Challenges of information security managementin the industrial sector: A systematic review

Modbus TCP/IP protocol is a commonly used protocol in industrial automation control systems, systems responsible for sensitive operations such as gas turbine operation and refinery control. The protocol was designed decades ago with no security features in mind. Denial of service attack and malicious parameter command injection are examples of attacks that can exploit vulnerabilities in industrial control systems that use Modbus/TCP protocol. This paper discusses and explores the use of intrusion detection and prevention systems (IDPS) with deep packet inspection (DPI) capabilities and DPI industrial firewalls that have capability to detect and stop highly specialized attacks hidden deep in the communication flow. The paper has the following objectives: (i) to develop signatures for IDPS for common attacks on Modbus/TCP based network architectures; (ii) to evaluate performance of three IDPS - Snort, Suricata and Bro – in detecting and preventing common attacks on Modbus/TCP based control systems; and (iii) to illustrate and emphasize that the IDPS and industrial firewalls with DPI capabilities are not preventing but only mitigating likelihood of exploitation of Modbus/TCP vulnerabilities in the industrial and automation control systems. The results presented in the paper illustrate that it might be challenging task to achieve requirements on real-time communication in some industrial and automation control systems in case the DPI is implemented because of the latency and jitter introduced by these IDPS and DPI industrial firewall.

Cybersecurity is rapidly gaining significance due to growing use of computers in daily life and business sectors. Likewise, industrial sector has also become more vulnerable to cyber threats exclusively with the onset of Industry 4.0, which is a digital transformation evolved with industrial control systems (ICS). Nowadays industrial organizations aim to build capacity towards protection of ICS to be cybersafe. To assess the effects of vulnerabilities in ICS, organizations utilize Common Vulnerability Scoring System (CVSS), which calculates severity categories/scores. In this study, we implemented a prediction model for CVSS vulnerability categorization of ICS. Although there exist many applicable methods to use in data analysis paradigm such as statistical regression, cluster and classification analysis, the categorical form of CVSS data based on verbal statements and the failure to satisfy basic statistical assumptions for classical models motivated us to focus on implementation of fuzzy logistic regression (FLR) model, which is one possible alternative method. We chose the FLR method to explore that it is applicable to ICS vulnerability data. Furthermore, the model was improved by employing metaheuristic algorithms to optimize the spread of fuzzy numbers representing input variables. This study is expected to contribute to practical application of vulnerability categorization of ICS.

Unmanned aerial vehicles (UAVs) are now considered one of the best remote sensing techniques for gathering data over large areas. They are now being used in the industry sector as sensing tools for proactively solving or preventing many issues, besides quantifying production and helping to make decisions. UAVs are a highly consistent technological platform for efficient and cost-effective data collection and event monitoring. The industrial Internet of things (IIoT) sends data from systems that monitor and control the physical world to data processing systems that cloud computing has shown to be important tools for meeting processing requirements. In fog computing, the IoT gateway links different objects to the internet. It can operate as a joint interface for different networks and support different communication protocols. A great deal of effort has been put into developing UAVs and multi-UAV systems. This paper introduces a smart IIoT monitoring and control system based on an unmanned aerial vehicle that uses cloud computing services and exploits fog computing as the bridge between IIoT layers. Its novelty lies in the fact that the UAV is automatically integrated into an industrial control system through an IoT gateway platform, while UAV photos are systematically and instantly computed and analyzed in the cloud. Visual supervision of the plant by drones and cloud services is integrated in real-time into the control loop of the industrial control system. As a proof of concept, the platform was used in a case study in an industrial concrete plant. The results obtained clearly illustrate the feasibility of the proposed platform in providing a reliable and efficient system for UAV remote control to improve product quality and reduce waste. For this, we studied the communication latency between the different IIoT layers in different IoT gateways.

We examine the performance of evolutionary multi-objective optimization (EMO) algorithms on various shapes of the search space in the objective space (i.e., the feasible region in the objective space). To analyze the advantage and disadvantage of each EMO algorithm on the shape of the search space, we propose a meta-optimization method which can automatically create multi-objective optimization problems (MOPs) for clarifying the advantage and disadvantage of EMO algorithms. In particular, we propose a two-level model to generate such MOPs. In the upper level, MOPs are handled as solutions. Some design variables of each MOP are optimized in this level. In the lower level, each MOP is used to calculate the relative performance between two EMO algorithms. The relative performance is regarded as the fitness of the MOP in the upper level. Thus, by maximizing the relative performance, we can obtain an MOP which differentiates the search performance between two EMO algorithms. Through computational experiments, we obtained two interesting observations. One is that Pareto dominance-based EMO algorithms have a low escaping ability from local Pareto-optimal regions. The other is that it is difficult for decomposition- and indicator-based EMO algorithms to find solutions along the entire Pareto front.

