The Relevance of Cybersecurity>
The omnipresence of the Internet permeates every sector of human activity today. Its inception echoes the nature of many revolutionary technological innovations, conceived via the intellectual vision found in academic communities and government-funded projects blended with potential benefits for various military advancements, particularly at the height of the cold war. The information revolution sparked by the Internet generated numerous information services, which evolved into the critical information infrastructure that is the functional backbone of contemporary society. The sheer enthusiasm for the technology found in academia soon met with multiple technical, societal, and policy-making issues, including internal and external regulations and ethical challenges. Many of these resonating in subjects such as governance, sustainability, resilience, security, and privacy, have become perpetual, as they should considering the two main directions, human and technological, whose values and the need for rational balance must be rediscovered by each generation.
Cyberspace fairly describes the combinatorial complexity and the potential of the Internet and IT technology. Certain sociologists and philosophers have even qualified cyberspace as a Global Commons, a generic and universal agora of exchange for goods, knowledge and people. Moreover, the argument is extended by postulating that cybersecurity is so central and integral in cyberspace that it can be treated as a public good, an idea recently entertained by Tadeo.
It is almost paradoxical that the global network was conceived with very little thought for security concerns. Initially, it was mainly considered to be an exotic innovation by the academia and identified as a possible source of overhead by the industry and public institutions. Indeed, there is a saying that cybersecurity is the foster child of the Internet.
The emergence of various threats (worms and viruses) and vulnerabilities (broken authentication sessions), along with strong indications of the possible involvement of state factors such as the attacks on the public infrastructure in Estonia and Georgia and the mystery of Stuxnet, confirmed the pressing need to address the issue of security questions. In addition, a deluge of new concepts such as omni-surveillance, the dark wood of Tor and other anonymous communication protocols, ransomware, almost intractable cryptography, stolen identities, and corrupted medical records have made the entire online world a potential area of attack.
The work related to security done in 1988 by Steve Bellowin, such as IP spoofing, TCP sequence number prediction and RIP attacks, which were revisited in 2003, opened the door to intensive cybersecurity research. Cyberspace, a man-made artefact, can be both the subject and object of a cyber attack.
The proliferation of cyber threats and cyberattacks against individuals and public and private organisations has been an indication of the gargantuan growth in the volume of cyber activities and the variety of digital services. The motivation behind the attacks is generally financial gain through various criminal activities, ranging from fraud and impersonation to individual and state clandestine deeds, espionage and state-controlled events. Whereas more than a decade ago, North America used to be the main source of miscreant events, these days China and Russia are becoming dominant players, along with the emergence of Brazil and Turkey. As regards external vs internal forces behind the threats and attacks, the former remains dominant. The assistance of insiders, however, still accounts for a formidable chunk of the overall number of wrongdoings. The landscape of the targets is changing and evolving, and the organisations that are always of interest come from the public sector (government), industry and the financial sector.
The cost of all this has been highly detrimental, with a spectrum of values estimated between one and two per cent of annual GDP in most developed counties; the numbers from 2021 indicate the total cost to be about six trillion dollars. In the last ten years, we have seen the rise of a new cybercrime economy. Moreover, the development of the cyber defence strategies and tools necessary to combat the problem could easily be turned around to become the means of cyber offence.
The surge of interest resulted in the establishment of institutions such as centres for fighting cybercrime, and national agencies such as the US DHS, together with regional and global agencies like Europol and Interpol and some associated with NATO and the EU (ENISA). Documents such as US executive orders, NIST standards and guides, and the handbooks of professional organisations such as the IEEE and ACM, along with the standardising bodies, became the order of the day. There was a strong impetus to introduce cybersecurity in academia, and undergraduate and graduate programmes began to emerge, particularly following the joint work of the IEEE and ACM in 2017, along with a stream of calls for projects within the EU framework. There has also been continuous work on international cybersecurity conventions, treaties, planning and the creation of national roadmaps and strategies.
Although a latecomer on the computer science and engineering scene, the discipline of cybersecurity has matured since there have been suggestions that it should be considered a meta-discipline, indicated by the expression of problems in other areas through cybersecurity. In IT, this has been done by finding invariants and trans-domain principles and interfacing with computing and engineering.
