Towards Robust Detection of Open Source Software Supply Chain Poisoning Attacks in Industry Environments

Cyberinsights: Talking about the Software Supply Chain.

This paper proposes a framework for understanding the contextual factors of sustainable supply chain management (SSCM) practices in the O&G industry. It is based on a literature review of studies related to SSCM of O&G topics. The review reveals that there is a lack of SSCM research specific to the industry. Present studies focus on individual stages of its supply chain and do not consider all dimensions of sustainable development, namely economic, environmental and social factors. In addition, existing frameworks lack important contextual aspects of the industry's business and organizational environment. To address these gaps, our research develops an overarching framework operationalizing the internal and external contextual factors of the O&G industry environment that can influence the outcome of its SSCM practices. The proposed framework is useful as a tool in the formulation and implementation of SSCM strategy that enables alignment of a company's internal capabilities with its external environment.

In the era of rapid technological growth, we are facing increased energy consumption. The question of using renewable energy sources is also essential for the sustainability of wireless sensor networks and the Industrial Internet of Things, especially in scenarios where there is a need to deploy an extensive number of sensor nodes and smart devices in industrial environments. Because of that, this paper targets the problem of monitoring the operations of solar-powered wireless sensor nodes applicable for a variety of Industrial IoT environments, considering their required locations in outdoor scenarios and the efficient solar power harvesting effects. This paper proposes a distributed wireless sensor network system architecture based on open-source hardware and open-source software technologies to achieve that. The proposed architecture is designed for acquiring solar radiation data and other ambient parameters (solar panel and ambient temperature, light intensity, etc.). These data are collected primarily to define estimation techniques using nonlinear regression for predicting solar panel voltage outputs that can be used to achieve energy-efficient operations of solar-powered sensor nodes in outdoor Industrial IoT systems. Additionally, data can be used to analyze and monitor the influence of multiple ambient data on the efficiency of solar panels and, thus, powering sensor nodes. The architecture proposal considers the variety of required data and the transmission and storage of harvested data for further processing. The proposed architecture is implemented in the small-scale variants for evaluation and testing. The platform is further evaluated with the prototype sensor node for collecting solar panel voltage generation data with open-source hardware and low-cost components for designing such data acquisition nodes. The sensor node is evaluated in different scenarios with solar and artificial light conditions for the feasibility of the proposed architecture and justification of its usage. As a result of this research, the platform and the method for implementing estimation techniques for sensor nodes in various sensor and IoT networks, which helps to achieve edge intelligence, is established.

Industrial environments have vastly changed since the conception of initial primitive and isolated networks. The current full interconnection paradigm, where connectivity between different devices and the Internet has become a business necessity, has driven device interconnectivity towards building the Industrial Internet of Things (IIoT), enabling added value services such as supply chain optimization or improved process control. However, whereas interconnectivity has increased, IIoT security practices has not evolved at the same pace, due partly to inherited security practices from when industrial networks where not connected and the existence of basic hardware with no security functionalities. In this work, we present an Anomaly Detection System for industrial environments that monitors physical quantities to detect intrusions. It is based in the null space detection, which is at the same time, based on Stochastic Subspace Identification (SSI). The approach is validated using the Tennessee-Eastman chemical process.

This paper contains a benchmark analysis of the open source library GPU-Voxels together with the Robot Operating System (ROS) in large-scale industrial robotics environment. Six sensor nodes with embedded computing generate real-time point cloud data as ROS topics. The overall data from all sensor nodes is processed by a combination of CPU and GPU on a central ROS node. Experimental results demonstrate that the system is able to handle frame rates of 10 and 20 Hz with voxel sizes of 4, 6, 8 and 12 cm without saturation of the CPU or the GPU used by the GPU-Voxels library. The results in this paper show that ROS, in combination with GPU-Voxels, can be used as a viable solution for real-time 3D collision detection and avoidance applications in relatively large-scale industrial environments.

