Cybersecurity From Field to Host

2016 ◽  
Author(s):  
Lee A. Cysouw ◽  
Douglas C. Osburn ◽  
Nader M. Rabadi
Keyword(s):  
Best Practices ◽  
Control Systems ◽  
Cyber Security ◽  
Measurement Data ◽  
Cyber Attacks ◽  
Operating Costs ◽  
Data Monitoring ◽  
Industry Standards ◽  
And Control ◽  
Remote Communications

Remote communications to field devices for data monitoring and controls has greatly reduced operating costs, reduced downtime, and helped to optimize our industry. With the ever growing threat of cyber-attacks, the need for securing that data is becoming a more common topic of discussion. Whether collecting SCADA or Measurement data from the field, doing remote configuration, or even sitting dormant, it is important to keep the line of communication to your devices secure. This presentation will discuss potential threats and examples of cyber-attacks. It will cover industry standards, types of cyber security, and the importance and best practices for securing data for Measurement and/or SCADA and control systems.

Cyber Security Assessment of NPP I&C Systems

2020 ◽  
pp. 221-238
Author(s):  
Oleksandr Klevtsov ◽  
Artem Symonov ◽  
Serhii Trubchaninov
Keyword(s):  
Control Systems ◽  
Cyber Security ◽  
Nuclear Power ◽  
Power Plants ◽  
Cyber Attacks ◽  
Security Assessment ◽  
Nuclear Facilities ◽  
Security Risks ◽  
Cyber Threats ◽  
And Control

The chapter is devoted to the issues of cyber security assessment of instrumentation and control systems (I&C systems) of nuclear power plants (NPP). The authors examined the main types of potential cyber threats at the stages of development and operation of NPP I&C systems. Examples of real incidents at various nuclear facilities caused by intentional cyber-attacks or unintentional computer errors during the maintenance of the software of NPP I&C systems are given. The approaches to vulnerabilities assessment of NPP I&C systems are described. The scope and content of the assessment and periodic reassessment of cyber security of NPP I&C systems are considered. An approach of assessment to cyber security risks is described.

scholarly journals Key Vulnerabilities of Industrial Automation and Control Systems and Actions to Prevent Cyber-Attacks

2016 ◽  
Vol 12 (1) ◽  
pp. 9 ◽  
Author(s):  
Isidro Calvo ◽  
Ismael Etxeberria-Agiriano ◽  
Miguel A Iñigo ◽  
Pablo González-Nalda
Keyword(s):  
Control Systems ◽  
Cyber Security ◽  
Communication Technologies ◽  
Cyber Attacks ◽  
Industrial Automation ◽  
Internet Protocols ◽  
The Public ◽  
Starting Point ◽  
Automation And Control ◽  
And Control

Until recently, Industrial Automation and Control Systems (IACS) were largely isolated from corporate systems by means of proprietary protocols, which facilitated their protection against cyber-attacks under the principle of security through obscurity. However, the widespread adoption of the new communication technologies, such as the Internet protocols and wireless communications has changed this scenario. During recent years there have been many evidences of cyber-attacks to IACS that exploit their vulnerabilities. Unfortunately, these attacks have increased significantly during the last five years, and we should be aware that only the tip of the iceberg comes to the public knowledge. The purpose of this article is twofold: (1) to raise awareness about the security vulnerabilities that most companies are facing at their IACS and (2) to set a starting point by proposing a roadmap that seeks to guide designers and programmers in the new and complex world of industrial cyber-security.

scholarly journals Cyber Attacks on Critical Infrastructure

2016 ◽  
pp. 448-465
Author(s):  
Ana Kovacevic ◽  
Dragana Nikolic
Keyword(s):  
Control Systems ◽  
Cyber Security ◽  
Critical Infrastructure ◽  
Cyber Attacks ◽  
Cyber Attack ◽  
Future Directions ◽  
Infrastructure Systems ◽  
Cyber Threats ◽  
Scada Systems ◽  
Insight Into

We are facing the expansion of cyber incidents, and they are becoming more severe. This results in the necessity to improve security, especially in the vulnerable field of critical infrastructure. One of the problems in the security of critical infrastructures is the level of awareness related to the effect of cyberattacks. The threat to critical infrastructure is real, so it is necessary to be aware of it and anticipate, predict, and prepare against a cyber attack. The main reason for the escalation of cyberattacks in the field of Critical Infrastructure (CI) may be that most control systems used for CI do not utilise propriety protocols and software anymore; they instead utilise standard solutions. As a result, critical infrastructure systems are more than ever before becoming vulnerable and exposed to cyber threats. It is important to get an insight into what attack types occur, as this may help direct cyber security efforts. In this chapter, the authors present vulnerabilities of SCADA systems against cyber attack, analyse and classify existing cyber attacks, and give future directions to achieve better security of SCADA systems.

scholarly journals Making roundness measurement applications and control systems on the Roundness Tester Machine

