Internet of Things for Sustainability: Perspectives in Privacy, Cybersecurity, and Future Trends

In the sustainability IoT, the cybersecurity risks to things, sensors, and monitoring systems are distinct from the conventional networking systems in many aspects. The interaction of sustainability IoT with the physical world phenomena (e.g., weather, climate, water, and oceans) is mostly not found in the modern information technology systems. Accordingly, actuation, the ability of these devices to make changes in real world based on sensing and monitoring, requires special consideration in terms of privacy and security. Moreover, the energy efficiency, safety, power, performance requirements of these device distinguish them from conventional computers systems. In this chapter, the cybersecurity approaches towards sustainability IoT are discussed in detail. The sustainability IoT risk categorization, risk mitigation goals, and implementation aspects are analyzed. The openness paradox and data dichotomy between privacy and sharing is analyzed. Accordingly, the IoT technology and security standard developments activities are highlighted. The perspectives on opportunities and challenges in IoT for sustainability are given. Finally, the chapter concludes with a discussion of sustainability IoT cybersecurity case studies

Evaluation of the Cyber Security Provision System for Critical Infrastructure

The paper presents an assessment of the functional mechanisms that are part of the security system for the power grid control. The security system, its components, and the real time processes for the control of electricity supply were defined. In particular, SCADA protocols used in the control system and mechanisms for transferring them between the control center and actuators were identified. The paper also includes presentation of a test environment that is used for developed security mechanisms evaluation. In the last fragment of the paper, the test scenarios were formulated and the results obtained in the cyber security system were shown, which cover security probes reaction delay, forged malicious IEC 60870-5-104 traffic detection, DarkNet and HoneyPot interception of adversary actions, and dynamic firewall rules creation

The tactical Intranet IPSec security concept

The IPSec protocols architecture that can be applied in tactical Intranet based on the IPv6 protocol stack for wireless environment is the subject of the paper. The potential usefulness of the new version of IP protocol is very important for tactical communication systems. Additionally, Internet Engineering Task Force (IETF) security working group proposes recommendations covering the RFC 2401, 2402, 2406 that describe the security architecture for Internet Protocol. These standards, published by IETF are discussed here in military requirements context. The NATO C3 Technical Architecture model also recommends these issues. The concept of the IPSec architecture in military systems is described in the paper. The position of the security applications designed for subscriber devices with reference to layered model is also presented. The concept presented here is defined fort he tactical level

Zvýšení viditelnosti komunikace IEC ve smart gridu

Energy systems like smart grids are part of critical infrastructure and their interruption or blackout may have fatal consequences on energy production, distribution, and eventually the life of individual people. In order to secure communication in Industrial Control Systems (ICS) and detect cyber attacks on smart grids, we need to increase visibility of ICS communication so that an operator can see what commands are sent between ICS devices. Security monitoring of ICS transmission requires (i) retrieving monitoring data from ICS packets, (ii) processing and analyzing extracted data, (iii) visualizing the passing communication to the operator. The  proposed work presents a concept of ICS flow monitoring system that extracts meta data from ICS packet headers and creates ICS flow records similarly to Netflow/IPFIX system. ICS flows represent communication in the smart grid network that is further visualized using dashboard and communication charts. Unlike traditional monitoring approach that works with network and transport layer data only, we extend flow monitoring to application layer with focus on ICS protocols. The proposed approach is demonstrated on monitoring IEC 60870-5-104 communication.Energetické systémy, jako jsou například chytré energetické sítě Smart Grid, tvoří kritickou infrastrukturu a jejich přerušení či výpadek mohou mít fatální důsledky na produkci a přenos energie, případně i životy lidí. K zabezpečení komunikace průmyslových řídících systémů ICS a k detekci kybernetických útoků na tyto systémy potřebujeme zvýšit viditelnost komunikace ICS tak, aby operátor mohl sledovat předávané zprávy. Bezpečnostní monitorování ICS přenosů zahrnuje extrakci informací z ICS paketů, zpracování a analýzu extrahovaných dat a vizualizaci probíhající komunikace operátorovi.  Tento článek ukazuje koncept monitorování toků ICS rozšířením Netflow/IPFIX systému. ICS toky pak reprezentují komunikaci v ICS systému, která může být znázorněna na řídícím panelu operátora. Narozdíl od tradičního monitorování, které sleduje pouze síťovou a transportní vrstvu, jsme rozšířili sběr dat i na protokoly ICS. Navrhovaný postup je demonstrován na komunikaci IEC 60870-5-104