SCADA and DCS Security Vulnerabilities and Counter Measures for Engineers, Technicians, and IT Staff

Artificial Intelligence (AI) has emerged as a breakthrough technology which is astonishingly impressive. Major world powers are rapidly integrating AI in their military doctrines. This trend of militarization of AI can be seen in the South Asian region as well. Following the theoretical approach of offensive realism, China and India are in full swing to revolutionize their militaries with this emerging trend in order to accumulate maximum power and to satisfy their various interests. Consequently, Indian military modernization has the potential to provoke Pakistan to take counter measures. Pakistan is already encountering a number of challenges in economic sector and will face the strenuous task of accommodating a handsome financial share for the development of its AI capabilities. South Asia is a very turbulent region characterized by arch rivals who are also nuclear powers and have repeatedly indulged in various crises over the years. Introduction of AI in South Asia will have significant repercussions as it will trigger an arms race and at the same time disturb the strategic balance in the region.

Download Full-text

Clinical Cybersecurity Training Through Novel High Fidelity Simulations (Preprint)

10.2196/preprints.9853 ◽

2018 ◽

Author(s):

Christian Dameff ◽

Jordan Selzer ◽

Jonathan Fisher ◽

James Killeen ◽

Jeffrey Tully

Keyword(s):

Patient Safety ◽

Patient Care ◽

Medical Devices ◽

Healthcare Systems ◽

High Fidelity ◽

Protected Health Information ◽

Patient Harm ◽

Security Vulnerabilities ◽

Clinical Simulations ◽

Medical Infrastructure

BACKGROUND Cybersecurity risks in healthcare systems have traditionally been measured in data breaches of protected health information but compromised medical devices and critical medical infrastructure raises questions about the risks of disrupted patient care. The increasing prevalence of these connected medical devices and systems implies that these risks are growing. OBJECTIVE This paper details the development and execution of three novel high fidelity clinical simulations designed to teach clinicians to recognize, treat, and prevent patient harm from vulnerable medical devices. METHODS Clinical simulations were developed which incorporated patient care scenarios with hacked medical devices based on previously researched security vulnerabilities. RESULTS Clinician participants universally failed to recognize the etiology of their patient’s pathology as being the result of a compromised device. CONCLUSIONS Simulation can be a useful tool in educating clinicians in this new, critically important patient safety space.

Download Full-text

Hardware Information Flow Tracking

ACM Computing Surveys ◽

10.1145/3447867 ◽

2021 ◽

Vol 54 (4) ◽

pp. 1-39

Author(s):

Wei Hu ◽

Armaiti Ardeshiricham ◽

Ryan Kastner

Keyword(s):

Access Control ◽

Computer Security ◽

Information Flow ◽

Hardware Security ◽

Computing System ◽

Security Vulnerabilities ◽

Information Flow Tracking ◽

Side Channels ◽

Security Properties ◽

Tools And Techniques

Information flow tracking (IFT) is a fundamental computer security technique used to understand how information moves through a computing system. Hardware IFT techniques specifically target security vulnerabilities related to the design, verification, testing, manufacturing, and deployment of hardware circuits. Hardware IFT can detect unintentional design flaws, malicious circuit modifications, timing side channels, access control violations, and other insecure hardware behaviors. This article surveys the area of hardware IFT. We start with a discussion on the basics of IFT, whose foundations were introduced by Denning in the 1970s. Building upon this, we develop a taxonomy for hardware IFT. We use this to classify and differentiate hardware IFT tools and techniques. Finally, we discuss the challenges yet to be resolved. The survey shows that hardware IFT provides a powerful technique for identifying hardware security vulnerabilities, as well as verifying and enforcing hardware security properties.

Download Full-text

Security Threat Analyses and Attack Models for Approximate Computing Systems

ACM Transactions on Design Automation of Electronic Systems ◽

10.1145/3442380 ◽

2021 ◽

Vol 26 (4) ◽

pp. 1-31

Author(s):

Pruthvy Yellu ◽

Landon Buell ◽

Miguel Mark ◽

Michel A. Kinsy ◽

Dongpeng Xu ◽

...

Keyword(s):

Error Resilience ◽

Security Threats ◽

Approximate Computing ◽

Security Threat ◽

Security Vulnerabilities ◽

Computing Systems ◽

Quantitative Analyses ◽

Resilience Mechanisms ◽

The Impact ◽

Attack Models

Approximate computing (AC) represents a paradigm shift from conventional precise processing to inexact computation but still satisfying the system requirement on accuracy. The rapid progress on the development of diverse AC techniques allows us to apply approximate computing to many computation-intensive applications. However, the utilization of AC techniques could bring in new unique security threats to computing systems. This work does a survey on existing circuit-, architecture-, and compiler-level approximate mechanisms/algorithms, with special emphasis on potential security vulnerabilities. Qualitative and quantitative analyses are performed to assess the impact of the new security threats on AC systems. Moreover, this work proposes four unique visionary attack models, which systematically cover the attacks that build covert channels, compensate approximation errors, terminate normal error resilience mechanisms, and propagate additional errors. To thwart those attacks, this work further offers the guideline of countermeasure designs. Several case studies are provided to illustrate the implementation of the suggested countermeasures.

