scholarly journals Demystifying Advanced Persistent Threats for Industrial Control Systems

2017 ◽  
Vol 139 (03) ◽  
pp. S13-S17 ◽  
Author(s):  
Anastasis Keliris ◽  
Michail Maniatakos
Keyword(s):  
Best Practices ◽  
Control Systems ◽  
Defense Mechanisms ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Advanced Persistent Threat ◽  
Continuous Type ◽  
Defensive Strategies ◽  
Advanced Persistent Threats ◽  
High Level

This article discusses a comprehensive methodology for designing an Advanced Persistent Threat (APT), which is a stealthy and continuous type of cyberattack with a high level of sophistication suitable for the complex environment of Industrial Control Systems (ICS). The article also explains defensive strategies that can assist in thwarting cyberattacks. The APT design process begins with Reconnaissance, which is continuously undertaken throughout the lifetime of a cyberattack campaign. With regard to securing the network infrastructure of an ICS, best practices for network security should be enforced. These could include the use of firewalls, Intrusion Detection or Prevention Systems (IDS/IPS), and network separation between corporate and field networks. A new field of research for securing ICS relates to process-aware defense mechanisms. These mechanisms analyze information directly from the field and try to detect anomalies specific to the physical characteristics of an ICS process.

scholarly journals MODELING AND VALIDATING A SECURE INTERCONNECTION BETWEEN INDUSTRIAL CONTROL SYSTEM AND CORPORATE NETWORK USING COLORED PETRI NET

2020 ◽  
Vol 12 (2) ◽  
pp. 45-61
Author(s):  
Adriano Borrego ◽  
Adilson Eduardo Guelfi ◽  
Anderson Aparecido Alves da Silva ◽  
Marcelo Teixeira de Azevedo ◽  
Norisvaldo Ferraz Jr ◽  
...  
Keyword(s):  
Best Practices ◽  
Control Systems ◽  
Process Improvement ◽  
Proof Of Concept ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Corporate Networks ◽  
Level Of Automation ◽  
Corporate Network ◽  
High Level

Industrial Control Systems (ICS) networks offer a high level of automation combined with high levels of control, quality,and process improvement. Since network corporate users have to access the ICS environment, these networks have to be interconnected. However, this interconnection can introduce risks to the systems and manufacturing processes, which leads to the need to ensure the interconnection is done safely. The objective of this paper is to perform modeling and validation of a proposed secure interconnection between ICS and corporate networks using Colored Petri Networks (CPN). In addition to the best practices published in related works, this paper recommends some integrated features like the use of terminal server service, secure manual uplinks, and unidirectional security gatewayto enhance environmental security. However, our main contribution is the validation process performed in a CPN, which made it possible to execute queries in the state space resulting from the simulation -that works as a proof of concept. As a result, thepaper presents a secure and validated model of interconnection between ICS and corporate networks, capable of being applied to any interconnection environment

scholarly journals USBCaptchaIn: Preventing (un)conventional attacks from promiscuously used USB devices in industrial control systems1

2020 ◽  
pp. 1-26
Author(s):  
Federico Griscioli ◽  
Maurizio Pizzonia
Keyword(s):  
Control Systems ◽  
Industrial Control ◽  
Security Risks ◽  
Human Errors ◽  
Industrial Control Systems ◽  
High Profile ◽  
Advanced Persistent Threats ◽  
Informal Feedback ◽  
Main Component ◽  
Critical Machines

Industrial Control Systems (ICS) are sensible targets for high profile attackers and advanced persistent threats, which are known to exploit USB thumb drives as an effective spreading vector. In ICSes, thumb drives are widely used to transfer files among disconnected systems and represent a serious security risks, since, they may be promiscuously used in both critical and regular systems. The threats come both from malware hidden in files stored in the thumb drives and from BadUSB attacks. BadUSB leverages the modification of firmware of USB devices in order to mimic the behaviour of a keyboard and send malicious commands to the host. We present a solution that allows a promiscuous use of USB thumbs drives while protecting critical machines from malware, that spreads by regular file infection or by firmware infection. The main component of the architecture we propose is an hardware, called USBCaptchaIn, intended to be in the middle between critical machines and connected USB devices. We do not require users to change the way they use thumb drives. To avoid human-errors, we do not require users to take any decision. The proposed approach is highly compatible with already deployed products of a ICS environment and proactively blocks malware before they reach their targets. We describe our solution, provide a thorough analysis of the security of our approach in the ICS context, and report the informal feedback of some experts regarding our first prototypes.

scholarly journals Application Perspective on Cybersecurity Testbed for Industrial Control Systems

Sensors ◽  
2021 ◽  
Vol 21 (23) ◽  
pp. 8119
Author(s):  
Ondrej Pospisil ◽  
Petr Blazek ◽  
Karel Kuchar ◽  
Radek Fujdiak ◽  
Jiri Misurec
Keyword(s):  
Best Practices ◽  
Research And Development ◽  
Control Systems ◽  
Information Technologies ◽  
Lessons Learned ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Detection Systems ◽  
Physical Laboratory ◽  
New Challenges