Recently, Evolutionary Multiobjective Multitask optimization (EMMO) was proposed as a new research topic in the field of Evolutionary Multiobjective optimization (EMO). In contrast to conventional EMO algorithms, EMMO algorithms solve multiple multiobjective optimization problems (multiple tasks) in their single run. Most EMMO algorithms have the same number of populations as the number of tasks to be solved simultaneously, and each population corresponds to a different task. The main feature of EMMO algorithms is that offspring solutions are generated by not only intra-task crossover but also inter-task crossover. Local mating in intra-task crossover improves the search performance of EMO algorithms that use uniformly distributed weight vectors during a search, such as MOEA/D. Therefore, local mating in inter-task crossover is a promising idea for EMMO algorithms. In this paper, we propose a simple extension of MOEA/D for EMMO algorithms and a local mating method in inter-task crossover based on uniformly distributed weight vectors. Through computational experiments, we examine the effects of local mating in inter-task crossover on the search performance of the proposed algorithm. Experimental results show that the local mating improves the search performance of the proposed algorithm.

Industrial Control Systems (ICS), at the heart of critical infrastructures, have been developing into more and more powerful tools over the years with the incorporation of networking and cyber, among other, technologies. As with great power comes great risks, ICS's inherited risks and vulnerabilities not only from the cyber domain but also gave rise to unique security risks and vulnerabilities. Security management, i.e., identifying vulnerabilities, assessing threats, preventing and tolerating malicious and harmful activities, mitigating and recovering from attacks, etc., for ICS's have been identified as a key, if not the key, area for the protection of critical infrastructures. The importance of a test-bed mimicking a real-life ICS and having capabilities to support ICS security management is paramount. In this paper, after briefly surveying the vulnerabilities in ICS and surveying the existing ICS test-beds, we describe the implementation of a virtual ICS testbed controlling the distribution breaker system of a power grid. We also describe simulating two cyber attacks using the testbed.

With increasing dependence on information technology and information system, enterprises are confronting with a more and more complicated information security environment. Thus, information security has become an intractable problem for many enterprises. Generally speaking, there are two methods to improve enterprises’ information security level, that is, technology and management means. Technology means mainly settle software and hardware security of computers and networks, while management means mainly regulate and restrain the entire enterprise system including software, hardware, and employees. At present, a lot of enterprises mostly employ the technology means to solve information security problems. However, the lack or imperfection of information security institutions leads to bad enterprise information security situation. Therefore, technology and management means to solve information security are complementary to each other. As such, it is urgent and necessary to establish and improve information security institutions for many enterprises. In fact, enterprise information security is a complicated activity which needs different sectors to get involved in. More specifically, the information security departments play the very critical role in the implementation of information security institutions, and all employees should comply with the information security policy. Therefore, only the top management teams have the ability to coordinate the relationship between different departments, determine the introduction of information technology, and deploy the information systems. In response, top management support has an important impact on the construct of information security institutions and the effectiveness of information security management. So far, few studies have investigated the mechanism that how top management support affects information security legitimation, and legitimation information security management. Therefore, it has great theoretical and practical significance to the exploration of whether the legitimation supported by top management can improve the effectiveness of information security management. The objective of the current study is to explore whether legitimation prompted by top management team can improve the effectiveness of enterprise information security management. By doing so, the data was collected from the enterprises which have passed the certification of information security management system, and analyzed by using PLS-SEM. The results indicate that information security awareness can improve top management support（including top management belief and top management participation）and the effectiveness of information security management respectively. In addition, top management belief can improve implementation（the first stage of legitimation）and internalization（the second stage of legitimation）. Moreover, implementation can improve the effectiveness of information security management. This paper analyzes the way to enhance effectiveness of information security management, which has a reality-oriented meaning for prompting information security management of enterprises from the standpoint of institution.

