Ebook: Cybersecurity for Critical Infrastructure Protection via Reflection of Industrial Control Systems
Although cybersecurity is something of a latecomer on the computer science and engineering scene, there are now inclinations to consider cybersecurity a meta-discipline. Unlike traditional information and communication systems, the priority goal of the cybersecurity of cyber-physical systems is the provision of stable and reliable operation for the critical infrastructures of all fundamental societal functions and activities.
This book, Cybersecurity for Critical Infrastructure Protection via Reflection of Industrial Control Systems, presents the 28 papers delivered at the NATO Advanced Research Workshop (ARW) hosted in Baku, Azerbaijan, and held online from 27-29 October 2021. The inspiration and motivation behind the ARW stem from the growth in large-scale cyber attacks, the rising degree of complexity and sophistication of advanced threats, and the need to protect critical infrastructure by promoting and building a resilient system to promote the well-being of all citizens. The workshop covered a wide range of cybersecurity topics, permeating the main ideas, concepts and paradigms behind ICS and blended with applications and practical exercises, with overtones to IoT, IIoT, ICS, artificial intelligence, and machine learning. Areas discussed during the ARW included the cybersecurity of critical infrastructures; its educational and research aspects; vulnerability analysis; ICS/PLC/SCADA test beds and research; intrusion detection, mitigation and prevention; cryptography; digital forensics for ICS/PLCs; Industry 4.0 robustness and trustworthiness; and Cyber Fortress concept infused with practical training.
Investigating theoretical and practical problems involving the security of critical and essential infrastructure of each segment of contemporary societies, the book will be of interest to all those whose work involves cybersecurity.
The Relevance of Cybersecurity>
The omnipresence of the Internet permeates every sector of human activity today. Its inception echoes the nature of many revolutionary technological innovations, conceived via the intellectual vision found in academic communities and government-funded projects blended with potential benefits for various military advancements, particularly at the height of the cold war. The information revolution sparked by the Internet generated numerous information services, which evolved into the critical information infrastructure that is the functional backbone of contemporary society. The sheer enthusiasm for the technology found in academia soon met with multiple technical, societal, and policy-making issues, including internal and external regulations and ethical challenges. Many of these resonating in subjects such as governance, sustainability, resilience, security, and privacy, have become perpetual, as they should considering the two main directions, human and technological, whose values and the need for rational balance must be rediscovered by each generation.
Cyberspace fairly describes the combinatorial complexity and the potential of the Internet and IT technology. Certain sociologists and philosophers have even qualified cyberspace as a Global Commons, a generic and universal agora of exchange for goods, knowledge and people. Moreover, the argument is extended by postulating that cybersecurity is so central and integral in cyberspace that it can be treated as a public good, an idea recently entertained by Tadeo.
It is almost paradoxical that the global network was conceived with very little thought for security concerns. Initially, it was mainly considered to be an exotic innovation by the academia and identified as a possible source of overhead by the industry and public institutions. Indeed, there is a saying that cybersecurity is the foster child of the Internet.
The emergence of various threats (worms and viruses) and vulnerabilities (broken authentication sessions), along with strong indications of the possible involvement of state factors such as the attacks on the public infrastructure in Estonia and Georgia and the mystery of Stuxnet, confirmed the pressing need to address the issue of security questions. In addition, a deluge of new concepts such as omni-surveillance, the dark wood of Tor and other anonymous communication protocols, ransomware, almost intractable cryptography, stolen identities, and corrupted medical records have made the entire online world a potential area of attack.
The work related to security done in 1988 by Steve Bellowin, such as IP spoofing, TCP sequence number prediction and RIP attacks, which were revisited in 2003, opened the door to intensive cybersecurity research. Cyberspace, a man-made artefact, can be both the subject and object of a cyber attack.
The proliferation of cyber threats and cyberattacks against individuals and public and private organisations has been an indication of the gargantuan growth in the volume of cyber activities and the variety of digital services. The motivation behind the attacks is generally financial gain through various criminal activities, ranging from fraud and impersonation to individual and state clandestine deeds, espionage and state-controlled events. Whereas more than a decade ago, North America used to be the main source of miscreant events, these days China and Russia are becoming dominant players, along with the emergence of Brazil and Turkey. As regards external vs internal forces behind the threats and attacks, the former remains dominant. The assistance of insiders, however, still accounts for a formidable chunk of the overall number of wrongdoings. The landscape of the targets is changing and evolving, and the organisations that are always of interest come from the public sector (government), industry and the financial sector.