The Industrial Internet of Things (IIoT) could enhance automation and analytics in industrial environments. Despite the promising benefits of IIoT, securely managing software updates is a challenging problem for those critical applications. This is due to at least the intrinsic lack of software protection mechanisms in legacy industrial systems. In this paper, to address the challenges in building a secure software supply chain for industrial environments, we propose a new approach that leverages distributed watchdogs with blockchain systems in protecting software supply chains. For this purpose, we bind every entity with a unique identity in the blockchain and employ the blockchain as a delegated authenticator by mapping every reporting action to a non-fungible token transfer. Moreover, we present a detailed specification to clearly define the behavior of systems and to apply model checking.

The use of Wireless Sensor Networks (WSN) in industrial environments is subject to problems, such as shadowing and fading. In addition, the wireless channel in many industrial environments is non-stationary for a long term, which can cause abrupt changes in the characteristics of the channel over time. A way to deal with those problems is the use of multi-channel protocols. However, it is difficult to evaluate, and compare different approaches because there is no reliable simulation model for industrial environments. This paper presents experimental results that characterize the wireless channel in industrial environments, and proposes a simulation model that captures the effects of fading, shadowing, and the non-stationary characteristics of the channel. It also considers the differences in the behavior of the different channels, and the asymmetry of the links. The model was integrated into the open source simulator Castalia. After the integration, two simulation studies were performed with the proposed model. In the first one, the Tree-based Multi-Channel Protocol was implemented and evaluated, and a comparison was made with the default model from Castalia. In the second case, CSMA/CA protocol, as defined in IEEE 802.15.4 standard, was compared to a protocol based on Time-Slotted Channel Hopping (TSCH) mode of IEEE 802.15.4e standard. The results showed that the use of TDMA and channel hopping is an alternative to deal with the problems of wireless channels in industrial environments.

The supply chain is an extremely successful way to cope with the risk posed by distributed decision making in product sourcing and distribution. While open source software has similarly distributed decision making and involves code and information flows similar to those in ordinary supply chains, the actual networks necessary to quantify and communicate risks in software supply chains have not been constructed on large scale. This work proposes to close this gap by measuring dependency, code reuse, and knowledge flow networks in open source software. We have done preliminary work by developing suitable tools and methods that rely on public version control data to measure and comparing these networks for R language and emberjs packages. We propose ways to calculate the three networks for the entirety of public software, evaluate their accuracy, and to provide public infrastructure to build risk assessment and mitigation tools for various individual and organizational participants in open sources software. We hope that this infrastructure will contribute to more predictable experience with OSS and lead to its even wider adoption.

Version control systems are among the type of repositories that are frequently explored as sources of software change history. They can be mined to identify associations between software module modifications. This information is useful to support software modification activities, indicating to software engineers which modules are usually modified together during software maintenance or evolution. Previous works published on the subject focused on mining associations from open source software projects. This article presents the use of association mining in an industrial environment. The study was set up as a formal experiment and studied 18 systems developed in a large Brazilian beverage company. The results show that the precision of the rules obtained in this environment are even higher than its counterpart obtained in open source projects. This suggests that this approach is very useful in this type of environment.

The security and well-being of societies and economies are tied to the reliable and resilient operation of power systems. In the next decades, power systems are expected to become more heavily loaded and operate closer to their stability limits and operating constraints. On top of that, in recent years, cyberattacks against computing systems and networks integrated in the power grid infrastructure are a real and growing threat. Such actions, especially in industrial environments such as power systems, are generally deemed feasible only by resource-wealthy nation state actors. This chapter challenges this perception and presents a methodology, named Open Source Exploitation (OSEXP), which utilizes information from public infrastructure to assess an advanced attack vector on power systems. The attack targets Phasor Measurement Units (PMUs) which depend on Global Positioning System (GPS) signals to provide time-stamped circuit quantities of power lines. Specifically, we present a GPS time spoofing attack using low-cost commercial devices and open source software. The necessary information for the instantiation of the OSEXP attack is extracted by developing a test case model of the power system in a digital real-time simulator (DRTS). DRTS is also employed to evaluate the effectiveness and impact of the developed OSEXP attack methodology. The presented targeted attack demonstrates that an actor with limited budget has the ability to cause significant disruption to a nation.