Vulnerability management remains a significant challenge for organizations that handle critical infrastructure worldwide. Hallmark cyber-physical incidents with disruptive and destructive capabilities like Stuxnet (2010) and Triton (2017) have exploited known vulnerabilities in information technology (IT) and operational technology (OT) assets throughout the attack lifecycle. However, the global critical infrastructure security community is still nascent in the field of industrial control systems (ICS) vulnerability management, especially in information-sharing. While their counterparts in IT security have spent years elaborating multiple resources to track and disseminate information about known vulnerabilities, the ICS community lacks specialized mechanisms for knowledge-sharing. Multiple challenges exist when addressing this issue: a general lack of awareness about ICS cybersecurity, the need to consider multiple industry sectors and unique network architectures, and the need to find a balance between protecting and releasing sensitive information regarding critical infrastructure organizations or proprietary vendor knowledge. Through a multiphase research initiative based on the user-centered design process, we intend to test and evaluate the feasibility and effectiveness of various information-sharing platform designs for streamlining the discussion of ICS vulnerabilities. In the first phase of this research, we surveyed ICS and critical infrastructure security stakeholders to gain insight into the range of cogent, shared, and divergent views of the community relating to the need for specialized resources to share information about ICS vulnerabilities. We then evaluated what these different perspectives imply for the adoption and success of certain information-sharing platform frameworks. Finally, utilizing these insights, we demonstrated possible alternative paths forward for addressing the challenge of sharing information about ICS vulnerabilities to keep critical infrastructure safe.

The most recent international reports of security issues documented a growing number of cybernetic attacks to Industrial Control Systems. Therefore, an increase of information technology implementations in manufacturing processes arose offering solutions in Information Security of the involved manufacturers and professionals. In this respect, a notable tendency emerges in which information security has been particularly intended to be used in businesses' administrative areas, where ISO-27000 is the most favored standard. Nonetheless, it has been determined that ISO is not yet an ideal standard for an industrial approach, due to the fact that it has not been created for these systems. We designed and implemented a methodology for the management of information security of the Industrial Control Systems of industrial businesses, based on standards issued by NIST. Such methodology presents the development of a series of phases, which provide two main contributions: firstly a group of strategies to reduce risks and secondly a Guide for standards-based instructions as well as security policies for the effective management of information security.

This paper focuses on exploitable cyber vulnerabilities in industrial control systems (ICS) and on a new approach of resiliency against them. Even with numerous metrics and methods for intrusion detection and mitigation strategy, a complete detection and deterrence of cyber-attacks for ICS is impossible. Countering the impact and consequence of possible malfunctions caused by such attacks in the safety-critical ICS’s, this paper proposes new controller architecture to fail-operate even under compromised situations. The proposed new ICS is realized with diversification of hardware/software and unidirectional communication in alerting suspicious infiltration to upper-level management. Equipped with control bus monitoring, this operation-basis approach of infiltration detection would become a truly cyber-resilient ICS. The proposed system is tested in a lab hardware experimentation setup and on a cybersecurity test bed, DeterLab, for validation.

Quantum computing is expected to eventually be able to break the public‐key cryptography algorithms currently used throughout information technology (IT) infrastructure, undermining foundational tools used to maintain information security across the country's critical infrastructure. As these systems converge, the security posture of operational technology (OT) systems has to adapt to a new threat landscape and adopt some of the same security controls as those used in enterprise IT, especially cryptographic controls that rely on public‐key cryptography, which are ubiquitous in enterprise IT systems. Operators and manufacturers of industrial control systems (ICSs) and OT systems will need to understand and address the unique ways in which these systems will be vulnerable to adversaries equipped with quantum computers. We assessed quantum computing–facilitated cryptographic vulnerabilities in ICSs and OT systems to identify the issues in need of the most‐urgent attention from ICS and OT owners, operators, and manufacturers. Employing a modified consequence‐driven, cyber‐informed engineering process informed by literature review and analysis, we mapped protocols using or enabling cryptographic protections across common ICS network topologies as part of an assessment of how an attacker could cause harm, especially damaging physical consequences resulting from manipulation of cyber–physical systems, through the cryptographic compromise of ICS and OT networks and components. Our evaluation of identified and ranked risks to related control systems was also informed by relevant literature on ICS risk assessment and mitigation, cyber harms, and historical attacks on critical infrastructure. Using our analysis, we assessed the overall difficulty in mitigating risk from each of the identified vulnerability archetypes. The resulting analysis identified vulnerabilities associated with code‐signing processes as the highest priority for attention when updating systems for a postquantum future. This risk was followed by vulnerabilities associated with forged certificates for identification and vulnerabilities associated with forged session keys, identified as lower priorities but still of concern. Informed by our findings, we offer recommendations related to the protection of these vulnerabilities and the improvement of ICS security in developed systems.

