Industrial Control Systems Cybersecurity Research Articles

Legacy ICS Cybersecurity Assessment Using Hybrid Threat Modeling—An Oil and Gas Sector Case Study

As security breaches are increasingly widely reported in today’s culture, cybersecurity is gaining attention on a global scale. Threat modeling methods (TMM) are a proactive security practice that is essential for pinpointing risks and limiting their impact. This paper proposes a hybrid threat modeling framework based on system-centric, attacker-centric, and risk-centric approaches to identify threats in Operational Technology (OT) applications. OT is made up of software and hardware used to manage, secure, and control industrial control systems (ICS), and its environments include factories, power plants, oil and gas refineries, and pipelines. To visualize the “big picture” of its infrastructure risk profile and improve understanding of the full attack surface, the proposed framework builds on several threat modeling methodologies: PASTA modeling, STRIDE, and attack tree components. Nevertheless, the continuity and stability of vital infrastructure will continue to depend heavily on legacy equipment. Thus, protecting the availability, security, and safety of industrial environments and vital infrastructure from cyberattacks requires operational technology (OT) cybersecurity. The feasibility of the proposed approach is illustrated with a case study from a real oil and gas production plant control system where numerous significant cyberattacks in recent years have targeted OT networks more frequently as hackers realized the possibility of disruption due to insufficient OT security, particularly for outdated systems. The proposed framework achieved better results in detecting threats and severity in the design of the case study system, helping to increase security and support cybersecurity assessment of legacy control systems.

Convolutional Neural Networks Based Detection System for Cyber-attacks in Industrial Control Systems

Convolutional Neural Networks (CNNs) have emerged as a powerful tool for various pattern recognition tasks, including the detection of cyber-attacks in Industrial Control Systems (ICS). This paper presents a CNN-based detection system specifically designed to safeguard ICS from sophisticated cyber threats. The proposed system leverages the capability of CNNs to automatically learn and extract high-level features from raw data, enabling it to identify anomalies indicative of cyber-attacks with high accuracy. Utilizing a comprehensive cyber-attack dataset containing 59 different types of attacks, the system is trained to distinguish between normal and malicious traffic effectively. Based on the extensive dataset, this study demonstrates that the CNN-based detection system achieves a detection rate of 98.5% and a false-positive rate of 1.2%, significantly outperforming traditional methods. The high detection rate indicates the system's ability to accurately identify a wide range of attack types, while the low false-positive rate ensures minimal disruption to normal operations due to incorrect alerts. These results underscore the system's robustness and reliability in identifying subtle and complex attack patterns. Moreover, the CNN-based system is designed to adapt to new types of attacks as it continues to learn from updated datasets, making it a scalable and future-proof solution. Implementing this system can significantly enhance the cybersecurity posture of industrial environments by providing real-time monitoring and rapid response capabilities. The CNN-based detection system offers a significant advancement in ICS cybersecurity. Effectively identifying and mitigating cyber-attacks contributes to the resilience and reliability of critical infrastructure. The proposed approach improves security measures and ensures industrial processes' continuous and safe operation, which is vital for economic stability and public safety.

Securing Industrial Control Systems: A Deep Dive into AI Approaches

In the era of increasingly interconnected infrastructures and the emergence of the Internet of Things (IoT), industrial control systems (ICS) are encountering a growing susceptibility to cyber threats. This paper delves into the growing adoption of artificial intelligence (AI) as a means to mitigate cybersecurity risks for ICS. AI-driven solutions play a pivotal role in detecting anomalies, pinpointing potential threats, and executing real-time responses to curtail risks. The authors extensively discuss the application of AI-based cybersecurity measures for ICS, encompassing techniques like anomaly detection, intrusion detection, and behavioral analysis. Furthermore, the narrative explores the challenges associated with implementing AI-centric cybersecurity solutions, such as concerns related to data privacy, system intricacies, and the imperative for continuous monitoring and updates. The authors draw upon case studies showcasing successful deployments of AI-driven cybersecurity solutions in industrial settings. Concluding the discussion, the authors propose a novel hybrid machine learning approach designed for anomaly detection in ICSs. This chapter serves as a comprehensive resource, shedding light on the role of AI in fortifying cybersecurity for industrial control systems. Its insights aim to enhance resilience against cyber-attacks, minimize the potential for system disruptions, and mitigate the risk of data breaches.

