13 episodes

The 1st International Symposium for Industrial Control System & SCADA Cyber Security Research (ICS-CSR) brings together researchers with an interest in the security of industrial control systems in the light of their increasing exposure to cyber-space. The topics of interests are broad, ranging from security for hardware/firmware used in industrial control systems, to system aspects of ICS such as secure architectures and vulnerability screening, to the human aspects of cyber security such as behaviour modelling and training. ICS-CSR is a research conference aimed at high quality academic research in the cyber security of industrial control system from the hardware, system and human-factor perspectives.

ICS & SCADA Cyber Security BCS - The Chartered Institute for IT

    • Technology

The 1st International Symposium for Industrial Control System & SCADA Cyber Security Research (ICS-CSR) brings together researchers with an interest in the security of industrial control systems in the light of their increasing exposure to cyber-space. The topics of interests are broad, ranging from security for hardware/firmware used in industrial control systems, to system aspects of ICS such as secure architectures and vulnerability screening, to the human aspects of cyber security such as behaviour modelling and training. ICS-CSR is a research conference aimed at high quality academic research in the cyber security of industrial control system from the hardware, system and human-factor perspectives.

    HADA: Hybrid Access Decision Architecture for Building Automation and Control Systems

    HADA: Hybrid Access Decision Architecture for Building Automation and Control Systems

    This paper analyzes the security requirements and constraints in ICS/BACS and proposes the Hybrid Access Decision Architecture (HADA) to allow for interoperability between centralized and distributed access control methods. While a central party is in control of policy specification, the system also allows for the deployment of lightweight and compact access control policies to the target devices so that access control decisions can take place in a distributed manner. Our prototype that is based on 6LoWPAN/CoAP IP protocols and binary JSON access control policies shows the feasibility of our approach.

    Towards a SCADA Forensics Architecture

    Towards a SCADA Forensics Architecture

    With the increasing threat of sophisticated attacks on critical infrastructures, it is vital that forensic investigations take place immediately following a security incident. This paper presents an existing SCADA forensic process model and proposes a structured SCADA forensic process model to carry out a forensic investigations. A discussion on the limitations of using traditional forensic investigative processes and the challenges facing forensic investigators. Furthermore, flaws of existing research into providing forensic capability for SCADA systems are examined in detail. The study concludes with an experimentation of a proposed SCADA forensic capability architecture on the Siemens S7 PLC. Modifications to the memory addresses are monitored and recorded for forensic evidence. The collected forensic evidence will be used to aid the reconstruction of a timeline of events, in addition to other collected forensic evidence such as network packet captures.

    Industrial Control System Cyber Attacks

    Industrial Control System Cyber Attacks

    This paper presents a set of attacks against SCADA control systems. The attacks are grouped into 4 classes; reconnaissance, response and measurement injection, command injection and denial of service. The 4 classes are defined and each attack is described in detail. The response and measurement injection and command injection classes are subdivided into sub-classes based on attack complexity. Each attack described in this paper has been exercised against industrial control systems in a laboratory setting.

    The SCADA Threat Landscape

    The SCADA Threat Landscape

    Nations around the world rely on the correct and continued functioning of industrial control systems (ICS) to keep economiesmoving and provide critical services such as electricity and cleanwater. This paper provides an analysis of the current threat landscape facing ICS. Discussion is provided on the actors involved, their motivations, and specific attack vectors they may use to reach their goals.

    Role Logic and its Application to the Analysis of Process Control Systems from the Socio—Technical System Perspective

    Role Logic and its Application to the Analysis of Process Control Systems from the Socio—Technical System Perspective

    Security requirements for process control systems can be viewed as a social construct derived from the culture and society within which the requirement is said to exist. To capture and understand these requirements we need to make use of a formal reasoning system that supports a rigorous deductive process. Socio—Technical Systems thinking offers us the ability to express the wider socio—context within which an ICT system can be said to operate. In this paper we will extend the π-calculus model of actions via the creation of role logic. Then via the application of responsibilitymodelling and role logic we will demonstrate how a model of a Socio—Technical process control system can be created and analysed so as to identify critical dependancies.

    Trusted Virtual Machine Management for Virtualization in Critical Environments

    Trusted Virtual Machine Management for Virtualization in Critical Environments

    In this paper, we address the problem of securing an existing or new host machine with on-demand integrity measurement solution to offer a fresh and trusted VM whenever some illegitimate changes are detected in the current VM. The solution is targeted at smaller devices with a limited number of VMs and customers per device. It also assumes VMs to be rather stable and does not use virtual TPMs. Thus, it focuses on secure virtualization in critical environments, automation, or industry control systems.

Top Podcasts In Technology

Listeners Also Subscribed To

More by BCS - The Chartered Institute for IT