hardware gateways, decade old systems are dropped into a technological melting pot of modern IoT, with little consideration of additional cyber security risks. Numerous works have provided evidence to suggest industrial systems are highly vulnerable to cyber attacks, from both a device and communication protocol perspective, yet efforts to automatically identify vulnerabilities are limited. This presents a significant gap, with vulnerability exploitation harbouring potentially life-threatening impact. Here we address this gap through the development of PIVoT Scan, an industrially-aware vulnerability scanner, capable of assessing a diverse range of devices and communication protocols predominantly situated within the legacy layers of IIoT environments — “The forgotten I”. Furthermore, we demonstrate PIVoT Scan’s ability to outperform a leading vulnerability scanner, Nessus

It bends but would it break?:topological analysis of BGP infrastructures in Europe

The Internet is often thought to be a model of resilience, due to a decentralised, organically-grown architecture. This paper puts this perception into perspective through the results of a security analysis of the Border Gateway Protocol (BGP) routing infrastructure. BGP is a fundamental Internet protocol and its intrinsic fragilities have been highlighted extensively in the literature. A seldom studied aspect is how robust the BGP infrastructure actually is as a result of nearly three decades of perpetual growth. Although global black-outs seem unlikely, local security events raise growing concerns on the robustness of the backbone. In order to better protect this critical infrastructure, it is crucial to understand its topology in the context of the weaknesses of BGP and to identify possible security scenarios. Firstly, we establish a comprehensive threat model that classifies main attack vectors, including but non limited to BGP vulnerabilities. We then construct maps of the European BGP backbone based on publicly available routing data. We analyse the topology of the backbone and establish several disruption scenarios that highlight the possible consequences of different types of attacks, for different attack capabilities. We also discuss existing mitigation and recovery strategies, and we propose improvements to enhance the robustness and resilience of the backbone. To our knowledge, this study is the first to combine a comprehensive threat analysis of BGP infrastructures withadvanced network topology considerations. We find that the BGP infrastructure is at higher risk than already understood, due to topologies that remain vulnerable to certain targeted attacks as a result of organic deployment over the years. Significant parts of the system are still uncharted territory, which warrants further investigation in this direction

The good, the bad and the ugly:a study of security decisions in a cyber-physical systems game

Stakeholders' security decisions play a fundamental role in determining security requirements, yet, little is currently understood about how different stakeholder groups within an organisation approach security and the drivers and tacit biases underpinning their decisions. We studied and contrasted the security decisions of three demographics -- security experts, computer scientists and managers -- when playing a tabletop game that we designed and developed. The game tasks players with managing the security of a cyber-physical environment while facing various threats. Analysis of 12 groups of players (4 groups in each of our demographics) reveals strategies that repeat in particular demographics, e.g., managers and security experts generally favoring technological solutions over personnel training, which computer scientists preferred. Surprisingly, security experts were not ipso facto better players -- in some cases, they made very questionable decisions -- yet they showed a higher level of confidence in themselves. We classified players' decision-making processes, i.e., procedure-, experience-, scenario- or intuition-driven. We identified decision patterns, both good practices and typical errors and pitfalls. Our game provides a requirements sandbox in which players can experiment with security risks, learn about decision-making and its consequences, and reflect on their own perception of security