Journal articles on the topic 'Industrial Control Systems (ICS)'
To see the other types of publications on this topic, follow the link: Industrial Control Systems (ICS).
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'Industrial Control Systems (ICS).'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Cruz, Tiago, Jorge Proença, Paulo Simões, Matthieu Aubigny, Moussa Ouedraogo, Antonio Graziano, and Leandros Maglaras. "A Distributed IDS for Industrial Control Systems." International Journal of Cyber Warfare and Terrorism 4, no. 2 (April 2014): 1–22. http://dx.doi.org/10.4018/ijcwt.2014040101.
Full textAbstract:
Cyber-threats are one of the most significant problems faced by modern Industrial Control Systems (ICS), such as SCADA (Supervisory Control and Data Acquisition) systems, as the vulnerabilities of ICS technology become serious threats that can ultimately compromise human lives. This situation demands a domain-specific approach to cyber threat detection within ICS, which is one of the most important contributions of the CockpitCI FP7 project (http://CockpitCI.eu). Specifically, this paper will present the CockpitCI distributed Intrusion Detection System (IDS) for ICS, which provides its core cyber-detection and analysis capabilities, also including a description of its components, in terms of role, operation, integration, and remote management. Moreover, it will also introduce and describe new domain-specific solutions for ICS security such as the SCADA Honeypot and the Shadow Security Unit, which are part of the CockcpitCI IDS framework.
2
Christos P, Beretas. "Industrial control systems: The biggest cyber threat." Annals of Civil and Environmental Engineering 4, no. 1 (December 4, 2020): 044–46. http://dx.doi.org/10.29328/journal.acee.1001026.
Full textAbstract:
Industrial control systems (ICS) are critical, as in these systems, cyber threats have the potential to affect, disorganize, change their mode of operation, act as an information extraction vehicle, and ultimately turn against itself. Creating risks to the system itself, infrastructure, downtime, leakage of sensitive data, and even loss of human life. Industrial control systems (ICS) are vital to the operation of all the modern automated infrastructure in the western world, such as power plant and power stations. Industrial control systems (ICS) differ from the traditional information systems and infrastructures of organizations and companies, a standard cyber security strategy cannot be implemented but part of it adapting to the real facts and needs of each country, legislation and infrastructure. These systems require continuous operation, reliability and rapid recovery when attacked electronically with automated control, isolation and attack management processes. Incorrect settings and lack of strategic planning can lead to unprotected operation of critical installations, as they do not meet the cyber security requirements. Industrial control systems (ICS) require special protection in their networks, as they should be considered vulnerable in all their areas, they need protection from cyber attacks against ICS, SCADA servers, workstations, PLC automations, etc. Security policies to be implemented should provide protection against cyber threats, and systems recovery without affecting the operation and reliability of operating processes. Security policies such as security assessment, smart reporting, vulnerability and threat simulation, integrity control analysis, apply security policy to shared systems, intrusion detection and prevention, and finally firewall with integrated antivirus and sandbox services should be considered essential entities.
3
Keliris, Anastasis, and Michail Maniatakos. "Demystifying Advanced Persistent Threats for Industrial Control Systems." Mechanical Engineering 139, no. 03 (March 1, 2017): S13—S17. http://dx.doi.org/10.1115/1.2017-mar-6.
Full textAbstract:
This article discusses a comprehensive methodology for designing an Advanced Persistent Threat (APT), which is a stealthy and continuous type of cyberattack with a high level of sophistication suitable for the complex environment of Industrial Control Systems (ICS). The article also explains defensive strategies that can assist in thwarting cyberattacks. The APT design process begins with Reconnaissance, which is continuously undertaken throughout the lifetime of a cyberattack campaign. With regard to securing the network infrastructure of an ICS, best practices for network security should be enforced. These could include the use of firewalls, Intrusion Detection or Prevention Systems (IDS/IPS), and network separation between corporate and field networks. A new field of research for securing ICS relates to process-aware defense mechanisms. These mechanisms analyze information directly from the field and try to detect anomalies specific to the physical characteristics of an ICS process.
4
Vávra, Jan, Martin Hromada, and Roman Jašek. "Specification of the Current State Vulnerabilities Related to Industrial Control Systems." International Journal of Online Engineering (iJOE) 11, no. 5 (September 24, 2015): 64. http://dx.doi.org/10.3991/ijoe.v11i5.4981.
Full textAbstract:
The contemporary trend of increasing connectivity, interoperability and efficiency of technologies, which are used in organizations, also affected Industrial Control System (further only ICS). The recently isolated system is becoming more dependent on interconnection with external technologies. This leads to a formation of new vulnerabilities, which are significant threats to ICS. For this reason, it is necessary to devote considerable effort to analyze vulnerabilities. Neglecting of this area could lead to damage or unavailability of ICS services. The purpose of the article is to evaluate vulnerabilities related to individual elements of ICS. The fundamental question of the article is to find a true distribution of security risk related to ICS.
5
Mugavero, Roberto, Stanislav Abaimov, Federico Benolli, and Valentina Sabato. "Cyber Security Vulnerability Management in CBRN Industrial Control Systems (ICS)." International Journal of Information Systems for Crisis Response and Management 10, no. 2 (April 2018): 49–78. http://dx.doi.org/10.4018/ijiscram.2018040103.
Full textAbstract:
As cyberattacks are becoming the prevalent types of attacks on critical infrastructures, due protection and effective response are crucial in CBRN facilities. This article explores comprehensive cyber security vulnerability management related to CBRN Control Systems and Industrial Control Systems (ICS) and provides recommendations that will increase CBRN operational cyber security and ensure further platform for the research in the field of operational vulnerability detection and remediation. The article reviews several key issues related to ICS vulnerability management cycle, vulnerability sharing with security developers, patch and network management, cyber offensive threats and threat actors and related cyber security challenges. It covers such specific issues as ICS connectivity to private/public networks, critical ICS accessibility via Web Access, Wi-Fi and/or unauthorised software inside corporate networks. The proposed solutions refer to some areas of vulnerability management for the awareness and development of countermeasures.
6
Sapkota, Subin, A. K. M. Nuhil Mehdy, Stephen Reese, and Hoda Mehrpouyan. "FALCON: Framework for Anomaly Detection in Industrial Control Systems." Electronics 9, no. 8 (July 24, 2020): 1192. http://dx.doi.org/10.3390/electronics9081192.
Full textAbstract:
Industrial Control Systems (ICS) are used to control physical processes in critical infrastructure. These systems are used in a wide variety of operations such as water treatment, power generation and distribution, and manufacturing. While the safety and security of these systems are of serious concern, recent reports have shown an increase in targeted attacks aimed at manipulating physical processes to cause catastrophic consequences. This trend emphasizes the need for algorithms and tools that provide resilient and smart attack detection mechanisms to protect ICS. In this paper, we propose an anomaly detection framework for ICS based on a deep neural network. The proposed methodology uses dilated convolution and long short-term memory (LSTM) layers to learn temporal as well as long term dependencies within sensor and actuator data in an ICS. The sensor/actuator data are passed through a unique feature engineering pipeline where wavelet transformation is applied to the sensor signals to extract features that are fed into the model. Additionally, this paper explores four variations of supervised deep learning models, as well as an unsupervised support vector machine (SVM) model for this problem. The proposed framework is validated on Secure Water Treatment testbed results. This framework detects more attacks in a shorter period of time than previously published methods.
7
Emake, Erhovwosere Donald, Ibrahim Adepoju Adeyanju, and Godwin Obruozie Uzedhe. "Industrial Control Systems (ICS): Cyber-attacks & Security Optimization." International Journal of Computer Engineering and Information Technology 12, no. 5 (May 31, 2020): 31–41. http://dx.doi.org/10.47277/ijceit/12(5)1.
Full textAbstract:
Cyber-security of digital industrial control system in reality is complex and challenging research area, due to various interconnections of electro-mechanical related components driving national critical infrastructures. These networked system components performs monitoring and controlling tasks in several industries and organization through the access of Internet connectivity across the world. More recently, there are myriad of security threats and attacks by malicious elements on ICS which now presents a priority to organizations and researchers for optimal security solutions. Development of the Internet and communication systems has also exacerbated such security concerns. Activities of cyber-attacks malicious elements on ICS may result in serious disaster in industrial environments, human casualties and loss. This paper critically looks at the SCADA/industrial control systems, architecture, cyber-attacks. Other aspect of the paper examines current ICS security technologies including a computational secured algorithm for PLC
8
Stouffer, Keith, and Rick Candell. "Measuring Impact of Cybersecurity on the Performance of Industrial Control Systems." Mechanical Engineering 136, no. 12 (December 1, 2014): S4—S7. http://dx.doi.org/10.1115/1.2014-dec-5.