The cost of all this has been highly detrimental, with a spectrum of values estimated between one and two per cent of annual GDP in most developed counties; the numbers from 2021 indicate the total cost to be about six trillion dollars. In the last ten years, we have seen the rise of a new cybercrime economy. Moreover, the development of the cyber defence strategies and tools necessary to combat the problem could easily be turned around to become the means of cyber offence.
The surge of interest resulted in the establishment of institutions such as centres for fighting cybercrime, and national agencies such as the US DHS, together with regional and global agencies like Europol and Interpol and some associated with NATO and the EU (ENISA). Documents such as US executive orders, NIST standards and guides, and the handbooks of professional organisations such as the IEEE and ACM, along with the standardising bodies, became the order of the day. There was a strong impetus to introduce cybersecurity in academia, and undergraduate and graduate programmes began to emerge, particularly following the joint work of the IEEE and ACM in 2017, along with a stream of calls for projects within the EU framework. There has also been continuous work on international cybersecurity conventions, treaties, planning and the creation of national roadmaps and strategies.
Although a latecomer on the computer science and engineering scene, the discipline of cybersecurity has matured since there have been suggestions that it should be considered a meta-discipline, indicated by the expression of problems in other areas through cybersecurity. In IT, this has been done by finding invariants and trans-domain principles and interfacing with computing and engineering.
Depending on our focus, we often refer to different parts of cyberspace variously as the Internet of Things (IoT), Cyber Physical-Systems (CPS), and the Industrial Internet of Things. It is evident that there are two different sub-systems: the non-kinetic (digital) and the kinetic (analogue). While there are few frontiers in the former, there are many limitations in the latter. This becomes patent when we deal with the security issues related to Industrial Control Systems (ICS) as a subset of IIoT. Since there is extensive overlap and the intensive interplay between IoT, IIoT, and CPS, semantic categorisation and axiomatic differentiation can occasionally become confusing. However, according to Bhattacharjee, the infusion of kinetics or physical systems makes IIoT a superset of cybersecurity since the former includes interaction with the physical or analogue world.
Industrial Control Systems are encompassed by default within IIoT, which is an instance of a cyber-physical system. The key term is control, of phenomena such as processes, which also implies the need for monitoring requiring instrumentation. Controls range from small devices, or parts of largerinstruments, to very large control modules (actually systems) distributed geographically and with rather complex control loops. As a function of scale, we differentiate between supervisory control and data acquisition (SCADA), distributed control systems (DCS), and programmable logic controllers (PLC). Sensors are also required to deal with process variables by measuring their respective values to realise full situational awareness.
The intention is to infuse digital technology and achieve vertical and horizontal integration. This creates a lot of cyber interdependencies, where IT plays a dual role both as an enabler and a troublemaker. Due to security concerns, the attack surface should be made as small as possible. On the other hand, IT wants to make the surface as large as possible (or to increase the number of access points). So, this raises a number of genuine concerns, such as maintaining the integrity of the industrial processes along with the availability – not trivial since it refers to a continuum – making them preferential over the discrete or non-kinetic processes. In addition, a timely response to human reactions and attention to critical alerts is required to avoid significant disruptions and distractions to the system. In extreme cases, this may put humans in harms way. ICS or, in general, Operational Technology (OT) have a long history of isolation, creating too many proprietary protocols that impair the interoperability necessary for integrating OT and IT. The problem is aggravated by the fact that OT components are designed for dependability, durability, and safe use. Prima facie, the priorities are different, so convergence is needed.
Cybersecurity in Baku: An Encore Performance Seasoned with Industrial Control Systems>
In the last two decades, Baku has been a welcoming host to many scientific and educational events addressing various aspects of cybersecurity. Most of these gatherings have been encouraged and supported by different programmes that are part of the NATO spectrum of activities, such as the Science for Peace and Security programme of Advanced Research and Training Workshops (ARW and ATW). One of the first was the NATO Advanced Networking Workshop on Internet security in October 2003.