Software and Systems Engineers in ICS Security

The introduction of Industry 4.0 and IIoT has enabled the interconnection of information technology (IT) and operational technology (OT) and exposed industrial control systems to cyber threats. Industrial cybersecurity requires knowledge, skill, and collaboration between IT and OT. A comparison of graduate curricula of software engineering and systems engineering identifies competencies related to industrial control systems cybersecurity. Industry experts are interviewed to identify needs for cybersecurity skills and competencies. Results from the mapping are discussed in the context of software and systems engineering challenges in ICS cybersecurity and leveraged against industry experiences and needs expressed through interviews with three OT and IT industry professionals. The curricula mapping reveals variations in both how they are organised and expressed to the extent that subjective interpretation is required for evaluation and comparison. The interviews with the industry experts indicate a gap between graduate competence from the curricula and industry needs.

Clustered ensemble feature selection with M-GRU classification for efficient intrusion detection system of industrial systems

Industrial Control Systems (ICS) are susceptible to threats or attacks, and even minor changes or manipulation could cause major damage to industrial operations. Industrial control system cybersecurity is vital owing to the severe negative effects it could have on the economy, the environment, people, and politics. Therefore, it’s also crucial to design intrusion detection systems for industrial control systems. In this paper, an efficient intrusion detection system with clustered ensemble feature selection and a Multi-Level Modified Gated Recurrent Unit (M-GRU) classification model is proposed. This intrusion detection system with a general framework for clustered ensemble feature ranking approach is proposed to effectively find the best feature subset in network packet traffic data. The features designated are fed into a multi class classification algorithm Multi-Level Modified Gated Recurrent Unit (M-GRU) to efficiently detect the cyberattacks. Evaluation criteria including precision, accuracy, recall and F1 score are assessed and compared to other cutting-edge algorithms to assess the performance of the proposed model. The proposed model attained an average accuracy of 98.21 %. Results show that the suggested model increased the attack detection accuracy by an average of 5.935% and 0.116% when compared to the Gated Recurrent Unit, Long Short Term Memory, random forest and naïve bayes models.

RADICL CTF

To address the nationwide workforce shortage of skilled and educated cyber-informed engineers, we must develop low-cost and highly effective resources for industrial control systems education and training. College curricula in technology management, cybersecurity, and computer science aim to build students’ computational and adversarial thinking abilities but are often done only through theory and abstracted concepts [1]. To better a student’s understanding of industrial control system applications, post-secondary institutions can use gamification to increase student interest through an interactive, user-friendly, hands-on experience. RADICL CTF can provide post-secondary institutions with new opportunities for low-cost, guided exercises for industrial control system (ICS) education to help students master adversarial thinking. Based on an extension to picoCTF, RADICL CTF is a platform for students to design, implement and evaluate exercises that test their understanding of core concepts in industrial control systems cybersecurity, answering the need for more interactive education methods. The main contributions of this paper are the improvement of the cyber-security curriculum through extending the picoCTF platform to promote the gamification of industrial control system concepts with consideration to the Purdue Reference Architecture.

Design of a Novel Information System for Semi-automated Management of Cybersecurity in Industrial Control Systems

There is an urgent need in many critical infrastructure sectors, including the energy sector, for attaining detailed insights into cybersecurity features and compliance with cybersecurity requirements related to their Operational Technology (OT) deployments. Frequent feature changes of OT devices interfere with this need, posing a great risk to customers. One effective way to address this challenge is via a semi-automated cyber-physical security assurance approach, which enables verification and validation of the OT device cybersecurity claims against actual capabilities, both pre- and post-deployment. To realize this approach, this article presents new methodology and algorithms to automatically identify cybersecurity-related claims expressed in natural language form in ICS device documents. We developed an identification process that employs natural language processing (NLP) techniques with the goal of semi-automated vetting of detected claims against their device implementation. We also present our novel NLP components for verifying feature claims against relevant cybersecurity requirements. The verification pipeline includes components such as automated vendor identification, device document curation, feature claim identification utilizing sentiment analysis for conflict resolution, and reporting of features that are claimed to be supported or indicated as unsupported. Our novel matching engine represents the first automated information system available in the cybersecurity domain that directly aids the generation of ICS compliance reports.