Download Full-text

Automatic Vulnerability Detection in Embedded Devices and Firmware

ACM Computing Surveys ◽

10.1145/3432893 ◽

2021 ◽

Vol 54 (2) ◽

pp. 1-42

Author(s):

Abdullah Qasem ◽

Paria Shirani ◽

Mourad Debbabi ◽

Lingyu Wang ◽

Bernard Lebel ◽

...

Keyword(s):

Embedded Systems ◽

Symbolic Execution ◽

Vital Role ◽

Security And Privacy ◽

Embedded Devices ◽

Security Vulnerabilities ◽

Future Directions ◽

Hybrid Approaches ◽

Wide Range ◽

The Internet Of Things

In the era of the internet of things (IoT), software-enabled inter-connected devices are of paramount importance. The embedded systems are very frequently used in both security and privacy-sensitive applications. However, the underlying software (a.k.a. firmware) very often suffers from a wide range of security vulnerabilities, mainly due to their outdated systems or reusing existing vulnerable libraries; which is evident by the surprising rise in the number of attacks against embedded systems. Therefore, to protect those embedded systems, detecting the presence of vulnerabilities in the large pool of embedded devices and their firmware plays a vital role. To this end, there exist several approaches to identify and trigger potential vulnerabilities within deployed embedded systems firmware. In this survey, we provide a comprehensive review of the state-of-the-art proposals, which detect vulnerabilities in embedded systems and firmware images by employing various analysis techniques, including static analysis, dynamic analysis, symbolic execution, and hybrid approaches. Furthermore, we perform both quantitative and qualitative comparisons among the surveyed approaches. Moreover, we devise taxonomies based on the applications of those approaches, the features used in the literature, and the type of the analysis. Finally, we identify the unresolved challenges and discuss possible future directions in this field of research.

Download Full-text

A Robot Operating System Framework for Secure UAV Communications

Sensors ◽

10.3390/s21041369 ◽

2021 ◽

Vol 21 (4) ◽

pp. 1369

Author(s):

Hyojun Lee ◽

Jiyoung Yoon ◽

Min-Seong Jang ◽

Kyung-Joon Park

Keyword(s):

Operating System ◽

Unmanned Aerial Vehicles ◽

Ground Control ◽

Unmanned Aerial System ◽

Security Framework ◽

Security Vulnerabilities ◽

Robot Operating System ◽

Security Issues ◽

Aerial Vehicles ◽

Ground Control Station

To perform advanced operations with unmanned aerial vehicles (UAVs), it is crucial that components other than the existing ones such as flight controller, network devices, and ground control station (GCS) are also used. The inevitable addition of hardware and software to accomplish UAV operations may lead to security vulnerabilities through various vectors. Hence, we propose a security framework in this study to improve the security of an unmanned aerial system (UAS). The proposed framework operates in the robot operating system (ROS) and is designed to focus on several perspectives, such as overhead arising from additional security elements and security issues essential for flight missions. The UAS is operated in a nonnative and native ROS environment. The performance of the proposed framework in both environments is verified through experiments.

Download Full-text

Security of Blockchain-Based Supply Chain Management Systems: Challenges and Opportunities

Applied Sciences ◽

10.3390/app11125585 ◽

2021 ◽

Vol 11 (12) ◽

pp. 5585

Author(s):

Sana Al-Farsi ◽

Muhammad Mazhar Rathore ◽

Spiros Bakiras

Keyword(s):

Supply Chain ◽

Supply Chain Management ◽

Information Exchange ◽

Cyber Attacks ◽

Management Systems ◽

Chain Management ◽

Counter Measures ◽

Starting Point ◽

Challenges And Opportunities ◽

Unique Approach

Blockchain is a revolutionary technology that is being used in many applications, including supply chain management. Although, the primary motive of using a blockchain for supply chain management is to reduce the overall production cost while providing the comprehensive security to the system. However, current blockchain-based supply-chain management (BC-SCM) systems still hold the possibility of cyber attacks. Therefore, the goal of this study is to investigate practical threats and vulnerabilities in the design of BC-SCM systems. As a starting point, we first establish key requirements for the reliability and security of supply chain management systems, i.e., transparency, privacy and traceability, and then discern a threat model that includes two distinctive but practical threats including computational (i.e., the ones that threaten the functionality of the application) and communication (i.e., the ones that threaten information exchange among interconnected services of the application). For investigation, we follow a unique approach based on the hypothesis that reliability is pre-requisite of security and identify the threats considering (i) design of smart contracts and associated supply chain management applications, (ii) underlying blockchain execution environment and (iii) trust between all interconnected supply management services. Moreover, we consider both academic and industry solutions to identify the threats. We identify several challenges that hinder to establish reliability and security of the BC-SCM systems. Importantly, we also highlight research gaps that can help to establish desired security of the BC-SCM. To the best of our knowledge, this paper is the first effort that identifies practical threats to blockchain-based supply chain management systems and provides their counter measures. Finally, this work establishes foundation for future investigation towards practical security of BC-SCM system.

Download Full-text