Full textAbstract:
This article examines the impact of cybersecurity on the performance of industrial control systems (ICS). Control systems are embedded in essentially all engineered systems, such as our cars, homes, offices, industrial plants, and in critical infrastructures such as power plants, water treatment plants, and transportation systems. To ensure the security of ICS, particularly for critical infrastructures, standards are being developed to ensure ICS cybersecurity. The NIST ICS cybersecurity testbed will be constructed to facilitate the measurement of industrial process performance for systems instrumented with cybersecurity technologies. This testbed will allow for validation of existing security standards and guidelines and will allow researchers to provide valuable feedback to the community on methods, practices, and pitfalls when applying a cybersecurity program to an ICS. Additional work will be required to identify new use cases and pertinent performance metrics. The testbed will provide an opportunity for collaboration between government, research institutions, and industry partners. Interested parties are encouraged to contact the authors directly to discuss opportunities for collaboration.
9
Sohn, Jong Mo, In Tae Lee, and Lim Hyo Chang. "Enhancement of Industrial Control Systems(ICS) Security for Service Company." Journal of Korea Service Management Society 20, no. 4 (November 30, 2019): 183–200. http://dx.doi.org/10.15706/jksms.2019.20.4.010.
Full text
10
Gokhale, Sheetal, Ashwini Dalvi, and Irfan Siddavatam. "Industrial Control Systems Honeypot: A Formal Analysis of Conpot." International Journal of Computer Network and Information Security 12, no. 6 (December 8, 2020): 44–56. http://dx.doi.org/10.5815/ijcnis.2020.06.04.
Full textAbstract:
Technologies used in ICS and Smart Grid are overlapping. The most discussed attacks on ICSs are Stuxnet and Black energy malware. The anatomy of these attacks not only pointed out that the security of ICS is of prime concern but also demanded to execute a proactive approach in practicing ICS security. Honeypot is used to implement defensive measures for security. The Honeynet group released Honeypot for ICS labelled as Conpot in 2013. Though the Conpot is low interactive Honeypot, it emulates processes of different cyber-physical systems, typically Smart Grid. In the literature, the effectiveness of Honeypot operations was studied by challenging limitations of the existing setup or proposing new variants. Similar approaches are followed for Conpot evaluation. However, none of the work addressed a formal verification method to verify the engagement of Honeypot, and this makes the presented work unique. For proposed work, Coloured Petri Net (CPN) tool is used for formal verification of Conpot. The variants of Conpot are modelled, including initial state model, deadlock state model and livelock model. Further evaluation of these models based on state space analysis results confirmed that Conpot could lure an attacker by engaging him in an infinite loop and thereby limiting the scope of the attacker from exploring and damaging the real-time systems or services. However, in the deadlock state, the attacker’s activity in the conpot will be restricted and will be unable to proceed further as the conpot model incorporates deadlock loop.
11
AUFFRET, JEAN-PIERRE, JANE L. SNOWDON, ANGELOS STAVROU, JEFFREY S. KATZ, DIANA KELLEY, RASHEQ S. RAHMAN, FRANK STEIN, LISA SOKOL, PETER ALLOR, and PENG WARWEG. "Cybersecurity Leadership: Competencies, Governance, and Technologies for Industrial Control Systems." Journal of Interconnection Networks 17, no. 01 (March 2017): 1740001. http://dx.doi.org/10.1142/s0219265917400011.
Full textAbstract:
The extensive integration of interconnected devices and the inadvertent information obtained from untrusted sources has exposed the Industrial Control Systems (ICS) ecosystem to remote attacks by the exploitation of new and old vulnerabilities. Unfortunately, although recognized as an emerging risk based on the recent rise of cyber attacks, cybersecurity for ICS has not been addressed adequately both in terms of technology but, most importantly, in terms of organizational leadership and policy. In this paper, we will present our findings regarding the cybersecurity challenges for Smart Grid and ICS and the need for changes in the way that organizations perceive cybersecurity risk and leverage resources to balance the needs for information security and operational security. Moreover, we present empirical data that point to cybersecurity governance and technology principles that can help public and private organizations to navigate successfully the technical cybersecurity challenges for ICS and Smart Grid systems. We believe that by identifying and mitigating the inherent risks in their systems, operations, and processes, enterprises will be in a better position to shield themselves and protect against current and future cyber threats.
12
Qassim, Qais Saif, Norziana Jamil, Maslina Daud, Ahmed Patel, and Norhamadi Ja’affar. "A review of security assessment methodologies in industrial control systems." Information & Computer Security 27, no. 1 (March 11, 2019): 47–61. http://dx.doi.org/10.1108/ics-04-2018-0048.
Full textAbstract:
Purpose The common implementation practices of modern industrial control systems (ICS) has left a window wide open to various security vulnerabilities. As the cyber-threat landscape continues to evolve, the ICS and their underlying architecture must be protected to withstand cyber-attacks. This study aims to review several ICS security assessment methodologies to identify an appropriate vulnerability assessment method for the ICS systems that examine both critical physical and cyber systems so as to protect the national critical infrastructure. Design/methodology/approach This paper reviews several ICS security assessment methodologies and explores whether the existing methodologies are indeed sufficient to meet the cyber security assessment exercise required to validate the security of electrical power control systems. Findings The study showed that most of the examined methodologies seem to concentrate on vulnerability identification and prioritisation techniques, whilst other security techniques received noticeably less attention. The study also showed that the least attention is devoted to patch management process due to the critical nature of the SCADA system. Additionally, this review portrayed that only two security assessment methodologies exhibited absolute fulfilment of all NERC-CIP security requirements, whilst the others only partially fulfilled the essential requirements. Originality/value This paper presents a review and a comparative analysis of several standard SCADA security assessment methodologies and guidelines published by internationally recognised bodies. In addition, it explores the adequacy of the existing methodologies in meeting cyber security assessment practices required for electrical power networks.
13
Agrisa, Herik Henci. "A REVIEW: INDUSTRIAL CONTROL SYSTEM (ICS) AND SYSTEM SECURITY." Journal of Mechanical Science and Engineering 8, no. 1 (March 29, 2021): 013–18. http://dx.doi.org/10.36706/jmse.v8i1.51.
Full textAbstract:
Design of Industrial Control Systems (ICS) is used for critical infrastructure sectors. Industrial Control Systems (ICS) aims to meet the basic requirements of performance and system problems and other basic needs, related to the transmission of real-time, without interlink with the network (public/private) or/and internet connectivity. In this research, a detailed study was carried out based on industrial control systems or types of ICS and their use in real-time industries or industries. The next section tug at the potential problems associated with this system during communication and a detailed problem statement was also carried out and several existing security deployments were reviewed, to find the critical infrastructure communication infrastructure.
14
Chen, Qian, Robert K. Abercrombie, and Frederick T. Sheldon. "Risk Assessment For Industrial Control Systems Quantifying Availability Using Mean Failure Cost (MFC)." Journal of Artificial Intelligence and Soft Computing Research 5, no. 3 (July 1, 2015): 205–20. http://dx.doi.org/10.1515/jaiscr-2015-0029.
Full textAbstract:
Abstract 1 Industrial Control Systems (ICS) are commonly used in industries such as oil and natural gas, transportation, electric, water and wastewater, chemical, pharmaceutical, pulp and paper, food and beverage, as well as discrete manufacturing (e.g., automotive, aerospace, and durable goods.) SCADA systems are generally used to control dispersed assets using centralized data acquisition and supervisory control. Originally, ICS implementations were susceptible primarily to local threats because most of their components were located in physically secure areas (i.e., ICS components were not connected to IT networks or systems). The trend toward integrating ICS systems with IT networks (e.g., efficiency and the Internet of Things) provides significantly less isolation for ICS from the outside world thus creating greater risk due to external threats. Albeit, the availability of ICS/SCADA systems is critical to assuring safety, security and profitability. Such systems form the backbone of our national cyber-physical infrastructure. Herein, we extend the concept of mean failure cost (MFC) to address quantifying availability to harmonize well with ICS security risk assessment. This new measure is based on the classic formulation of Availability combined with Mean Failure Cost (MFC). The metric offers a computational basis to estimate the availability of a system in terms of the loss that each stakeholder stands to sustain as a result of security violations or breakdowns (e.g., deliberate malicious failures).