2019 ◽  
Vol 63 (3) ◽  
pp. 17-21
Author(s):  
Dodi Sofyan Arief ◽  
◽  
Eko Jadmiko ◽  
Adhy Prayitno ◽  
Muftil Badri ◽  
...  
Keyword(s):  
Control Systems ◽  
Measurement Data ◽  
Rotating Speed ◽  
Center Point ◽  
Global Quality ◽  
Measurement Results ◽  
Roundness Deviation ◽  
And Control ◽  
Dial Indicator ◽  
Roundness Measurement

Dial indicator is a comparison device usually used in industrial activities, especially in production. To make measurements at this time must be supported by technology that can facilitate operators when using it and when analyzing measurement results. Involving the programme and microcontroller are a solution to developing in roundness measurement, and then the results can be more accurate or thorough between the readable values read from the measuring instrument with the actual value of varying the amount of data. Roundness application is a program that can input measurement data automatically and can do calculations directly. Then, it can display a reference circle, a table that calculates the values of X, Y, R, X’, Y’, R’, Roundness Deviation, Run out Concentricity or a shift in the center point and also the center point shift or Theta. In measuring roundness, the test object is used the Standard Mandrel which has been certified by PT. Global Quality Indonesia, by determining three points or positions, namely in the first position the amount of data is 180, in the second position the amount of data is 90 and in the third position, the amount of data is 60 with a rotating speed of 15 mm/s. The results of the reference circle can be seen in each calculation in each position, in the second position the roundness deviation values are approaching of the Mandrel.

Cyber Attacks on Critical Infrastructure

2015 ◽  
pp. 1-18 ◽  
Author(s):  
Ana Kovacevic ◽  
Dragana Nikolic
Keyword(s):  
Control Systems ◽  
Cyber Security ◽  
Critical Infrastructure ◽  
Cyber Attacks ◽  
Cyber Attack ◽  
Future Directions ◽  
Infrastructure Systems ◽  
Cyber Threats ◽  
Scada Systems ◽  
Insight Into

We are facing the expansion of cyber incidents, and they are becoming more severe. This results in the necessity to improve security, especially in the vulnerable field of critical infrastructure. One of the problems in the security of critical infrastructures is the level of awareness related to the effect of cyberattacks. The threat to critical infrastructure is real, so it is necessary to be aware of it and anticipate, predict, and prepare against a cyber attack. The main reason for the escalation of cyberattacks in the field of Critical Infrastructure (CI) may be that most control systems used for CI do not utilise propriety protocols and software anymore; they instead utilise standard solutions. As a result, critical infrastructure systems are more than ever before becoming vulnerable and exposed to cyber threats. It is important to get an insight into what attack types occur, as this may help direct cyber security efforts. In this chapter, the authors present vulnerabilities of SCADA systems against cyber attack, analyse and classify existing cyber attacks, and give future directions to achieve better security of SCADA systems.

Cyber Security Assurance in the Design, Implementation, and Operation of NPP I&C Systems

2020 ◽  
pp. 323-348
Author(s):  
Oleksandr Klevtsov ◽  
Artem Symonov ◽  
Serhii Trubchaninov
Keyword(s):  
Control Systems ◽  
Cyber Security ◽  
Regulatory Framework ◽  
Nuclear Facilities ◽  
Stages Of Development ◽  
Basic Principles ◽  
Security Assurance ◽  
Security Levels ◽  
And Control

The chapter is devoted to the consideration of the issues concerning the cyber security assurance of NPP instrumentation and control systems. A brief overview of the international regulatory framework in the field of cyber security for nuclear facilities is given. The different approaches to the categorization of NPP instrumentation and control systems by cyber security are expressed. The basic principles of cyber security assurance of NPP instrumentation and control systems are considered. The specific measures of cyber security assurance (i.e., graded according to the cyber security levels) on the stages of development, implementation, and operation of NPP instrumentation and control systems are presented.

Automated security testing for web applications on industrial automation and control systems

2019 ◽  
Vol 67 (5) ◽  
pp. 383-401
Author(s):  
Steffen Pfrang ◽  
Anne Borcherding ◽  
David Meier ◽  
Jürgen Beyerer
Keyword(s):  
Control Systems ◽  
Cyber Security ◽  
Web Application ◽  
Web Applications ◽  
Security Testing ◽  
Industrial Automation ◽  
Local Networks ◽  
Automation And Control ◽  
And Control ◽  
The Web