A Survey on Industrial Control System Digital Forensics: Challenges, Advances and Future Directions

Operational Technology (OT) systems have become increasingly interconnected and automated, consequently resulting in them becoming targets of cyber attacks, with the threat towards a range of critical national infrastructure (CNI) sectors becoming heightened. This is particularly the case for Industrial Control Systems (ICS), which control and operate the physical processes in CNI sectors such as water treatment, electrical generation and manufacturing. Unlike information technology (IT) systems, ICS have unique cyber-physical characteristics and related safety requirements, making them an attractive target for attacks given the physical consequences that can occur. As a result, the requirement to respond and learn from previous and new attacks is also increasing, with digital forensics playing a significant role in this process. The aim of this paper is to discuss the main issues and existing limitations related to ICS digital forensic. The field of ICS digital forensics is relatively under-developed and does not have the same levels of maturity as IT digital forensics. Although the amount of research on cyber security for ICS is increasing, many unique challenges still exist that pose as barriers to the development and deployment of ICS forensic capabilities. We provide an extensive discussion on these challenges, categorising them into technical, socio-technical, and operational and legal themes. Furthermore, the relationship between these challenge themes as well as the inter-challenge dependencies are also examined. Furthermore, this work discusses ICS forensic advances in relation to the digital forensics life chain, specifically forensic readiness and investigations. The areas of digital forensic training and processes models for ICS are given particular focus. Moreover, we assess the technologies and tools that have been either applied to or developed for ICS components and networks, giving special attention to forensic acquisition and analysis methods. An examination into the specific ICS digital forensic data sources and artefacts is also presented, highlighting that until recently, this was limited to descriptions of generic data formats. In addition, this paper provides an overview of several key ICS attacks, summarising the specific techniques used, data artefacts of interest, and proposing lessons learnt. Finally, this paper presents open discussions on future ICS digital forensics research directions and on-going issues, covering both short and long-term areas that can be addressed to improve the ICS digital forensics capability.

DURESS SCADA: A simulation platform to study user interface design for cybersecurity of industrial control systems

Supervisory Control and Data Acquisition (SCADA) systems are widely adopted in critical infrastructures and prime targets of cyberattacks. Ecological Interface Design (EID) is postulated to be an invaluable framework for supporting operators to cope with cyber intrusions, particularly zero-day attacks because prior research has demonstrated effectiveness of ecological interfaces during unanticipated events. However, a suitable research platform is absent for studying user interface in cybersecurity of SCADA systems. This paper presents a SCADA system simulation being designed and implemented for the DURESS thermohydraulic process control simulation common in EID studies. Based on the open literature and industrial standards to ensure representativeness of industrial SCADA systems, the simulation includes two programable logical controllers, seven routers, and a server in a wired communication network. These components should be sufficient to study human response to common cyberattacks on SCADA systems and support future work in prototyping and evaluating user interfaces for SCADA cybersecurity.

An Accuracy-Maximization Approach for Claims Classifiers in Document Content Analytics for Cybersecurity

This paper presents our research approach and findings towards maximizing the accuracy of our classifier of feature claims for cybersecurity literature analytics, and introduces the resulting model ClaimsBERT. Its architecture, after extensive evaluations of different approaches, introduces a feature map concatenated with a Bidirectional Encoder Representation from Transformers (BERT) model. We discuss deployment of this new concept and the research insights that resulted in the selection of Convolution Neural Networks for its feature mapping aspects. We also present our results showing ClaimsBERT to outperform all other evaluated approaches. This new claims classifier represents an essential processing stage within our vetting framework aiming to improve the cybersecurity of industrial control systems (ICS). Furthermore, in order to maximize the accuracy of our new ClaimsBERT classifier, we propose an approach for optimal architecture selection and determination of optimized hyperparameters, in particular the best learning rate, number of convolutions, filter sizes, activation function, the number of dense layers, as well as the number of neurons and the drop-out rate for each layer. Fine-tuning these hyperparameters within our model led to an increase in classification accuracy from 76% obtained with BertForSequenceClassification’s original model to a 97% accuracy obtained with ClaimsBERT.