Many others followed, such as the hands-on Cyber Defence Training course for network sys admins in September 2014, the Advanced Cyber Defence course in September 2018, and the Advanced Cyber Defence Winter school in December 2013. In the meantime, there has been a unique endeavour to provide Internet connectivity for academia in the three countries of the Southern Caucasus and the five countries of Central Asia the so-called Virtual Silk Highway which was also funded by NATO and which served as a genuine enabler project that delivered a taste of global connectivity for many of the participating institutions.
A constant when working on NATO-funded projects with our colleagues in AZ has been their dedication to sustained progress in research and education based on two key factors. The first is the support of national cybersecurity strategies for Industry 4.0 by the president of the Republic of Azerbaijan, Mr Ilham Aliyev, which has been reiterated on many occasions. The second is the work done by the Azerbaijan National Academy of Sciences and its Institute of Information Technology, a real catalyst in many processes that have produced numerous results in information and communication technology, including cybersecurity.
In October 2021,eighteen years after that first ANW on Internet security, we were again discussing cybersecurity at a NATO-funded SPS Programme Advanced Research Workshop. While threats, vulnerabilities, attacks, risks, and protection were on the agenda, the workshop also dealt with critical infrastructures, particularly those necessary for progress towards Industry 4.0, such as the Industrial Control Systems (ICS).
The NATO SPS Advanced Research Workshop on Cybersecurity Critical Infrastructure Protection via Reflection of Industrial Control Systems (ICS) took place from 27–29 October 2021 in Baku, Azerbaijan. The Workshop was organised by the National Centre for Nuclear Research in Poland with NATO-country co-director Dr Jacek Gajewski and the Institute of Information Technology at Azerbaijan National Academy of Sciences with partner-country co-director Professor Rasim Alguliev. When the earliest ideas for the workshop were scrutinised, any premonition of a world pandemic would have looked ludicrous. Later, the shadow of the possible global medical emergency was already on the horizon when the funding application was submitted to the Science for Peace and Security programme. By the time the funding was granted, the Covid19 pandemic was looming and lockdowns had started. It became clear that, at best, we might be talking about a hybrid event, with some small-scale physical presence and the rest done virtually. A few months before the start of the event, it became clear that the workshop would need to be fully online and purely non-kinetic. As already posited, the workshop covered a wide range of cybersecurity topics and themes, permeating the main ideas, concepts and paradigms behind ICS and blended with applications and several practical exercises. Information technology used to be the dominant concern of cybersecurity, which translates to keeping track of the integrity, confidentiality and availability of data, computing, and networking (communication).
The primary function of the OT, which is again a combination of hardware and software, is to detect, monitor and induce changes in the kinetic processes. Amalgamation with IT is necessary for many reasons, such as the need for better management of the distributed control, the inherent uncertainty in the physical world and the errors in reading parameter values, perturbations in the multiple control loops, requirements for expected outcomes or deterministic behaviour, smooth and improved interaction with subsystems for data analysis, and the use of standardised protocols.
The specific topics covered during the Workshop were:
Cybersecurity of critical infrastructures
Cybersecurity education and research – programmes and labs
ICS/PLC/SCADA test beds and research facilities
Intrusion detection, mitigation and prevention
Cryptography and digital forensics for ICS/PLCs
Cybersecurity in Industry 4.0, including UAVs
Cyber Fortress – practical exercises and training.
The motivations behind the ARW originated in (1) the growth in the number of large-scale attacks, (2) the rising degree of complexity and the sophistication of threats, and (3) the need to protect critical infrastructure by building a resilient system for the betterment of the well-being of every citizen of Azerbaijan. Inter alia, the economy of Azerbaijan is highly dependent on the oil industry. Since relations with some of its neighbours are not always amicable, the protection of national infrastructure related to the oil industry, for instance, from any disruptions that may impair the country’s overall economic status, is imperative.
There are frequent reports of cyber attacks on the Internet infrastructure that controls the Baku-Tbilisi-Ceyhan pipeline control system, the ICL systems of the national power grid, and the financial institutions. These reports assess the causes and their dynamic nature, along with the effects of the threats. The plethora of devices that come to the market daily, such as variants of UAVs, has become a major concern for national security. Since Azerbaijan is undergoing nationwide digital transformation and revamping as a national priority, it is crucial that cybersecurity is included by design from the start. Moreover, based on the work done concerning the state of development and the application of ICT, Azerbaijan has initiated and carried out activities to become a premier digital hub connecting Europe with Asia, so issues such as resilience, robustness and even redundancy of the hub are considered as an enhancement of the CI.