Depending on our focus, we often refer to different parts of cyberspace variously as the Internet of Things (IoT), Cyber Physical-Systems (CPS), and the Industrial Internet of Things. It is evident that there are two different sub-systems: the non-kinetic (digital) and the kinetic (analogue). While there are few frontiers in the former, there are many limitations in the latter. This becomes patent when we deal with the security issues related to Industrial Control Systems (ICS) as a subset of IIoT. Since there is extensive overlap and the intensive interplay between IoT, IIoT, and CPS, semantic categorisation and axiomatic differentiation can occasionally become confusing. However, according to Bhattacharjee, the infusion of kinetics or physical systems makes IIoT a superset of cybersecurity since the former includes interaction with the physical or analogue world.
Industrial Control Systems are encompassed by default within IIoT, which is an instance of a cyber-physical system. The key term is control, of phenomena such as processes, which also implies the need for monitoring requiring instrumentation. Controls range from small devices, or parts of largerinstruments, to very large control modules (actually systems) distributed geographically and with rather complex control loops. As a function of scale, we differentiate between supervisory control and data acquisition (SCADA), distributed control systems (DCS), and programmable logic controllers (PLC). Sensors are also required to deal with process variables by measuring their respective values to realise full situational awareness.
The intention is to infuse digital technology and achieve vertical and horizontal integration. This creates a lot of cyber interdependencies, where IT plays a dual role both as an enabler and a troublemaker. Due to security concerns, the attack surface should be made as small as possible. On the other hand, IT wants to make the surface as large as possible (or to increase the number of access points). So, this raises a number of genuine concerns, such as maintaining the integrity of the industrial processes along with the availability – not trivial since it refers to a continuum – making them preferential over the discrete or non-kinetic processes. In addition, a timely response to human reactions and attention to critical alerts is required to avoid significant disruptions and distractions to the system. In extreme cases, this may put humans in harms way. ICS or, in general, Operational Technology (OT) have a long history of isolation, creating too many proprietary protocols that impair the interoperability necessary for integrating OT and IT. The problem is aggravated by the fact that OT components are designed for dependability, durability, and safe use. Prima facie, the priorities are different, so convergence is needed.
Cybersecurity in Baku: An Encore Performance Seasoned with Industrial Control Systems>
In the last two decades, Baku has been a welcoming host to many scientific and educational events addressing various aspects of cybersecurity. Most of these gatherings have been encouraged and supported by different programmes that are part of the NATO spectrum of activities, such as the Science for Peace and Security programme of Advanced Research and Training Workshops (ARW and ATW). One of the first was the NATO Advanced Networking Workshop on Internet security in October 2003.
Many others followed, such as the hands-on Cyber Defence Training course for network sys admins in September 2014, the Advanced Cyber Defence course in September 2018, and the Advanced Cyber Defence Winter school in December 2013. In the meantime, there has been a unique endeavour to provide Internet connectivity for academia in the three countries of the Southern Caucasus and the five countries of Central Asia the so-called Virtual Silk Highway which was also funded by NATO and which served as a genuine enabler project that delivered a taste of global connectivity for many of the participating institutions.
A constant when working on NATO-funded projects with our colleagues in AZ has been their dedication to sustained progress in research and education based on two key factors. The first is the support of national cybersecurity strategies for Industry 4.0 by the president of the Republic of Azerbaijan, Mr Ilham Aliyev, which has been reiterated on many occasions. The second is the work done by the Azerbaijan National Academy of Sciences and its Institute of Information Technology, a real catalyst in many processes that have produced numerous results in information and communication technology, including cybersecurity.
In October 2021,eighteen years after that first ANW on Internet security, we were again discussing cybersecurity at a NATO-funded SPS Programme Advanced Research Workshop. While threats, vulnerabilities, attacks, risks, and protection were on the agenda, the workshop also dealt with critical infrastructures, particularly those necessary for progress towards Industry 4.0, such as the Industrial Control Systems (ICS).