Critical infrastructure protection requires a testing environment that allows the testing of different kinds of equipment, software, networks, and tools to develop vital functions of the critical industrial environment. Used electrical equipment must be reliable, capable and maintain a stable critical industrial ecosystem. An industrial business needs to develop cybersecurity capabilities that detect and prevent IT/ICT and OT/ICS threats in an industrial environment. The emerging trend has been to create security operations center (SOC) services to detect ICS-related threats in enterprise networks. The energy supply sector must consist of crucial elements for safe business continuity and supply chain management in the industrial sector. Threats have changed into a combination of threat types. Hybrid threats may prevent everyday industrial activities, processes, and procedures so that supply chain problems may become long-lasting and affects business continuity management. The project CSG belongs to the (Cybersecurity governance of operational technology in the sector connected smart energy) research project consortium of Business Finland’s Digital Trust Programme. The first research paper regarding the CSG (Cyber Security Governance) project concentrates on the applied theory background of this project. The research provides a research approach for investigating cyber security at the operational and technical levels. It answers the questions of where to concentrate on OT-related cyber security research and how we aim to deploy a testbed to develop a governance model in the CSG project. The study's primary purpose is to describe the operating OT-SOC environment and analyze system requirements for optimizing situational awareness in the testbed environment.

According to [Dolgui, Alexandre, and Jean Marie Proth. 2010. Supply Chain Engineering: Useful Methods and Techniques. Vol. 539. Springer.], advancing tactical levels in production systems has led to the disappearance of static scheduling in favour of dynamic scheduling. Additionally, the evolving challenges in the supply chain paradigm have significantly impacted the organisation of production systems. This shift has moved scheduling issues from the tactical to the strategic level, resulting in linear organisations encompassing scheduling decisions. [Proth, Jean Marie. 2007. “Scheduling: New Trends in Industrial Environment.” Annual Reviews in Control 31 (1): 157–166. https://doi.org/10.1016/j.arcontrol.2007.03.005.] emphasised that real-time scheduling in production systems has become a pivotal area of research. He presented several open problems for researchers to address in this context, including (1) the development of real-time algorithms capable of handling multiple operations on the same product and unrelated resources, (2) adapting previous schedules with certain modifications, (3) addressing unforeseen actions that arise randomly in real-time planning, and (4) exploring cyclic scheduling problems with size limits as alternative solutions to heuristic approaches. This paper reviews the evolving trends in light of J.M. Proth's predictions and advice within the aforementioned domains.

Human–robot collaboration in industrial environments: A literature review on non-destructive disassembly

Despite the literature exploring the factors of adopting information technology (IT) applications for the logistics industry, Radio Frequency Identification (RFID) is still considered an innovative technology, because of its unique characteristics compared with other IT applications. To avoid the negative effects derived from careless IT investments, companies in Taiwan's logistics industry must evaluate the factors that could affect the adoption of RFID prior to its introduction. This research employed encoding and utilized a questionnaire survey with the aim of assessing the factors that affect the adoption of this technology within the industry. Based on the results of discriminant analysis and verification, this investigation found that competition in the marketplace, pressure of transaction partners, suppliers' industry environment, cost, integration of supply chain strategy, complexity of RFID, and mutual standard were among the critical factors. This research anticipates these factors as crucial and beneficial for the initial introduction phase of RFID adoption.

Different process automation requirements among university students and researchers prompted the design and development of a data acquisition and control board for use in automation activities and for taking readings in educational laboratories and industrial environments, using open-source software and hardware. This study includes a detailed description of the solution that was developed to respond to these needs: it begins by presenting the different components that make up the system, which was designed around the Arduino Due platform. It then provides a detailed functional description of these before discussing preliminary trials that were carried out using the test board. These trials proved that the main components function correctly and point to the need to continue work on the prototype board to obtain more conclusive evidence that the expected results have been achieved and to check all component interactions on the final version.