15
Perales Gómez, Ángel Luis, Lorenzo Fernández Maimó, Alberto Huertas Celdrán, and Félix J. García Clemente. "MADICS: A Methodology for Anomaly Detection in Industrial Control Systems." Symmetry 12, no. 10 (September 23, 2020): 1583. http://dx.doi.org/10.3390/sym12101583.
Full textAbstract:
Industrial Control Systems (ICSs) are widely used in critical infrastructures to support the essential services of society. Therefore, their protection against terrorist activities, natural disasters, and cyber threats is critical. Diverse cyber attack detection systems have been proposed over the years, in which each proposal has applied different steps and methods. However, there is a significant gap in the literature regarding methodologies to detect cyber attacks in ICS scenarios. The lack of such methodologies prevents researchers from being able to accurately compare proposals and results. In this work, we present a Methodology for Anomaly Detection in Industrial Control Systems (MADICS) to detect cyber attacks in ICS scenarios, which is intended to provide a guideline for future works in the field. MADICS is based on a semi-supervised anomaly detection paradigm and makes use of deep learning algorithms to model ICS behaviors. It consists of five main steps, focused on pre-processing the dataset to be used with the machine learning and deep learning algorithms; performing feature filtering to remove those features that do not meet the requirements; feature extraction processes to obtain higher order features; selecting, fine-tuning, and training the most appropriate model; and validating the model performance. In order to validate MADICS, we used the popular Secure Water Treatment (SWaT) dataset, which was collected from a fully operational water treatment plant. The experiments demonstrate that, using MADICS, we can achieve a state-of-the-art precision of 0.984 (as well as a recall of 0.750 and F1-score of 0.851), which is above the average of other works, proving that the proposed methodology is suitable for use in real ICS scenarios.
16
Wang, Yufei, Tengbiao Zhang, and Qian Ye. "Situation awareness framework for industrial control system based on cyber kill chain." MATEC Web of Conferences 336 (2021): 02013. http://dx.doi.org/10.1051/matecconf/202133602013.
Full textAbstract:
Information and cyber security of Industrial Control Systems (ICS) has gained considerable importance. Situation Awareness (SA) is an exciting mechanism to achieve the perception, comprehension and projection of the ICS information security status. Based on the Purdue Enterprise Reference Architecture (PERA), a situation awareness framework for ICS is presented considering the ICS cyber kill chain. The proposed framework consists of IT SA Centre, OT SA Centre, and Comprehensive SA Centre. Comprehensive SA Centre is responsible for creating and maintaining an integrated and high level of security visibility into the whole environments. The introduced framework can be used to guide the development of the situation awareness infrastructure in organization with industrial control systems.
17
Wang, Zibo, Yaofang Zhang, Zhiyao Liu, Tongtong Li, Yilu Chen, Chen Yang, Bailing Wang, and Zhusong Liu. "A Prioritizing Interdiction Surface-Based Vulnerability Remediation Composite Metric for Industrial Control Systems." Wireless Communications and Mobile Computing 2022 (May 29, 2022): 1–16. http://dx.doi.org/10.1155/2022/6442778.
Full textAbstract:
Recently, industrial control system (ICS) has gradually been a primary attack target. The main reason is that increasing vulnerabilities exposed provide opportunities for launching multistep and multihost attacks to breach security policies. To that end, vulnerability remediations are crucial for the ICS. However, there exist three problems to be tackled in a sound way. First of all, it is impractical to remove all vulnerabilities for preventing the multistep and multihost attacks in the consideration of the actual ICS demands. Secondly, ranking vulnerability remediations lacks a guidance. The last problem is that there is a lack of a metric for qualifying the security level after each remediation. In this paper, an ICS-oriented assessment methodology is proposed for the vulnerability remediations. It consists of three phases corresponding to the above problems, including (1) prioritizing Interdiction Surfaces, (2) ranking vulnerability remediations, and (3) calculating composite metrics. The Interdiction Surface describes a minimum set of vulnerabilities of which the complete removal may interdict all discovered attack paths in the system. Particularly, it innovates to take the urgent security demands of the ICS into account. Subsequently, ranking the vulnerability in the optimal Interdiction Surface is conducive to guide the remediations with the priority. A composite metric is ultimately given to assess the security level after vulnerability remediations. The effectiveness of the proposed methodology is validated in an ICS scenario which is similar to the real-world practice. Results show that the entire procedure is suitable for the context of the ICS. Simultaneously, the composite metric enhances both the comprehensiveness and the compatibility in contrast with attack path-based metrics. Hence, it overcomes the shortcomings when they are used in isolation.
18
Jiang, Cheng Zhi, Ting Ting Liu, and Xing Chuan Bao. "A Security Test and Evaluation Model for Electric Industrial Control Systems." Applied Mechanics and Materials 519-520 (February 2014): 1385–89. http://dx.doi.org/10.4028/www.scientific.net/amm.519-520.1385.
Full textAbstract:
The adoption of Information and Communication Technologies (ICTs) in critical infrastructures, e.g. smart grids and power plants, facilitates the interoperation between components but introduces new security issues as well. Based on the survey of typical Industrial Control Systems (ICSs) in the power grid corporation, a three-layer abstract model of electric ICS is built in this paper. A corresponding security test and evaluation model is then proposed and detailed steps, components and methods involved are described. The proposed model can be considered to be the guide to carry out security test and evaluation activities so as to enforce the security protection of ICS in electric industry.
19
Genge, Béla, Piroska Haller, Adrian-Vasile Duka, and Hunor Sándor. "A lightweight key generation scheme for end-to-end data authentication in Industrial Control Systems." at - Automatisierungstechnik 67, no. 5 (May 27, 2019): 417–28. http://dx.doi.org/10.1515/auto-2019-0017.
Full textAbstract:
Abstract The recent advances in technology had an exceptional impact on the performance optimization and the provisioning of more flexible Industrial Control Systems (ICS). Nevertheless, most ICS communication protocols, as they are currently and widely implemented, are extremely vulnerable to various cyber attacks. This paper proposes a lightweight application-oriented data authentication scheme applicable to existing ICS infrastructures by adopting the characteristics and computational advantages of hash functions and hash chains. Extensive experimental results on a Phoenix Contact industrial controller, which runs the control logic of a real ICS implemented in a Romanian gas transportation network, demonstrate the effectiveness of the proposed scheme and its immediate applicability to existing installations.
20
AYDIN, Hakan, and Ahmet SERTBAŞ. "CYBER SECURITY IN INDUSTRIAL CONTROL SYSTEMS (ICS): A SURVEY OF ROWHAMMER VULNERABILITY." Applied Computer Science 18, no. 2 (June 30, 2022): 86–100. http://dx.doi.org/10.35784/acs-2022-15.
Full textAbstract:
Increasing dependence on Information and Communication Technologies (ICT) and especially on the Internet in Industrial Control Systems (ICS) has made these systems the primary target of cyber-attacks. As ICS are extensively used in Critical Infrastructures (CI), this makes CI more vulnerable to cyber-attacks and their protection becomes an important issue. On the other hand, cyberattacks can exploit not only software but also physics; that is, they can target the fundamental physical aspects of computation. The newly discovered RowHammer (RH) fault injection attack is a serious vulnerability targeting hardware on reliability and security of DRAM (Dynamic Random Access Memory). Studies on this vulnerability issue raise serious security concerns. The purpose of this study was to overview the RH phenomenon in DRAMs and its possible security risks on ICSs and to discuss a few possible realistic RH attack scenarios for ICSs. The results of the study revealed that RH is a serious security threat to any computer-based system having DRAMs, and this also applies to ICS.
21
Rao, Nandan, Shubhra Srivastava, and Sreekanth K.S. "PKI Deployment Challenges and Recommendations for ICS Networks." International Journal of Information Security and Privacy 11, no. 2 (April 2017): 38–48. http://dx.doi.org/10.4018/ijisp.2017040104.