In recent years, the Industry 4.0 paradigm has accelerated the digitalization process of the industry, and it slowly diminishes the line between information technologies (IT) and operational technologies (OT). Among the advantages, this brings up the convergence issue between IT and OT, especially in the cybersecurity-related topics, including new attack vectors, threats, security imperfections, and much more. This cause raised new topics for methods focused on protecting the industrial infrastructure, including monitoring and detection systems, which should help overcome these new challenges. However, those methods require high quality and a large number of datasets with different conditions to adapt to the specific systems effectively. Unfortunately, revealing field factory setups and infrastructure would be costly and challenging due to the privacy and sensitivity causes. From the lack of data emerges the new topic of industrial testbeds, including sub-real physical laboratory environments, virtual factories, honeynets, honeypots, and other areas, which helps to deliver sufficient datasets for mentioned research and development. This paper summarizes related works in the area of industrial testbeds. Moreover, it describes best practices and lessons learned for assembling physical, simulated, virtual, and hybrid testbeds. Additionally, a comparison of the essential parameters of those testbeds is presented. Finally, the findings and provided information reveal research and development challenges, which must be surpassed.

scholarly journals Cybersecurity Challenges in Industry: Measuring the Challenge Solve Time to Inform Future Challenges

Information ◽  
2020 ◽  
Vol 11 (11) ◽  
pp. 533
Author(s):  
Tiago Espinha Gasiba ◽  
Ulrike Lechner ◽  
Maria Pinto-Albuquerque
Keyword(s):  
Best Practices ◽  
Control Systems ◽  
Software Quality ◽  
Industrial Control ◽  
Software Developers ◽  
Industrial Control Systems ◽  
Secure Coding ◽  
Future Challenges ◽  
Industrial Software ◽  
Coding Guidelines

Cybersecurity vulnerabilities in industrial control systems have been steadily increasing over the last few years. One possible way to address this issue is through raising the awareness (through education) of software developers, with the intent to increase software quality and reduce the number of vulnerabilities. CyberSecurity Challenges (CSCs) are a novel serious game genre that aims to raise industrial software developers’ awareness of secure coding, secure coding guidelines, and secure coding best practices. An important industry-specific requirement to consider in designing these kinds of games is related to the whole event’s duration and how much time it takes to solve each challenge individually—the challenge solve time. In this work, we present two different methods to compute the challenge solve time: one method based on data collected from the CSC dashboard and another method based on a challenge heartbeat. The results obtained by both methods are presented; both methods are compared to each other, and the advantages and limitations of each method are discussed. Furthermore, we introduce the notion of a player profile, which is derived from dashboard data. Our results and contributions aim to establish a method to measure the challenge solve time, inform the design of future challenges, and improve coaching during CSC gameplay.

scholarly journals Situation awareness framework for industrial control system based on cyber kill chain

2021 ◽  
Vol 336 ◽  
pp. 02013
Author(s):  
Yufei Wang ◽  
Tengbiao Zhang ◽  
Qian Ye
Keyword(s):  
Control System ◽  
Control Systems ◽  
Situation Awareness ◽  
Cyber Security ◽  
Reference Architecture ◽  
Industrial Control System ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
High Level ◽  
Cyber Kill Chain

Information and cyber security of Industrial Control Systems (ICS) has gained considerable importance. Situation Awareness (SA) is an exciting mechanism to achieve the perception, comprehension and projection of the ICS information security status. Based on the Purdue Enterprise Reference Architecture (PERA), a situation awareness framework for ICS is presented considering the ICS cyber kill chain. The proposed framework consists of IT SA Centre, OT SA Centre, and Comprehensive SA Centre. Comprehensive SA Centre is responsible for creating and maintaining an integrated and high level of security visibility into the whole environments. The introduced framework can be used to guide the development of the situation awareness infrastructure in organization with industrial control systems.

scholarly journals Machine learning for intrusion detection in industrial control systems: challenges and lessons from experimental evaluation

Cybersecurity ◽  
2021 ◽  
Vol 4 (1) ◽  
Author(s):  
Gauthama Raman M. R. ◽  
Chuadhry Mujeeb Ahmed ◽  
Aditya Mathur
Keyword(s):  
Machine Learning ◽  
Control Systems ◽  
Defense Mechanisms ◽  
Control Strategies ◽  
Lessons Learned ◽  
Machine Learning Algorithms ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Dynamics And Control ◽  
Using Data

AbstractGradual increase in the number of successful attacks against Industrial Control Systems (ICS) has led to an urgent need to create defense mechanisms for accurate and timely detection of the resulting process anomalies. Towards this end, a class of anomaly detectors, created using data-centric approaches, are gaining attention. Using machine learning algorithms such approaches can automatically learn the process dynamics and control strategies deployed in an ICS. The use of these approaches leads to relatively easier and faster creation of anomaly detectors compared to the use of design-centric approaches that are based on plant physics and design. Despite the advantages, there exist significant challenges and implementation issues in the creation and deployment of detectors generated using machine learning for city-scale plants. In this work, we enumerate and discuss such challenges. Also presented is a series of lessons learned in our attempt to meet these challenges in an operational plant.

Sign in / Sign up

Export Citation Format

Share Document