Security vulnerabilities in industrial control systems (ICS) and its open interconnected trends lead to security risks escalating. The existed security protection technologies, with poor applicability, are hard to meet the special need of information security for ICS. In this paper, trusted protection theories and technologies for ICS were studied and an integrated trusted protection model was proposed. The proposed method protected data and system security of ICS from aspects of trusted computing platform, trusted data protection mechanism and trust management network. The trusted protection technologies were deployed on each of the three network layers of ICS according to differentiated resource and security requirements of each layer. Analysis and simulation results indicate the effectiveness and superiority of the proposed method. The establishing of trusted protection model assists realizing the systematic security protection for heterogeneous industrial control systems.

In this study, we address critical security vulnerabilities in Industrial Control Systems (ICS) and the Internet of Things (IoT) by focusing on enhancing collaboration and communication among interconnected devices. Recognizing the inherent risks and the sophisticated nature of cyber threats in such environments, we introduce a novel and complex implementation that leverages the synergistic potential of Graph Convolutional Networks (GCN) and Long Short-Term Memory (LSTM) models. This approach is designed to intelligently predict and detect intrusion attempts by analyzing the dynamic interactions and data flow within networked systems. Our methodology not only differentiates between the operational nuances of various IoT routing mechanisms but also tackles the core design challenges faced by ICS. Through rigorous experimentation, including the deployment of our model in simulated high-risk scenarios, we have demonstrated its efficacy in identifying and mitigating deceptive connectivity disruptions with a remarkable accuracy rate of 99.99%. This performance underscores the models capability to serve as a robust security layer, ensuring the integrity and resilience of ICS networks against sophisticated cyber threats. Our findings contribute a significant advancement in the field of cybersecurity for ICS and IoT, proposing a comprehensive framework that can be centrally integrated with existing security information and incident management systems for enhanced protective measures. INDEX TERMS Ad-hoc network, graph convolutional networks (GCN), industrial control system (ICS), Internet of Things (IoT), intrusion detection system (IDS), security vulnerabilities. • Smart homes and cities: IoT technology allows for integrating smart devices to control and monitor lighting,

In the evolutionary multi-objective optimization (EMO) community, some well-known test problems have been frequently and repeatedly used to evaluate the performance of EMO algorithms. When a new EMO algorithm is proposed, its performance is evaluated on those test problems. Thus algorithm development can be viewed as being guided by test problems. A number of test problems have already been designed in the literature. Since the difficulty of designed test problems is usually evaluated by existing EMO algorithms through computational experiments, test problem design can be viewed as being guided by EMO algorithms. That is, EMO algorithms and test problems have been developed in a coevolutionary manner. The goal of this paper is to clearly illustrate such a coevolutionary development. We categorize EMO algorithms into four classes: non-elitist, elitist, many-objective, and combinatorial algorithms. In each category of EMO algorithms, we examine the relation between developed EMO algorithms and used test problems. Our examinations of test problems suggest the necessity of strong diversification mechanisms in many-objective EMO algorithms such as SMS-EMOA, MOEA/D and NSGA-III.

In the domain of information security (IS) management, the influence of individual behavior on organizational security has garnered considerable attention, underscored by a dynamically evolving technological landscape. Research to date extensively highlights the necessity of understanding individual roles yet consistently overlooks the complexities of how individual IS policy awareness, threat perception, and compliance behavior intricately intertwine, especially when aligned with organizational needs. This study uniquely addresses these complexities by integrating the concepts of task-technology fit (TTF) and person-organization fit (POF), which are crucial for strategic alignment between individual capabilities and organizational IS frameworks. Our investigation focuses on how TTF and POF are moderators in the relationship between IS policy awareness, threat perception, and compliance behavior. Analyzing survey data from 526 employees across various industries demonstrates that a heightened awareness of IS policies significantly boosts threat perception, fostering more robust compliance behaviors. More critically, our findings reveal that TTF substantially amplifies the influence of policy awareness on threat perception, while POF enhances the transition from threat perception to compliance behavior. These results underscore the importance of contextual factors in shaping effective IS management strategies. This research contributes novel insights into the interplay between individual behaviors and organizational contexts, significantly enriching the discourse in IS management. By demonstrating the pivotal roles of TTF and POF, our study provides a deeper understanding of these dynamics and offers practical guidance for organizations, equipping them with the knowledge to design more effective IS strategies. Including TTF and POF in designing IS strategies is vital in minimizing human-error-related security breaches, thereby strengthening the overall IS posture of organizations. This highlights an urgent need for IS frameworks that not only address but integrate these critical alignment factors, reinforcing the importance of our findings in the broader context of IS management.