Full textAbstract:
Different types of Control Systems used for Industrial production are broadly called Industrial Control Systems (ICS) (n.d.). These include Supervisory Control and Data Acquisition (SCADA) Systems and Distributed Control Systems (DCS). ICS typically perform the “Command and Control” operations required for smooth functioning of machines in industrial production. They are widely used in Critical infrastructures such as power generation and distribution systems, Oil and Gas plants, Chemical factories and various other manufacturing facilities. Traditionally, ICS used proprietary protocols and operated in isolation. Perimeter security was considered enough as the only means to compromise these systems was via physical access to the systems. However, increased standardization, open architecture adoption and connectivity to enterprise networks as well as internet opened up these systems for a wide range of audience and enabled remote attacks. In this new operation landscape, it is imperative that newer means of securing the networks are adopted continuously. One of the security considerations for the ICS networks is the communication paths used by these networks. Public Key Infrastructure (PKI) (n.d.) plays a key role in securing the communication of ICS networks. Using Digital Certificates, PKI provides a mechanism to verify the identity of all the entities on a network and also ensures that the information is shared securely between communicating entities. PKI is a proven mechanism for secure communication and is widely used in many organizations. However, PKI as a solution to ICS security is challenging due to factors such as resource constrained environments, bandwidth considerations and hard real-time communication requirements. This paper intends to focus on key challenges in Digital Certificate management and correct deployment of PKI in ICS networks and will also present recommendations to overcome these challenges without compromising the basic functionalities of ICS.
22
Horváth, Dušan, and Maximilián Strémy. "Use of Blockchain Mechanisms in PLC Control and Safety Critical Processes." Research Papers Faculty of Materials Science and Technology Slovak University of Technology 29, no. 49 (September 1, 2021): 1–6. http://dx.doi.org/10.2478/rput-2021-0018.
Full textAbstract:
Abstract In a few past years, a lot of cyber-attacks on industrial systems were accomplished. The main point of vulnerability of industrial control systems (ICS) is their connection to the Internet. Standard ICS rely on local solutions; however, with the revolution in the shape of Industry 4.0 concept, there are only a few industrial sectors with no connection to the global network. Some researchers have revealed critical vulnerability of the control systems. In this paper, we briefly summarize the current situation, and introduce our solution to the check of changes in PLC via other nodes in industrial network. The way how to do it is possible through using a checksum of actual code, and comparing with the checksums stored in other nodes.
23
Goncharov, Evgeny, Kirill Kruglov, and Yuliya Dashchenko. "Five ICS cybersecurity myths based on Kaspersky Lab ICS CERT experience." at - Automatisierungstechnik 67, no. 5 (May 27, 2019): 372–82. http://dx.doi.org/10.1515/auto-2019-0016.
Full textAbstract:
Abstract Today, industrial cybersecurity is in the early stages of its development, gradually evolving into a science and technology discipline that will become the cornerstone of industrial manufacturing and construction technologies, the infrastructure of modern cities, transportation, healthcare, etc. The community of researchers and engineers is constantly looking for solutions to protect both existing systems and future technologies. As we depart from the starting point, we must build our assumptions on an objective assessment of the current situation, because, at this stage, even seemingly insignificant misconceptions can cause major fluctuations that prevent us from choosing the right strategy. In this article, we will discuss typical misconceptions and common errors in assessing the security of industrial control systems that Kaspersky Lab ICS CERT experts encounter in their day-to-day communication with people from different industrial sectors and the community of information security experts. We will support our conclusions with the results of the past several years’ research into the various cyberthreats affecting industrial enterprises.
24
Mackintosh, Mike, Gregory Epiphaniou, Haider Al-Khateeb, Keith Burnham, Prashant Pillai, and Mohammad Hammoudeh. "Preliminaries of Orthogonal Layered Defence Using Functional and Assurance Controls in Industrial Control Systems." Journal of Sensor and Actuator Networks 8, no. 1 (February 14, 2019): 14. http://dx.doi.org/10.3390/jsan8010014.
Full textAbstract:
Industrial Control Systems (ICSs) are responsible for the automation of different processes and the overall control of systems that include highly sensitive potential targets such as nuclear facilities, energy-distribution, water-supply, and mass-transit systems. Given the increased complexity and rapid evolvement of their threat landscape, and the fact that these systems form part of the Critical National infrastructure (CNI), makes them an emerging domain of conflict, terrorist attacks, and a playground for cyberexploitation. Existing layered-defence approaches are increasingly criticised for their inability to adequately protect against resourceful and persistent adversaries. It is therefore essential that emerging techniques, such as orthogonality, be combined with existing security strategies to leverage defence advantages against adaptive and often asymmetrical attack vectors. The concept of orthogonality is relatively new and unexplored in an ICS environment and consists of having assurance control as well as functional control at each layer. Our work seeks to partially articulate a framework where multiple functional and assurance controls are introduced at each layer of ICS architectural design to further enhance security while maintaining critical real-time transfer of command and control traffic.
25
Ara, Anees. "Security in Supervisory Control and Data Acquisition (SCADA) based Industrial Control Systems: Challenges and Solutions." IOP Conference Series: Earth and Environmental Science 1026, no. 1 (May 1, 2022): 012030. http://dx.doi.org/10.1088/1755-1315/1026/1/012030.
Full textAbstract:
Abstract Industrial control systems (ICS) play a vital role in monitoring and controlling the plants like power grids, oil and gas industries, manufacturing industries, and nuclear power plants. Present research and development in information and communication technologies have changed the domains of industrial control systems from traditional electromagnetic to network- based digital systems. This domain shift has created better interfaces for communication between physical processes and the control units. Eventually, making the complex process of monitoring and controlling the industries easier, with the help of internet connections and computing technologies. The field instruments such as sensors and actuators and the physical processes in industries are controlled and monitored by programmable logic controllers (PLC), remote telemetric units (RTU), and supervisory control and data acquisition systems (SCADA) with the help of communication protocols. The seamless integration of the information technologies (IT) and operational technologies (OT) make the management of the industrial environment foster. However, the inclusion of new technologies that increase the number of internet connections, the new communication protocols, and interfaces that run on open-source software, brings up new threats and challenges in addition to existing vulnerabilities in these classical legacy-based heterogeneous hardware and software systems. Due to the increase in the number of security incidents on critical infrastructures, the security considerations for SCADA systems/ICS are gaining interest among researchers. In this paper, we provide a description of SCADA/ICS components, architecture, and communication protocols. Additionally, we discuss details of existing vulnerabilities in hardware, software, and communication protocols. Further, we highlight some prominent security incidents and their motives behind them. We analyse the existing state of OT and IT security in SCADA systems by classifying the SCADA components among them. Finally, we provide security recommendations based on current trends and also discuss open research problems in SCADA security.
26
Liu, Chenyang, Yazeed Alrowaili, Neetesh Saxena, and Charalambos Konstantinou. "Cyber Risks to Critical Smart Grid Assets of Industrial Control Systems." Energies 14, no. 17 (September 3, 2021): 5501. http://dx.doi.org/10.3390/en14175501.
Full textAbstract:
Cybersecurity threats targeting industrial control systems (ICS) have significantly increased in the past years. Moreover, the need for users/operators to understand the consequences of attacks targeting these systems and protect all assets is vital. This work explores asset discovery in ICS and how to rank these assets based on their criticality. This paper also discusses asset discovery and its components. We further present existing solutions and tools for asset discovery. We implement a method to identify critical assets based on their connection and discuss related results and evaluation. The evaluation utilises four attack scenarios to stress the importance of protecting these critical assets since the failure to protect them can lead to serious consequences. Using a 12-bus system case, our results show that targeting such a system can increase and overload transmission lines values to 120% and 181% MVA, which can affect the power supply and disrupt service, and it can increase the cost up to 60%, affecting the productivity of this electric grid.
27
Pretorius, Barend, and Brett van Niekerk. "Cyber-Security for ICS/SCADA." International Journal of Cyber Warfare and Terrorism 6, no. 3 (July 2016): 1–16. http://dx.doi.org/10.4018/ijcwt.2016070101.
Full textAbstract:
Industrial control systems (ICS) or supervisory, control, and data acquisition (SCADA) systems drive many key components of the national infrastructure. It makes these control systems targets for cyber-attacks by terrorists and nation-states who wish to damage their target economically and socially, and cyber-criminals who blackmail the companies operating the infrastructure. Despite the high risk of leaving these systems exposed, providing adequate cyber-security is often challenging. The Stuxnet worm illustrated how vulnerable control systems potentially are when it bypassed a number of security mechanisms to cause physical damage to an Iranian nuclear facility. The article focuses on ICS/SCADA in South Africa discussing the unique challenges and legislation relate to securing control system in the South Africa. A governance and security framework for overcoming these challenges are proposed.