The NATO SPS Advanced Research Workshop on Cybersecurity Critical Infrastructure Protection via Reflection of Industrial Control Systems (ICS) took place from 27–29 October 2021 in Baku, Azerbaijan. The Workshop was organised by the National Centre for Nuclear Research in Poland with NATO-country co-director Dr Jacek Gajewski and the Institute of Information Technology at Azerbaijan National Academy of Sciences with partner-country co-director Professor Rasim Alguliev. When the earliest ideas for the workshop were scrutinised, any premonition of a world pandemic would have looked ludicrous. Later, the shadow of the possible global medical emergency was already on the horizon when the funding application was submitted to the Science for Peace and Security programme. By the time the funding was granted, the Covid19 pandemic was looming and lockdowns had started. It became clear that, at best, we might be talking about a hybrid event, with some small-scale physical presence and the rest done virtually. A few months before the start of the event, it became clear that the workshop would need to be fully online and purely non-kinetic. As already posited, the workshop covered a wide range of cybersecurity topics and themes, permeating the main ideas, concepts and paradigms behind ICS and blended with applications and several practical exercises. Information technology used to be the dominant concern of cybersecurity, which translates to keeping track of the integrity, confidentiality and availability of data, computing, and networking (communication).
The primary function of the OT, which is again a combination of hardware and software, is to detect, monitor and induce changes in the kinetic processes. Amalgamation with IT is necessary for many reasons, such as the need for better management of the distributed control, the inherent uncertainty in the physical world and the errors in reading parameter values, perturbations in the multiple control loops, requirements for expected outcomes or deterministic behaviour, smooth and improved interaction with subsystems for data analysis, and the use of standardised protocols.
The specific topics covered during the Workshop were:
Cybersecurity of critical infrastructures
Cybersecurity education and research – programmes and labs
ICS/PLC/SCADA test beds and research facilities
Intrusion detection, mitigation and prevention
Cryptography and digital forensics for ICS/PLCs
Cybersecurity in Industry 4.0, including UAVs
Cyber Fortress – practical exercises and training.
The motivations behind the ARW originated in (1) the growth in the number of large-scale attacks, (2) the rising degree of complexity and the sophistication of threats, and (3) the need to protect critical infrastructure by building a resilient system for the betterment of the well-being of every citizen of Azerbaijan. Inter alia, the economy of Azerbaijan is highly dependent on the oil industry. Since relations with some of its neighbours are not always amicable, the protection of national infrastructure related to the oil industry, for instance, from any disruptions that may impair the country’s overall economic status, is imperative.
There are frequent reports of cyber attacks on the Internet infrastructure that controls the Baku-Tbilisi-Ceyhan pipeline control system, the ICL systems of the national power grid, and the financial institutions. These reports assess the causes and their dynamic nature, along with the effects of the threats. The plethora of devices that come to the market daily, such as variants of UAVs, has become a major concern for national security. Since Azerbaijan is undergoing nationwide digital transformation and revamping as a national priority, it is crucial that cybersecurity is included by design from the start. Moreover, based on the work done concerning the state of development and the application of ICT, Azerbaijan has initiated and carried out activities to become a premier digital hub connecting Europe with Asia, so issues such as resilience, robustness and even redundancy of the hub are considered as an enhancement of the CI.
There are several objectives for holding the ARW in Azerbaijan. One of these is to recognise the country’s progress in developing a cybersecurity strategy and laying the foundations of Industry 4.0. The second is to boost the initial efforts made by academia to develop relevant undergraduate and graduate programmes related to novel technologies which will accelerate the entire industry in the future.
The ARW was a success despite the modified delivery and the absence of kinetic participation; well attended and with the intensive involvement of many scholars, experts and professionals, along with many senior and junior researchers from Azerbaijan. All the participants found the three-day event highly profitable. The ARW turned out to be a relatively fertile forum for a multilogue about the issues and challenges that stem from cybersecurity and ICS and about the ways to mitigate, predict and eliminate the threats to cyber and physical critical infrastructures. Numerous international contacts have been set up, which may result in concrete plans for joint projects and transform the results of the ARW and the lessons learned into reality.
The presence of DASG Mr James Appathurai and Head of SPS Programme Dr Deniz Beten emphasised the relevance of both the topic and the need for cooperation with the NATO Science for Peace and Security Programme as one of the venues for collaboration among the participants.
The book in front of you is a testament to the mosaic of efforts by many people to organise, present and discuss their knowledge, dilemmas and the challenges they face in preserving secure, safe and resilient cyberspace. A significant number of the articles come from researchers from Azerbaijan and ANAS; it is an additional incentive for the ARW to promote the valuable work done and to encourage further noteworthy accomplishments in the future.
Oliver B. Popov