Applying Lessons from Cyber Attacks on Ukrainian Infrastructures to Secure Gateways onto the Industrial Internet of Things

Previous generations of safety-related industrial control systems were ‘air gapped’. In other words, process control components including Programmable Logic Controllers (PLCs) and smart sensor/actuators were disconnected and isolated from local or wide area networks. This provided a degree of protection; attackers needed physical access to compromise control systems components. Over time this ‘air gap’ has gradually been eroded. Switches and gateways have subsequently interfaced industrial protocols, including Profibus and Modbus, so that data can be drawn from safety-related Operational Technology into enterprise information systems using TCP/IP. Senior management uses these links to monitor production processes and inform strategic planning. The Industrial Internet of Things represents another step in this evolution – enabling the coordination of physically distributed resources from a centralized location. The growing range and sophistication of these interconnections create additional security concerns for the operation and management of safety-critical systems. This paper uses lessons learned from recent attacks on Ukrainian critical infrastructures to guide a forensic analysis of an IIoT switch. The intention is to identify and mitigate vulnerabilities that would enable similar attacks to be replicated across Europe and North America

Forensic Attacks Analysis and the Cyber Security of Safety-Critical Industrial Control Systems

Industrial Control Systems (ICS) and SCADA (Supervisory Control And Data Acquisition) applications monitor and control a wide range of safety-related functions. These include energy generation where failures could have significant, irreversible consequences. They also include the control systems that are used in the manufacture of safety-related products. In this case bugs in an ICS/SCADA system could introduce flaws in the production of components that remain undetected before being incorporated into safety-related applications. Industrial Control Systems, typically, use devices and networks that are very different from conventional IP-based infrastructures. These differences prevent the re-use of existing cyber-security products in ICS/SCADA environments; the architectures, file formats and process structures are very different. This paper supports the forensic analysis of industrial control systems in safety-related applications. In particular, we describe how forensic attack analysis is used to identify weaknesses in devices so that we can both protect components but also determine the information that must be analyzed during the aftermath of a cyber-incident. Simulated attacks detect vulnerabilities; a risk-based approach can then be used to assess the likelihood and impact of any breach. These risk assessments are then used to justify both immediate and longer-term countermeasures

Despite a variety of ballot measures and some expensive races, the midterms were relatively quiet for judicial elections

While most commentators have been focused on the outcome of key Senate races in this year’s midterm elections, it is important to remember that many states were also electing judges for high courts as well this week. Chris W. Bonneau and Jeremy R. Johnson give an overview of the results including a million dollar race in North Carolina, ballot measures on judicial retirement ages, and Tennessee’s vote to allow the governor to appoint judges of the Supreme Court and intermediate appellate court, subject to legislative approval

Defending Against Firmware Cyber Attacks on Safety-Critical Systems

In the past, it was not possible to update the underlying software in many industrial control devices. Engineering teams had to ‘rip and replace’ obsolete components. However, the ability to make firmware updates has provided significant benefits to the companies who use Programmable Logic Controllers (PLCs), switches, gateways and bridges as well as an array of smart sensor/actuators. These updates include security patches when vulnerabilities are identified in existing devices; they can be distributed by physical media but are increasingly downloaded over Internet connections. These mechanisms pose a growing threat to the cyber security of safety-critical applications, which are illustrated by recent attacks on safety-related infrastructures across the Ukraine. Subsequent sections explain how malware can be distributed within firmware updates. Even when attackers cannot reverse engineer the code necessary to disguise their attack, they can undermine a device by forcing it into a constant upload cycle where the firmware installation never terminates. In this paper, we present means of mitigating the risks of firmware attack on safety-critical systems as part of wider initiatives to secure national critical infrastructures. Technical solutions, including firmware hashing, must be augmented by organizational measures to secure the supply chain within individual plants, across companies and throughout safety-related industries

Perception of Parental Acceptance-Rejection and Satisfaction with Life in Women with Binge Eating Disorder

The authors contribute to the validating literature for binge eating disorder (BED) by examining perceptions of parents and satisfaction with life among obese women with and without BED. Participants were female patients, recruited through a private medical clinic, who were assigned to groups on the basis of body mass index (BMI) and scores on the Questionnaire on Eating and Weight Patterns (QEWP; R. L. Spitzer et al., 1992). Groups consisted of (a) obese women with BED (n = 32). (b) obese women who had no eating disorders (n = 51). and (c) nonobese women with no eating disorders (n = 30). All participants completed the Parental Acceptance/Rejection Questionnaire (PARQ; R. P. Rohner, 1986). the Satisfaction with Life Scale (SWLS; J. Fischer & K. Corcoran, 1994). and the Beck Depression Inventory (BDI; A. T. Beck & R. A. Steer, 1987). Obese women with BED perceived their fathers as more rejecting than did women in the other groups. Moreover, obese women with BED perceived their fathers as significantly more rejecting than their mothers. The BED group indicated lower satisfaction with life and higher levels of depression than the groups without eating disorders. These findings further validate the diagnostic category of BED. Obese women with BED appear to be a distinct subgroup of the obese population. The results indicate a need for further assessment of the father-daughter relationship in connection to BED and other eating disorders

The Role of Trust and Interaction in Global Positioning System Related Accidents

The Global Positioning System (GPS) uses a network of satellites to calculate the position of a receiver over time. This technology has revolutionized a wide range of safety-critical industries and leisure applications. These systems provide diverse benefits; supplementing the users existing navigation skills and reducing the uncertainty that often characterizes many route planning tasks. GPS applications can also help to reduce workload by automating tasks that would otherwise require finite cognitive and perceptual resources. However, the operation of these systems has been identified as a contributory factor in a range of recent accidents. Users often come to rely on GPS applications and, therefore, fail to notice when they develop faults or when errors occur in the other systems that use the data from these systems. Further accidents can stem from the over confidence that arises when users assume automated warnings will be issued when they stray from an intended route. Unless greater attention is paid to the role of trust and interaction in GPS applications then there is a danger that we will see an increasing number of these failures as positioning technologies become integral in the functioning of increasing numbers of applications

Comparing the Identification of Recommendations by Different Accident Investigators Using a Common Methodology

Accident reports play a key role in the safety of complex systems. These reports present the recommendations that are intended to help avoid any recurrence of past failures. However, the value of these findings depends upon the causal analysis that helps to identify the reasons why an accident occurred. Various techniques have been developed to help investigators distinguish root causes from contributory factors and contextual information. This paper presents the results from a study into the individual differences that can arise when a group of investigators independently apply the same technique to identify the causes of an accident. This work is important if we are to increase the consistency and coherence of investigations following major accidents