28
Heverin, Thomas, Michael Cordano, Andy Zeyher, Matthew Lashner, and Sanjana Suresh. "Exploring Ontologies for Mitigation Selection of Industrial Control System Vulnerabilities." International Conference on Cyber Warfare and Security 17, no. 1 (March 2, 2022): 72–80. http://dx.doi.org/10.34190/iccws.17.1.32.
Full textAbstract:
Mitigating vulnerabilities in industrial control systems (ICSs) represents a highly complex task. ICSs may contain an abundance of device types, all with unique software and hardware components. Upon discovering vulnerabilities on ICS devices, cyber defenders must determine which mitigations to implement, and which mitigations can apply across multiple vulnerabilities. Cyber defenders need techniques to optimize mitigation selection. This exploratory research paper shows how ontologies, also known as linked-data models, can potentially be used to model ICS devices, vulnerabilities, and mitigations, as well as to identify mitigations that can remediate or mitigate multiple vulnerabilities. Ontologies can be used to reduce the complexity of a cyber defender’s role by allowing for insights to be drawn, especially in the ICS domain. Data are modelled from the Common Platform Enumeration (CPE), the National Vulnerability Database (NVD), standardized list of controls from the National Institute of Standards and Technology (NIST), and ICS Cyber Emergency Response Team (CERT) advisories. Semantic queries provide the techniques for mitigation prioritization. A case study is described for a selected programmable logic controller (PLC), its known vulnerabilities from the NVD, and recommended mitigations from ICS CERT. Overall, this research shows how ontologies can be used to link together existing data sources, to run queries over the linked data, and to allow for new insights to be drawn for mitigation selection.
29
Cao, Yixin, Lei Zhang, Xiaosong Zhao, Kai Jin, and Ziyi Chen. "An Intrusion Detection Method for Industrial Control System Based on Machine Learning." Information 13, no. 7 (July 3, 2022): 322. http://dx.doi.org/10.3390/info13070322.
Full textAbstract:
The integration of communication networks and the internet of industrial control in Industrial Control System (ICS) increases their vulnerability to cyber attacks, causing devastating outcomes. Traditional Intrusion Detection Systems (IDS) largely rely on predefined models and are trained mostly on specific cyber attacks, which means the traditional IDS cannot cope with unknown attacks. Additionally, most IDS do not consider the imbalanced nature of ICS datasets, thus suffering from low accuracy and high False Positive Rates when being put to use. In this paper, we propose the NCO–double-layer DIFF_RF–OPFYTHON intrusion detection method for ICS, which consists of NCO modules, double-layer DIFF_RF modules, and OPFYTHON modules. Detected traffic will be divided into three categories by the double-layer DIFF_RF module: known attacks, unknown attacks, and normal traffic. Then, the known attacks will be classified into specific attacks by the OPFYTHON module according to the feature of attack traffic. Finally, we use the NCO module to improve the model input and enhance the accuracy of the model. The results show that the proposed method outperforms traditional intrusion detection methods, such as XGboost and SVM. The detection of unknown attacks is also considerable. The accuracy of the dataset used in this paper reaches 98.13%. The detection rates for unknown attacks and known attacks reach 98.21% and 95.1%, respectively. Moreover, the method we proposed has achieved suitable results on other public datasets.
30
Johnson, Chris, Rob Harkness, and Maria Evangelopoulou. "Forensic Attacks Analysis and the Cyber Security of Safety-Critical Industrial Control Systems." Journal of System Safety 53, no. 1 (April 1, 2017): 29–34. http://dx.doi.org/10.56094/jss.v53i1.102.
Full textAbstract:
Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) applications monitor and control a wide range of safety-related functions. These include energy generation, where failures could have significant, irreversible consequences. They also include the control systems that are used in the manufacture of safety-related products. In this case, “bugs” in an ICS/SCADA system could introduce flaws in the production of components; these flaws remain undetected before being incorporated into safety-related applications. Industrial Control Systems, typically, use devices and networks that are different from conventional IP-based infrastructures. These differences prevent the re-use of existing cyber-security products in ICS/SCADA environments; the architectures, file formats and process structures are all different. This paper supports the forensic analysis of industrial control systems in safety-related applications. In particular, we describe how forensic attack analysis is used to identify weaknesses in devices so that we can both protect components and determine the information that must be analyzed during the aftermath of a cyber-incident. Simulated attacks detect vulnerabilities; a risk-based approach can then be used to assess the likelihood and impact of any breach. These risk assessments are then used to justify both immediate and longer-term countermeasures.
31
Liyakkathali, Salimah, Francisco Furtado, Gayathri Sugumar, and Aditya Mathur. "A Mechanism to Assess the Effectiveness Anomaly Detectors in Industrial Control Systems." Journal of Integrated Design and Process Science 24, no. 3-4 (April 11, 2022): 35–50. http://dx.doi.org/10.3233/jid-210023.
Full textAbstract:
The rise in attacks on Industrial Control Systems (ICS) makes it imperative for the anomaly detection mechanisms (ADMs) to be complete with respect to a set of attacks. In this work, a method is proposed to create and launch simulated attacks on ICS. In the proposed method, referred to as ICS Resilience (ICSRes), attacks are generated using a tool suite named A6. A6 mutates data exchanged between any two PLCs connected via the communications network as well as between a PLC and the sensors and actuators connected to it via a Remote Input/Output (RIO) unit. It consists of both single-point and multi-point mutations that can be manipulated in static or in dynamic form. A two-part case study was conducted to assess the effectiveness and completeness of ICSRes and A6 when compared with that of launching humanly designed attacks. Effectiveness is defined as the ability to detect complex attacks that causes process anomalies and completeness refers to the ability to detect the type of attack. In Part I of the study, the attacks were automatically generated and launched using A6. In Part II a set of attacks was generated and launched manually while participating in an international cyber-exercise. In both parts of the study three ADMs, installed in an operational water treatment testbed, were used to assess their completeness with respect to the generated attacks. The results demonstrate the effectiveness of ICSRes and the tools in highlighting the strength and weaknesses of the ADMs and the value of using A6.
32
Wang, Chao, Bailing Wang, Hongri Liu, and Haikuo Qu. "Anomaly Detection for Industrial Control System Based on Autoencoder Neural Network." Wireless Communications and Mobile Computing 2020 (August 3, 2020): 1–10. http://dx.doi.org/10.1155/2020/8897926.
Full textAbstract:
As the Industrial Internet of Things (IIoT) develops rapidly, cloud computing and fog computing become effective measures to solve some problems, e.g., limited computing resources and increased network latency. The Industrial Control Systems (ICS) play a key factor within the development of IIoT, whose security affects the whole IIoT. ICS involves many aspects, like water supply systems and electric utilities, which are closely related to people’s lives. ICS is connected to the Internet and exposed in the cyberspace instead of isolating with the outside recent years. The risk of being attacked increases as a result. In order to protect these assets, intrusion detection systems (IDS) have drawn much attention. As one kind of intrusion detection, anomaly detection provides the ability to detect unknown attacks compared with signature-based techniques, which are another kind of IDS. In this paper, an anomaly detection method with a composite autoencoder model learning the normal pattern is proposed. Unlike the common autoencoder neural network that predicts or reconstructs data separately, our model makes prediction and reconstruction on input data at the same time, which overcomes the shortcoming of using each one alone. With the error obtained by the model, a change ratio is put forward to locate the most suspicious devices that may be under attack. In the last part, we verify the performance of our method by conducting experiments on the SWaT dataset. The results show that the proposed method exhibits improved performance with 88.5% recall and 87.0% F1-score.
33
Bruno Santos Junqueira, Marvim Vinicius Souza de Souza, Victor Bittencourt Lima, Allace Souza Faria de Jesus Gonçalves, and Herman Augusto Lepikson. "Learning Proposal for Cybersecurity for Industrial Control Systems Based on Problems and Established by a 4.0 Didactic Advanced-Manufacturing-Plant." JOURNAL OF BIOENGINEERING, TECHNOLOGIES AND HEALTH 5, no. 1 (May 2, 2022): 11–17. http://dx.doi.org/10.34178/jbth.v5i1.188.