There are several objectives for holding the ARW in Azerbaijan. One of these is to recognise the country’s progress in developing a cybersecurity strategy and laying the foundations of Industry 4.0. The second is to boost the initial efforts made by academia to develop relevant undergraduate and graduate programmes related to novel technologies which will accelerate the entire industry in the future.
The ARW was a success despite the modified delivery and the absence of kinetic participation; well attended and with the intensive involvement of many scholars, experts and professionals, along with many senior and junior researchers from Azerbaijan. All the participants found the three-day event highly profitable. The ARW turned out to be a relatively fertile forum for a multilogue about the issues and challenges that stem from cybersecurity and ICS and about the ways to mitigate, predict and eliminate the threats to cyber and physical critical infrastructures. Numerous international contacts have been set up, which may result in concrete plans for joint projects and transform the results of the ARW and the lessons learned into reality.
The presence of DASG Mr James Appathurai and Head of SPS Programme Dr Deniz Beten emphasised the relevance of both the topic and the need for cooperation with the NATO Science for Peace and Security Programme as one of the venues for collaboration among the participants.
The book in front of you is a testament to the mosaic of efforts by many people to organise, present and discuss their knowledge, dilemmas and the challenges they face in preserving secure, safe and resilient cyberspace. A significant number of the articles come from researchers from Azerbaijan and ANAS; it is an additional incentive for the ARW to promote the valuable work done and to encourage further noteworthy accomplishments in the future.
Oliver B. Popov
The article reviews the security issues of cloud-based SCADA (Supervisory Control and Data Acquisition) systems that are widely used in monitoring and management of the oil and gas industry. Recently, extensive research has been conducted regarding the migration of SCADA systems to the cloud infrastructure. Transfer of applications used in the management and control of the SCADA system to cloud servers allows for efficient management of the system, solving resource problems and reducing costs. The article analyzes the advantages of cloud-based SCADA systems. Existing gaps have been identified that could obstruct the security of cloud-based SCADA systems. Security problems and risks in the use of cloud-based SCADA systems were analyzed and suggestions were made to help solve them to some extent.
This article proposes a concept for the development of a system for continuous remote monitoring of the health status of workers employed on offshore oil platforms based on IoT and e-medicine technologies. The concept is based on a person-centered approach to health management, which implies the inclusion of workers themselves as the main component in the management loop. This allows for continuous remote monitoring of vital health indicators of workers with their simultaneous “linking” to the context of the environment. A functional model of the phased implementation of the concept and architecture of a three-level geographically distributed intelligent health management system for workers employed on offshore oil platforms are developed. The IoT network infrastructure, in accordance with the purpose of each system level, is integrated into hierarchically distributed computing platforms: Dew computing, Fog computing and Cloud computing. One of the possible options for the implementation of the system in the context of structural components and computing platforms is proposed.
During operation, yber-physical systems (CPS) are constantly exposed to a wide range of factors that affect their technical condition in different ways. CPS combine a huge number of sensors and actuators to interact with each other and with the environment. The collection and processing of signals from sensors that measure the physical parameters of processes are carried out to identify anomalies and predict the state of the system to ensure its functional safety and optimal functioning. As the interaction in the CPS environment increases, physical systems become more vulnerable to threats. Understanding threats and their consequences, identifying the unique properties of CPS are key trends in ensuring their functional security. The degree of readiness of the CPS to perform the tasks and functions assigned to them essentially depends on the uninterrupted autonomous power supply of the installed sensors.
This study reviews software security, etc. It studies the methods for the analysis of software security. The problems of software protection are identified. The risks for software projects, their management, determination and categories are studied. The article describes the ontology of cybersecurity based on standards. The main concepts related to cybersecurity problem and their relationships are reviewed. It studies basic structure, concept, etc. of intelligent software system to ensure cybersecurity.
The application of Unmanned Aerial Vehicles in various areas created problems in the field of cybersecurity, privacy, safety. Gaps in the security system of UAVs allow them to be easily hijacked. The article analyses the security issues of UAVs, reviews their attacks scenarios, and proposes a fuzzy approach to the automatic selection of effective mechanisms to prevent identified attacks. The Drone Backbone Model has been developed to show the impact of attacks on UAVs at different levels. The Backbone Model allows a numerical assessment of the impact of the attack on the system.
