Challenges in Securing Industrial Control Systems Using Future Internet Technologies

This chapter explores challenges in securing industrial control systems (ICS) and Supervisory Control And Data Acquisition (SCADA) systems using Future Internet technologies. These technologies include cloud computing, fog computing, Industrial internet of things (IIoT), etc. The need to design specific security solutions for ICS/SCADA networks is explained. A brief overview of cyber vulnerabilities and threats in industrial control networks, cloud, and IoT environments is presented. The security of cloud-based SCADA systems is considered, including benefits and risks of SCADA migration to the cloud, challenges in securing such systems, and migration toward fog computing. Challenges in securing IIoT are addressed, including security risks and operational issues, key principles for securing IIoT, the functional security architecture, and the role of fog computing. Authors point out current standardization activities and trends in the area, and emphasize conclusions and future research directions.

Autoencoder Based Anomaly Detection for SCADA Networks

Supervisory control and data acquisition (SCADA) systems are industrial control systems that are used to monitor critical infrastructures such as airports, transport, health, and public services of national importance. These are cyber physical systems, which are increasingly integrated with networks and internet of things devices. However, this results in a larger attack surface for cyber threats, making it important to identify and thwart cyber-attacks by detecting anomalous network traffic patterns. Compared to other techniques, as well as detecting known attack patterns, machine learning can also detect new and evolving threats. Autoencoders are a type of neural network that generates a compressed representation of its input data and through reconstruction loss of inputs can help identify anomalous data. This paper proposes the use of autoencoders for unsupervised anomaly-based intrusion detection using an appropriate differentiating threshold from the loss distribution and demonstrate improvements in results compared to other techniques for SCADA gas pipeline dataset.

Modeling Networked Telemetry

This paper presents the modeling of the networks supporting today’s telemetry. The incorporation of networking features has significantly enhanced the capability and performance of modern telemetry systems. The development of Integrated Network-Enhanced Telemetry protocols and the use of networked telemetry applications has introduced a host of potential cybersecurity risks inherent in modern networking. This paper will investigate how telemetry applications are uniquely structured with wide-, local-, and micro-area networks that represent modern telemetry solutions. The development of these models and the traffic on these networks will enable analysis into the unique threats and vulnerabilities of telemetry networks. The core of this paper is the notion that telemetry networks are unique, and modeling these networks is key to the current work. The core premise of this paper is also that telemetry networks look and function like Supervisory Command and Data Acquisition (SCADA) networks. By digging deeply into both of these structures, we have shown here that SCADA architectures can be adapted to telemetry networks. This approach opens the door to a wealth of analysis, strategies, and solutions for telemetry networks that are well developed in the SCADA realm.

A Comparative Analysis of Emulated and Real IEC-104 Spontaneous Traffic in Power System Networks

Supervisory and Data Acquisition (SCADA) systems control and monitor modern power networks. As attacks targeting SCADA systems are increasing, significant research is conducted to defend SCADA networks including variations of anomaly detection. Due to the sensitivity of real data, many defence mechanisms have been tested only in small testbeds or emulated traffic that were designed with assumptions on how SCADA systems behave. This work provides a timing characterization of IEC-104 spontaneous traffic and compares the results from emulated traffic and real traffic to verify if the network characteristics appearing in testbeds and emulated traffic coincide with real traffic. Among three verified characteristics, two of them appear in the real dataset but in a less regular way, and one does not appear in the collected real data. The insights from these observations are discussed in terms of presumed differences between emulated and real traffic and how those differences are generated.