Full textAbstract:
Researches data indicate that the search for cybersecurity professionals to protect industrial control systems (ICS) in Brazil is increasing, mainly because of the rise in cyber-attacks directed at the industry. However, we observed a deficiency of professionals with the required competence in ICS cybersecurity, which involves technology-information fields (IT) and operational technology (OT). On the other hand, there is a lack of educational institutions with the right strategies for training professionals who master the technologies for ICS protection. This paper presents a strategy through procedures to address this lack by evaluating scenarios of practices for the development of competencies in ICS cybersecurity through the problem-based learning (PBL) methodology. The scenarios combine theory and practice involved in solving ICS cybersecurity problems, using PBL with the support of SENAI CIMATEC's 4.0 Advanced Manufacturing Plant (AMP).
34
Borrego, Adriano, Adilson Eduardo Guelfi, Anderson Aparecido Alves da Silva, Marcelo Teixeira de Azevedo, Norisvaldo Ferraz Jr, and Sergio Takeo Kofuji. "MODELING AND VALIDATING A SECURE INTERCONNECTION BETWEEN INDUSTRIAL CONTROL SYSTEM AND CORPORATE NETWORK USING COLORED PETRI NET." COLLOQUIUM EXACTARUM 12, no. 2 (September 9, 2020): 45–61. http://dx.doi.org/10.5747/ce.2020.v12.n2.e318.
Full textAbstract:
Industrial Control Systems (ICS) networks offer a high level of automation combined with high levels of control, quality,and process improvement. Since network corporate users have to access the ICS environment, these networks have to be interconnected. However, this interconnection can introduce risks to the systems and manufacturing processes, which leads to the need to ensure the interconnection is done safely. The objective of this paper is to perform modeling and validation of a proposed secure interconnection between ICS and corporate networks using Colored Petri Networks (CPN). In addition to the best practices published in related works, this paper recommends some integrated features like the use of terminal server service, secure manual uplinks, and unidirectional security gatewayto enhance environmental security. However, our main contribution is the validation process performed in a CPN, which made it possible to execute queries in the state space resulting from the simulation -that works as a proof of concept. As a result, thepaper presents a secure and validated model of interconnection between ICS and corporate networks, capable of being applied to any interconnection environment
35
Kim, Aram, Junhyoung Oh, Kookheui Kwon, and Kyungho Lee. "Consider the Consequences: A Risk Assessment Approach for Industrial Control Systems." Security and Communication Networks 2022 (June 22, 2022): 1–19. http://dx.doi.org/10.1155/2022/3455647.
Full textAbstract:
The development of information and communication technologies extended the application of digitalized industrial control systems (ICSs) to critical infrastructure. With this circumstance, emerging sophisticated cyberattacks by adversaries, including nation-backed terrorists, target ICSs due to their strategic value that critical infrastructure can cause severe consequences to equipment, people, and the environment due to the cyberattacks on ICSs. Therefore, critical infrastructure owners should provide high assurance to those involved, such as neighboring residents and governments, that the facility is adequately protected against cyberattacks. The risk assessment that identifies, estimates, and prioritizes risks is vital to provide high assurance. This study proposes a framework for evaluating risks by quantifying the likelihood of cyber exploitation and the consequences of cyberattacks. The quantification of the likelihood of cyber exploitation is inspired by research on Bayesian attack graphs (BAGs), allowing probability evaluation that considers the causal relationship between ICSs and multistage attacks. For the cyberattack consequences quantification, we propose a methodology to evaluate how far an impact will spread and thus how many functions will be influenced when an ICS is exploited. The methodology is conducted by ICS experts identifying and listing functional dependencies and essential function goals among ICSs that they are already familiar with and do not require in-depth cybersecurity knowledge. Through experiments, we demonstrated how to apply our framework to assess the risks of the plant protection system, which is a safety-grade digital system used in nuclear power plants. The result shows that risk can be multidimensionally assessed than previous literature, such as discovering that components that were not considered important have high risk due to their functional connectivity.
36
Camargo, Otávio Augusto Maciel, Julio Cesar Duarte, Anderson Fernandes Pereira Dos Santos, and Cesar Augusto Borges. "A Review of Testbeds on SCADA Systems with Malware Analysis." Revista de Informática Teórica e Aplicada 29, no. 2 (May 14, 2022): 84–94. http://dx.doi.org/10.22456/2175-2745.112813.
Full textAbstract:
Supervisory control and data acquisition (SCADA) systems are among the major types of Industrial Control Systems (ICS) and are responsible for monitoring and controlling essential infrastructures such as power generation, water treatment, and transportation. Very common and with high added-value, these systems have malware as one of their main threats, and due to their characteristics, it is practically impossible to test the security of a system without compromising it, requiring simulated test platforms to verify their cyber resilience. This review will discuss the most recent studies on ICS testbeds with a focus on cybersecurity and malware impact analysis.
37
Chen, Lei, Yuan Li, Xingye Deng, Zhaohua Liu, Mingyang Lv, and Hongqiang Zhang. "Dual Auto-Encoder GAN-Based Anomaly Detection for Industrial Control System." Applied Sciences 12, no. 10 (May 15, 2022): 4986. http://dx.doi.org/10.3390/app12104986.
Full textAbstract:
As a core tool, anomaly detection based on a generative adversarial network (GAN) is showing its powerful potential in protecting the safe and stable operation of industrial control systems (ICS) under the Internet of Things (IoT). However, due to the long-tailed distribution of operating data in ICS, existing GAN-based anomaly detection models are prone to misjudging an unseen marginal sample as an outlier. Moreover, it is difficult to collect abnormal samples from ICS. To solve these challenges, a dual auto-encoder GAN-based anomaly detection model is proposed for the industrial control system, simply called the DAGAN model, to achieve an accurate and efficient anomaly detection without any abnormal sample. First, an “encoder–decoder–encoder” architecture is used to build a dual GAN model for learning the latent data distribution without any anomalous sample. Then, a parameter-free dynamic strategy is proposed to robustly and accurately learn the marginal distribution of the training data through dynamic interaction between two GANs. Finally, based on the learned normal distribution and marginal distribution, an optimized anomaly score is used to measure whether a sample is an outlier, thereby reducing the probability of a marginal sample being misjudged. Extensive experiments on multiple datasets demonstrate the advantages of our DAGAN model.
38
Kim, Bedeuro, Mohsen Ali Alawami, Eunsoo Kim, Sanghak Oh, Jeongyong Park, and Hyoungshick Kim. "A Comparative Study of Time Series Anomaly Detection Models for Industrial Control Systems." Sensors 23, no. 3 (January 23, 2023): 1310. http://dx.doi.org/10.3390/s23031310.
Full textAbstract:
Anomaly detection has been known as an effective technique to detect faults or cyber-attacks in industrial control systems (ICS). Therefore, many anomaly detection models have been proposed for ICS. However, most models have been implemented and evaluated under specific circumstances, which leads to confusion about choosing the best model in a real-world situation. In other words, there still needs to be a comprehensive comparison of state-of-the-art anomaly detection models with common experimental configurations. To address this problem, we conduct a comparative study of five representative time series anomaly detection models: InterFusion, RANSynCoder, GDN, LSTM-ED, and USAD. We specifically compare the performance analysis of the models in detection accuracy, training, and testing times with two publicly available datasets: SWaT and HAI. The experimental results show that the best model results are inconsistent with the datasets. For SWaT, InterFusion achieves the highest F1-score of 90.7% while RANSynCoder achieves the highest F1-score of 82.9% for HAI. We also investigate the effects of the training set size on the performance of anomaly detection models. We found that about 40% of the entire training set would be sufficient to build a model producing a similar performance compared to using the entire training set.
39
Khan, Shaharyar, and Stuart Madnick. "Protecting Chiller Systems from Cyberattack Using a Systems Thinking Approach." Network 2, no. 4 (November 2, 2022): 606–27. http://dx.doi.org/10.3390/network2040035.