This paper covers a wide range of issues related to the cyber security of unmanned aerial vehicles (UAVs). It highlights the most common attacks which target UAVs. Moreover, it examines and compares the methods for detecting these types of attacks. As a result of the comparison, the advantages and disadvantages of such methods are discussed.
An approach based on a hierarchical hidden Markov model for anomaly detection in industrial control systems is proposed. The signals of the system components are fed to the input of the proposed model. The hidden state is an independent probabilistic model, so each state is also a hidden Markov model. In the proposed model, the detection of anomalies according to the readings of the industrial control system sensors is combined with modeling at the event level. The model has several levels, and the event is modeled at the highest level. The approach is evaluated on a secure water treatment dataset and compared with the results of the previous work, which showed that the proposed model is better in terms of recall and F-measure metrics and amounted to 0.9164 and 0.9563, respectively.
The widespread use of UAVs in both the national and military spheres has made them the focus of industrial organizations. However, the use of drones has seriously affected the violation of the confidentiality of personal data, posed a threat to states, national institutions, nuclear power plants, historical sites. One of the methods to reduce this threat is to detect malicious drones. The paper analyzes the existing methods in the detection of harmful drones and proposes a new approach to their detection.
The concept of smart city is considered as a promising solution to provide effective services to citizens through information and communication technologies. However, the data sensed through various devices when using smart city services poses problems for the security of citizens personal data. To this end, the article analyzes the issues of personal data security in the smart city environment and presents suggestions to solve them to some extent.
The main focus of the cyber-security community has been to make operating systems and communication networks more secure and harder for attackers to penetrate. The most frequently used web application and user web pages are today developed with the Web Content Management System (WCMS), as it allows user-friendly access, easy development and operation. Any malware that can penetrate the WCMS can significantly affect the system itself and the service the web pages offer. This paper presents the approach for identifying the vulnerabilities of the majority of Internet sites with WCMS applications and the remedies to be applied with use of an automated, fast and dynamic vulnerability detection tool. The state of the web sites vulnerability in Europe and the impact factors that influence the vulnerability to be present are presented and discussed.
The article examines the formation of cyber-physical systems in Azerbaijan and some topical problems of their complex security. Moreover, the article highlights the features and problems of digital transformation of state institutions effected by cyber-physical systems. It classifies the main pillars of cyber-physical systems (algorithmic security, resistance to denials, power supply security, artificial intelligence security, functional reliability, structural reliability, adaptability, human factor). The need to improve the network and communication infrastructure is justified. The ways to develop the field of Soft Engineering for the regular operation of cyber-physical systems at the national level, to solve some issues related to chip supply, protection of personal data, existing legal problems, and certain personnel are shown. Correspondingly, the main research trends in the field of cyber-physical systems are identified.
The production of quantum computers with fast processing power and practical use will adversely affect the foundations of secure communication, especially for public-key cryptosystems (PKCs). Potential problems and solution scenarios are created early to design quantum-resistant PKCs. In this paper, the emergence of the concept of post-quantum cryptography (PQC) and early precautionary actions are explained. In addition, cryptosystem families that are known/believed to be secure in the presence of quantum computers are discussed. Based on these classes, the selected encryption/key encapsulation (KEM) and signature schemes of the NIST PQC process are expressed. Finally, some open problems for the post-quantum era are summarized.
As part of R&D programs of Framatome GmbH since 2015 many Cybersecurity PhD candidates, Bachelor and Master thesis students have contributed to technical topics from the nuclear cybersecurity domain. The subsequent sections will provide an overview about cybersecurity in the nuclear context, the different PhD, Master/Bachelor thesis programs, involvement in national and international cybersecurity R&D, cybersecurity laboratories and a summary and outlook on future challenges.
With the increasing advent of smart buildings and smart cities, the use of Operational Technology (OT) and Industrial control systems (ICSs) has been rising. Recent trends of cyber attacks on OT demand more attention for forensic and security analysis of such environments. As such in this paper, we examine a widely used PLC, the Beckhoff CX9020 PLC from a digital forensic perspective. First, we configure the PLC to log as much activity as possible using the available options. Next, we test a set of basic cyber attacks on the PLC. Finally, we devise forensic acquisition and analysis of the system.