Abstract Industrial automation and control systems (IACS) play a key role in modern production facilities. On the one hand, they provide real-time functionality to the connected field devices. On the other hand, they get more and more connected to local networks and the internet in order to facilitate use cases promoted by “Industrie 4.0”. A lot of IACS are equipped with web servers that provide web applications for configuration and management purposes. If an attacker gains access to such a web application operated on an IACS, he can exploit vulnerabilities and possibly interrupt the critical automation process. Cyber security research for web applications is well-known in the office IT. There exist a lot of best practices and tools for testing web applications for different kinds of vulnerabilities. Security testing targets at discovering those vulnerabilities before they can get exploited. In order to enable IACS manufacturers and integrators to perform security tests for their devices, ISuTest was developed, a modular security testing framework for IACS. This paper provides a classification of known types of web application vulnerabilities. Therefore, it makes use of the worst direct impact of a vulnerability. Based on this analysis, a subset of open-source vulnerability scanners to detect such vulnerabilities is selected to be integrated into ISuTest. Subsequently, the integration is evaluated. This evaluation is twofold: At first, willful vulnerable web applications are used. In a second step, seven real IACS, like a programmable logic controller, industrial switches and cloud gateways, are used. Both evaluation steps start with the manual examination of the web applications for vulnerabilities. They conclude with an automated test of the web applications using the vulnerability scanners automated by ISuTest. The results show that the vulnerability scanners detected 53 % of the existing vulnerabilities. In a former study using commercial vulnerability scanners, 54 % of the security flaws could be found. While performing the analysis, 45 new vulnerabilities were detected. Some of them did not only break the web server but crashed the whole IACS, stopping the critical automation process. This shows that security testing is crucial in the industrial domain and needs to cover all services provided by the devices.

scholarly journals Digital Forensic Analysis of Industrial Control Systems Using Sandboxing: A Case of WAMPAC Applications in the Power Systems

Energies ◽  
2019 ◽  
Vol 12 (13) ◽  
pp. 2598
Author(s):  
Asif Iqbal ◽  
Farhan Mahmood ◽  
Mathias Ekstedt
Keyword(s):  
Power Systems ◽  
Control Systems ◽  
Forensic Analysis ◽  
Cyber Attacks ◽  
Power Grids ◽  
Cyber Attack ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Daubert Standard ◽  
And Control

In today’s connected world, there is a tendency of connectivity even in the sectors which conventionally have been not so connected in the past, such as power systems substations. Substations have seen considerable digitalization of the grid hence, providing much more available insights than before. This has all been possible due to connectivity, digitalization and automation of the power grids. Interestingly, this also means that anybody can access such critical infrastructures from a remote location and gone are the days of physical barriers. The power of connectivity and control makes it a much more challenging task to protect critical industrial control systems. This capability comes at a price, in this case, increasing the risk of potential cyber threats to substations. With all such potential risks, it is important that they can be traced back and attributed to any potential threats to their roots. It is extremely important for a forensic investigation to get credible evidence of any cyber-attack as required by the Daubert standard. Hence, to be able to identify and capture digital artifacts as a result of different attacks, in this paper, the authors have implemented and improvised a forensic testbed by implementing a sandboxing technique in the context of real time-hardware-in-the-loop setup. Newer experiments have been added by emulating the cyber-attacks on WAMPAC applications, and collecting and analyzing captured artifacts. Further, using sandboxing for the first time in such a setup has proven helpful.

scholarly journals Cyber Resilience Analysis of SCADA Systems in Nuclear Power Plants

2020 ◽  
Author(s):  
Meghan Galiardi ◽  
Amanda Gonzales ◽  
Jamie Thorpe ◽  
Eric Vugrin ◽  
Raymond Fasano ◽  
...  
Keyword(s):  
Control System ◽  
Control Systems ◽  
Cyber Security ◽  
Nuclear Power ◽  
Power Plants ◽  
Nuclear Power Plants ◽  
Cyber Attacks ◽  
Use Case ◽  
Design Features ◽  
Scada Systems

Abstract Aging plants, efficiency goals, and safety needs are driving increased digitalization in nuclear power plants (NPP). Security has always been a key design consideration for NPP architectures, but increased digitalization and the emergence of malware such as Stuxnet, CRASHOVERRIDE, and TRITON that specifically target industrial control systems have heightened concerns about the susceptibility of NPPs to cyber attacks. The cyber security community has come to realize the impossibility of guaranteeing the security of these plants with 100% certainty, so demand for including resilience in NPP architectures is increasing. Whereas cyber security design features often focus on preventing access by cyber threats and ensuring confidentiality, integrity, and availability (CIA) of control systems, cyber resilience design features complement security features by limiting damage, enabling continued operations, and facilitating a rapid recovery from the attack in the event control systems are compromised. This paper introduces the REsilience VeRification UNit (RevRun) toolset, a software platform that was prototyped to support cyber resilience analysis of NPP architectures. Researchers at Sandia National Laboratories have recently developed models of NPP control and SCADA systems using the SCEPTRE platform. SCEPTRE integrates simulation, virtual hardware, software, and actual hardware to model the operation of cyber-physical systems. RevRun can be used to extract data from SCEPTRE experiments and to process that data to produce quantitative resilience metrics of the NPP architecture modeled in SCEPTRE. This paper details how RevRun calculates these metrics in a customizable, repeatable, and automated fashion that limits the burden placed upon the analyst. This paper describes RevRun’s application and use in the context of a hypothetical attack on an NPP control system. The use case specifies the control system and a series of attacks and explores the resilience of the system to the attacks. The use case further shows how to configure RevRun to run experiments, how resilience metrics are calculated, and how the resilience metrics and RevRun tool can be used to conduct the related resilience analysis.

Sign in / Sign up

Export Citation Format

Share Document