Full textAbstract:
Recent world events and geopolitics have brought the vulnerability of critical infrastructure to cyberattacks to the forefront. While there has been considerable attention to attacks on Information Technology (IT) systems, such as data theft and ransomware, the vulnerabilities and dangers posed by industrial control systems (ICS) have received significantly less attention. What is very different is that industrial control systems can be made to do things that could destroy equipment or even harm people. For example, in 2021 the US encountered a cyberattack on a water treatment plant in Florida that could have resulted in serious injuries or even death. These risks are based on the unique physical characteristics of these industrial systems. In this paper, we present a holistic, integrated safety and security analysis, we call Cybersafety, based on the STAMP (System-Theoretic Accident Model and Processes) framework, for one such industrial system—an industrial chiller plant—as an example. In this analysis, we identify vulnerabilities emerging from interactions between technology, operator actions as well as organizational structure, and provide recommendations to mitigate resulting loss scenarios in a systematic manner.
40
Ji, Xudong, Hongxing Wei, Youdong Chen, Xiao-Fang Ji, and Guo Wu. "A Three-Stage Dynamic Assessment Framework for Industrial Control System Security Based on a Method of W-HMM." Sensors 22, no. 7 (March 28, 2022): 2593. http://dx.doi.org/10.3390/s22072593.
Full textAbstract:
Industrial control systems (ICS) are applied in many fields. Due to the development of cloud computing, artificial intelligence, and big data analysis inducing more cyberattacks, ICS always suffers from the risks. If the risks occur during system operations, corporate capital is endangered. It is crucial to assess the security of ICS dynamically. This paper proposes a dynamic assessment framework for industrial control system security (DAF-ICSS) based on machine learning and takes an industrial robot system as an example. The framework conducts security assessment from qualitative and quantitative perspectives, combining three assessment phases: static identification, dynamic monitoring, and security assessment. During the evaluation, we propose a weighted Hidden Markov Model (W-HMM) to dynamically establish the system’s security model with the algorithm of Baum–Welch. To verify the effectiveness of DAF-ICSS, we have compared it with two assessment methods to assess industrial robot security. The comparison result shows that the proposed DAF-ICSS can provide a more accurate assessment. The assessment reflects the system’s security state in a timely and intuitive manner. In addition, it can be used to analyze the security impact caused by the unknown types of ICS attacks since it infers the security state based on the explicit state of the system.
41
Du, Yan, Yuanyuan Huang, Guogen Wan, and Peilin He. "Deep Learning-Based Cyber–Physical Feature Fusion for Anomaly Detection in Industrial Control Systems." Mathematics 10, no. 22 (November 20, 2022): 4373. http://dx.doi.org/10.3390/math10224373.
Full textAbstract:
In this paper, we propose an unsupervised anomaly detection method based on the Autoencoder with Long Short-Term Memory (LSTM-Autoencoder) network and Generative Adversarial Network (GAN) to detect anomalies in industrial control system (ICS) using cyber–physical fusion features. This method improves the recall of anomaly detection and overcomes the challenges of unbalanced datasets and insufficient labeled samples in ICS. As a first step, additional network features are extracted and fused with physical features to create a cyber–physical dataset. Following this, the model is trained using normal data to ensure that it can properly reconstruct the normal data. In the testing phase, samples with unknown labels are used as inputs to the model. The model will output an anomaly score for each sample, and whether a sample is anomalous depends on whether the anomaly score exceeds the threshold. Whether using supervised or unsupervised algorithms, experimentation has shown that (1) cyber–physical fusion features can significantly improve the performance of anomaly detection algorithms; (2) the proposed method outperforms several other unsupervised anomaly detection methods in terms of accuracy, recall, and F1 score; (3) the proposed method can detect the majority of anomalous events with a low false negative rate.
42
Shang, Wenli, and Xiangyu Xing. "ICS Software Trust Measurement Method Based on Dynamic Length Trust Chain." Scientific Programming 2021 (April 26, 2021): 1–11. http://dx.doi.org/10.1155/2021/6691696.
Full textAbstract:
Aiming at the real-time requirements for industrial control systems, we proposed a corresponding trust chain method for industrial control system application software and a component analysis method based on security sensitivity weights. A dynamic length trust chain structure is also proposed in this paper. Based on this, the industrial control system software integrity measurement method is constructed. Aimed at the validity of the model, a simulation attack experiment was performed, and the performance of the model was repeated from multiple perspectives to verify the performance of the method. Experiments show that this method can effectively meet the integrity measurement under the condition of high real-time performance, protect the integrity of files, and improve the software credibility of industrial control system.
43
Alkahtani, Hasan, and Theyazn H. H. Aldhyani. "Developing Cybersecurity Systems Based on Machine Learning and Deep Learning Algorithms for Protecting Food Security Systems: Industrial Control Systems." Electronics 11, no. 11 (May 27, 2022): 1717. http://dx.doi.org/10.3390/electronics11111717.
Full textAbstract:
Industrial control systems (ICSs) for critical infrastructure are extensively utilized to provide the fundamental functions of society and are frequently employed in critical infrastructure. Therefore, security of these systems from cyberattacks is essential. Over the years, several proposals have been made for various types of cyberattack detection systems, with each concept using a distinct set of processes and methodologies. However, there is a substantial void in the literature regarding approaches for detecting cyberattacks in ICSs. Identifying cyberattacks in ICSs is the primary aim of this proposed research. Anomaly detection in ICSs based on an artificial intelligence algorithm is presented. The methodology is intended to serve as a guideline for future research in this area. On the one hand, machine learning includes logistic regression, k-nearest neighbors (KNN), linear discriminant analysis (LDA), and decision tree (DT) algorithms, deep learning long short-term memory (LSTM), and the convolution neural network and long short-term memory (CNN-LSTM) network to detect ICS malicious attacks. The proposed algorithms were examined using real ICS datasets from the industrial partners Necon Automation and International Islamic University Malaysia (IIUM). There were three types of attacks: man-in-the-middle (mitm) attack, web-server access attack, and telnet attack, as well as normal. The proposed system was developed in two stages: binary classification and multiclass classification. The binary classification detected the malware as normal or attacks and the multiclass classification was used for detecting all individual attacks. The KNN and DT algorithms achieved superior accuracy (100%) in binary classification and multiclass classification. Moreover, a sensitivity analysis method was presented to predict the error between the target and prediction values. The sensitivity analysis results showed that the KNN and DT algorithms achieved R2 = 100% in both stages. The obtained results were compared with existing systems; the proposed algorithms outperformed existing systems.
44
Zhou, Xiaojun, Zhen Xu, Liming Wang, Kai Chen, Cong Chen, and Wei Zhang. "APT Attack Analysis in SCADA Systems." MATEC Web of Conferences 173 (2018): 01010. http://dx.doi.org/10.1051/matecconf/201817301010.
Full textAbstract:
SCADA (Supervisory Control and Data Acquisition) systems play a significant role in ICS (Industrial Control System). Safety, security and stable operation is crucial to the SCADA system. However, SCADA system currently faces many security threats, of which the most harmful is the APT attack. This paper analyzes the attack surface and its own vulnerabilities of SCADA system, and analyzes the characteristics of APT attack comprehensively. Then the paper dissects the cases of real APT attack thoroughly and gives measures of SCADA security protection.
45
L, Rajesh, and Penke Satyanarayana. "Detection and Blocking of Replay, False Command, and False Access Injection Commands in SCADA Systems with Modbus Protocol." Security and Communication Networks 2021 (September 27, 2021): 1–15. http://dx.doi.org/10.1155/2021/8887666.
Full textAbstract:
Industrial control systems (ICS) are being used for surveillance and controlling numerous industrial process plants in national critical infrastructures. Supervisory control and data acquisition (SCADA) system is a core component in ICS systems for continuous monitoring and controlling these process plants. Legacy SCADA systems are working in isolated networks and using proprietary communication protocols which made them less exposed to cyber threats. In recent times, these ICS systems have been connected to Internet and corporate networks for data sharing and remote monitoring. They are also using open protocols and operating systems. This leads to vulnerabilities of the system to cyberattacks. Cybersecurity threats are more prevalent than ever in ICS systems. These attacks may be external or internal. Modbus is a widely deployed communication protocol for SCADA communications. There is no security in design of Modbus protocol, and it is vulnerable to numerous cyberattacks. In this paper, we worked for False Command Injection attack, False Access Injection attack, and replay attacks on Modbus protocol. Initially, a real-time SCADA testbed was set up, and we envisaged the impact of these attacks on Modbus protocol data using the testbed. In this work, we used local area network (LAN) environment only for simulating the attacks. We assumed that the attacks penetrated the LAN network. We proposed and developed (a) a method to detect replay attacks by incorporating time stamp and sequence number in Modbus communications and (b) a frame filtering module which will block unauthorized attacks like False Command Injection and False Access Injection attacks to reach programmable logic controller (PLC). Numbers of attacks were simulated and the performance of the method was measured using attack block rate (ABR). It blocked 97% of malicious Modbus transactions or attacks to reach the PLC. It protects SCADA systems from attackers, which is a core component of industrial control systems. The solution enhanced the security of SCADA systems with Modbus protocol.