Cyber-physical infrastructures in industrial control systems, including critical infrastructure and manufacturing, heavily on cyber-physical infrastructures and embedded devices. As industrial control systems become more complex and network-centric, physical infrastructure becomes increasingly dispersed and vulnerable. In rapid growth within the competitive technology, we have seen an expressive increase in information security vulnerabilities against such systems, ranging from simple hacking tools to new generation intelligent attacks. With the growing reliance on industrial control networks and, of course, the growing number of attacks, the lack of cyber-security monitoring and forensic analysis of security incidents. Cyber-forensic analysis of ICS/SCADA systems is unlike standard forensic analysis of enterprise computer systems, the cyber-forensic specialist often has to be an expert in cyber-physical infrastructures systems, networks, and devices to determine where potential forensic evidence may be located. This paper discusses ICS/SCADA, typical attacks and vulnerabilities, problems with forensic analysis, and the development of forensic methodology/tools for such systems.
Cybercrime as an activity and as an industry has been a part of the digital electronic landscape from the beginning of the computer era. This paper discusses aspects of the growth, evolution and current state of cybercrime and our response to it. Special considerations are discussed that relate to cybersecurity in industrial control environments.
The development of technologies, the use of technologies in different interrelated areas such as smart cities, IOT platforms as well as new realities that global pandemic brought with it requires new approach to Cybersecurity of Critical Information Infrastructures. All this interrelations that almost made all critical information infrastructures to work as a whole body as well as pandemic challenges brought new cyber realities in securing and managing networks in critical information infrastructures. And this reality brought a new risks which haven’t measured and considered before. Taking into account all new realities, critical information infrastructures, their identification and evaluation models, security issues of these infrastructures, as well as the segregation of critical infrastructures by degree of importance requiring a comprehensive and new approach. The article describes the importance of consideration the interrelations as well as pandemic realities for the governance of Cybersecurity in CII.
The popularity of e-education has been growing in recent years. Because of it, the problem of ensuring its security arises, which must be carried out using security methods and internationally recognized standards. This article identifies various problems of personal data security in e-education and proposes solutions to ensure the protection of educational information.
Acoustic noise pollution is currently a global environmental problem. Many citizens are interested in the following question: what is the level of noise pollution where I live, work, or travel? Does it meet standards? How to provide noise protection created by the development of cyber-physical systems? An ordinary citizen cannot monitor noise by standard methods. This process is complicated, and the required equipment is expensive. However, modern mobile phones’ computing, communication, and sensory functions allow monitoring. To do this, they need simple and straightforward methodologies. The article proposes a simple monitoring methodology. Several experiments are being carried out.
It is supposed to consider the conceptual issues of the reconstruction of science as a corporate environment of Science 4.0 based on the key technologies of Industry 4.0 – Internet of Things, Cyber-Physical Systems, Artificial Intelligence, Cloud computing, Big Data analytics and other Smart solutions. eScience is considered to be the technological base of Science 4.0. Complex security problems and their solution mechanisms are investigated within Science 4.0.
In order to solve the problem posed in the article, the characteristics of Industry 4.0 (Fourth Industrial Revolution) are considered. In addition, the possibility of threats to the data security of an electronic demographic (e-demographic) decision support system (DSS) from intruders in the context of Industry 4.0 is considered, due to the attack risks for them is very high. It is found out that the damage to these data will affect the decision-making in the field of demography, and, consequently, on the course of demographic processes in the region. Solution ways of arisen problems are indicated.
The article analyzes the history of the evolution of society and the internet socio-technological problems of the networked society are investigated.
Artificial intelligence plays a special role in new technologies used to develop advertising and marketing. The article discusses the use of artificial intelligence in the field of advertising, the principle of their work, the processes of applying new technologies in this area. In preparing the article, a scientific analysis of the problems on the topic, their solutions, generalization of the results and methods of a systematic approach were used.
Errors and vulnerabilities in software are analyzed and problems of their detection are considered. Existing modern methods of vulnerability detection using artificial intelligence technologies are studied. In addition to detecting these cybersecurity vulnerabilities in a timely manner, it specifies the correct choice of software development technologies, methods and operating conditions to prevent them.