46
Ngambeki, Ida, Sean McBride, and Jill Slay. "Knowledge Gaps in Curricular Guidance for ICS Security." Journal of The Colloquium for Information Systems Security Education 9, no. 1 (March 8, 2022): 6. http://dx.doi.org/10.53735/cisse.v9i1.149.
Full textAbstract:
Industrial Control Systems are an essential mechanism to manage complex computer systems necessary for modern life. These include everything from water treatment and transportation to energy systems and manufacturing. These systems are becoming increasingly integrated and more complex, and they are being used to manage even more of the elements that make our everyday lives possible. They are therefore becoming both more attractive to cyber criminals and more vulnerable to cyber-attacks. More attention needs to be paid to increasing resources and capability in industrial cybersecurity (ICSS). A major element of this is to significantly improve both the quality and availability of education in this area. The process of development of these educational initiatives is aided by curriculum guidance documents. Of necessity ICSS has largely evolved in industrial settings. This exploratory study examines the curricular guidance available for ICSS research and compares it to industry requirements to identify gaps in curricular guidance. Specifically, this paper looks at the three leading guiding documents, the NICE Cybersecurity Workforce Framework, the Joint Task Force on Cybersecurity Education curriculum guidance, and the NSA CAE knowledge units. These are then compared to requirements identified from ICSS related job postings. We found that the primary cybersecurity curriculum guidance documents do not sufficiently address industry requirements for ICSS.
47
Tsuchiya, Akihiro, Francisco Fraile, Ichiro Koshijima, Angel Ortiz, and Raul Poler. "Software defined networking firewall for industry 4.0 manufacturing systems." Journal of Industrial Engineering and Management 11, no. 2 (April 6, 2018): 318. http://dx.doi.org/10.3926/jiem.2534.
Full textAbstract:
Purpose: In order to leverage automation control data, Industry 4.0 manufacturing systems require industrial devices to be connected to the network. Potentially, this can increase the risk of cyberattacks, which can compromise connected industrial devices to acquire production data or gain control over the production process. Search engines such as Sentient Hyper-Optimized Data Access Network (SHODAN) can be perverted by attackers to acquire network information that can be later used for intrusion. To prevent this, cybersecurity standards propose network architectures divided into several networks segments based on system functionalities. In this architecture, Firewalls limit the exposure of industrial control devices in order to minimize security risks. This paper presents a novel Software Defined Networking (SDN) Firewall that automatically applies this standard architecture without compromising network flexibility. Design/methodology/approach: The proposed SDN Firewall changes filtering rules in order to implement the different network segments according to application level access control policies. The Firewall applies two filtering techniques described in this paper: temporal filtering and spatial filtering, so that only applications in a white list can connect to industrial control devices. Network administrators need only to configure this application-oriented white lists to comply with security standards for ICS. This simplifies to a great extent network management tasks. Authors have developed a prototype implementation based on the OPC UA Standard and conducted security tests in order to test the viability of the proposal.Findings: Network segmentation and segregation are effective counter-measures against network scanning attacks. The proposed SDN Firewall effectively configures a flat network into virtual LAN segments according to security standard guidelines.Research limitations/implications: The prototype implementation still needs to implement several features to exploit the full potential of the proposal. Next steps for development are discussed in a separate section.Practical implications: The proposed SDN Firewall has similar security features to commercially available application Firewalls, but SDN Firewalls offer additional security features. First, SDN technology provides improved performance, since SDN low-level processing functions are much more efficient. Second, with SDN, security functions are rooted in the network instead of being centralized in particular network elements. Finally, SDN provides a more flexible and dynamic, zero configuration framework for secure manufacturing systems by automating the rollout of security standard-based network architectures. Social implications: SDN Firewalls can facilitate the deployment of secure Industry 4.0 manufacturing systems, since they provide ICS networks with many of the needed security capabilities without compromising flexibility. Originality/value: The paper proposes a novel SDN Firewall specifically designed to secure ICS networks. A prototype implementation of the proposed SDN Firewall has been tested in laboratory conditions. The prototype implementation complements the security features of the OPC UA communication standard to provide a holistic security framework for ICS networks.
48
Zhao, Xiaosong, Lei Zhang, Yixin Cao, Kai Jin, and Yupeng Hou. "Anomaly Detection Approach in Industrial Control Systems Based on Measurement Data." Information 13, no. 10 (September 25, 2022): 450. http://dx.doi.org/10.3390/info13100450.
Full textAbstract:
Anomaly detection problems in industrial control systems (ICSs) are always tackled by a network traffic monitoring scheme. However, traffic-based anomaly detection systems may be deceived by anomalous behaviors that mimic normal system activities and fail to achieve effective anomaly detection. In this work, we propose a novel solution to this problem based on measurement data. The proposed method combines a one-dimensional convolutional neural network (1DCNN) and a bidirectional long short-term memory network (BiLSTM) and uses particle swarm optimization (PSO), which is called PSO-1DCNN-BiLSTM. It enables the system to detect any abnormal activity in the system, even if the attacker tries to conceal it in the system’s control layer. A supervised deep learning model was generated to classify normal and abnormal activities in an ICS to evaluate the method’s performance. This model was trained and validated against the open-source simulated power system dataset from Mississippi State University. In the proposed approach, we applied several deep-learning models to the dataset, which showed remarkable performance in detecting the dataset’s anomalies, especially stealthy attacks. The results show that PSO-1DCNN-BiLSTM performed better than other classifier algorithms in detecting anomalies based on measured data.
49
Fährmann, Daniel, Naser Damer, Florian Kirchbuchner, and Arjan Kuijper. "Lightweight Long Short-Term Memory Variational Auto-Encoder for Multivariate Time Series Anomaly Detection in Industrial Control Systems." Sensors 22, no. 8 (April 9, 2022): 2886. http://dx.doi.org/10.3390/s22082886.
Full textAbstract:
Heterogeneous cyberattacks against industrial control systems (ICSs) have had a strong impact on the physical world in recent decades. Connecting devices to the internet enables new attack surfaces for attackers. The intrusion of ICSs, such as the manipulation of industrial sensory or actuator data, can be the cause for anomalous ICS behaviors. This poses a threat to the infrastructure that is critical for the operation of a modern city. Nowadays, the best techniques for detecting anomalies in ICSs are based on machine learning and, more recently, deep learning. Cybersecurity in ICSs is still an emerging field, and industrial datasets that can be used to develop anomaly detection techniques are rare. In this paper, we propose an unsupervised deep learning methodology for anomaly detection in ICSs, specifically, a lightweight long short-term memory variational auto-encoder (LW-LSTM-VAE) architecture. We successfully demonstrate our solution under two ICS applications, namely, water purification and water distribution plants. Our proposed method proves to be efficient in detecting anomalies in these applications and improves upon reconstruction-based anomaly detection methods presented in previous work. For example, we successfully detected 82.16% of the anomalies in the scenario of the widely used Secure Water Treatment (SWaT) benchmark. The deep learning architecture we propose has the added advantage of being extremely lightweight.
50
Laczewski, Andrzej, and Krzysztof Kasiński. "Flexible Temperature Control Solution for Integrated Circuits Testing—Silicon Creations Thermal Elephant." Electronics 11, no. 22 (November 16, 2022): 3766. http://dx.doi.org/10.3390/electronics11223766.
Full textAbstract:
Both scientific and industrial applications require temperature stabilization and enforcement for testing purposes. In this study, we present a solution capable of handling socket-based IC test systems enabling packages from QFN up to FCBGA, or even COB solutions. The temperature range covers the full-range industrial temperature range (−40 °C to +125 °C). The extended temperature range of −55 °C to +150 °C is conditionally possible. Solution supports dry-air installation, safety mechanisms and flexible thermal head assemblies. We present the key features and architecture of the solution named “Thermal Elephant” that found applications in the industrial (characterization of the IP hard macros) and scientific applications (radiation imaging ICs).