Learning Proposal for Cybersecurity for Industrial Control Systems Based on Problems and Established by a 4.0 Didactic Advanced-Manufacturing-Plant

Researches data indicate that the search for cybersecurity professionals to protect industrial control systems (ICS) in Brazil is increasing, mainly because of the rise in cyber-attacks directed at the industry. However, we observed a deficiency of professionals with the required competence in ICS cybersecurity, which involves technology-information fields (IT) and operational technology (OT). On the other hand, there is a lack of educational institutions with the right strategies for training professionals who master the technologies for ICS protection. This paper presents a strategy through procedures to address this lack by evaluating scenarios of practices for the development of competencies in ICS cybersecurity through the problem-based learning (PBL) methodology. The scenarios combine theory and practice involved in solving ICS cybersecurity problems, using PBL with the support of SENAI CIMATEC's 4.0 Advanced Manufacturing Plant (AMP).

Lightweight Long Short-Term Memory Variational Auto-Encoder for Multivariate Time Series Anomaly Detection in Industrial Control Systems.

Heterogeneous cyberattacks against industrial control systems (ICSs) have had a strong impact on the physical world in recent decades. Connecting devices to the internet enables new attack surfaces for attackers. The intrusion of ICSs, such as the manipulation of industrial sensory or actuator data, can be the cause for anomalous ICS behaviors. This poses a threat to the infrastructure that is critical for the operation of a modern city. Nowadays, the best techniques for detecting anomalies in ICSs are based on machine learning and, more recently, deep learning. Cybersecurity in ICSs is still an emerging field, and industrial datasets that can be used to develop anomaly detection techniques are rare. In this paper, we propose an unsupervised deep learning methodology for anomaly detection in ICSs, specifically, a lightweight long short-term memory variational auto-encoder (LW-LSTM-VAE) architecture. We successfully demonstrate our solution under two ICS applications, namely, water purification and water distribution plants. Our proposed method proves to be efficient in detecting anomalies in these applications and improves upon reconstruction-based anomaly detection methods presented in previous work. For example, we successfully detected 82.16% of the anomalies in the scenario of the widely used Secure Water Treatment (SWaT) benchmark. The deep learning architecture we propose has the added advantage of being extremely lightweight.

Vertically Integrated Pathway for Infusing Engineering Technicians with Industrial Cybersecurity Competencies

This paper describes an effort to establish a vertically integrated pathway to identify and develop industrial control systems cybersecurity talent that extends from middle school to graduate degrees, leveraging the unique strengths of career and technical education. Educators and administrators seeking to ignite student interest in cybersecurity at a young age, and to provide a clear curriculum pathway to meet employer needs in the field of industrial cybersecurity may find this effort of use.

Industrial Control System Cybersecurity Testbed with TSN Feature

Industrial Control System Cybersecurity Testbed with TSN Feature

Remote training in cybersecurity for industrial control systems

Cybersecurity is a key subject for digital transformation where institutional, industrial and educational sectors should be involved in a coordinated way. Currently, there is a lack of workforce with essential competences to apply secure solutions in an industrial environment. For that reason, in order to address this increasing demand, universities promote industrial cybersecurity courses and related programs. But training of future cybersecurity professionals in the industrial sector requires appropriate frameworks that facilitate teaching students a range of evolving technologies. In this work, a platform for remote training in cybersecurity is proposed using cabinets that include specific elements for automation and control as well as additional resources for administration and communication tasks. The platform allowed the development of two cybersecurity courses whose students were asked for feedback about the structure of the laboratory, its operation and also the learning process. The results show a wide acceptance of the platform used in the course and an improvement of students’ motivation in the subject.

Flood Type DoS Attack Mitigation Technology for Cybersecurity in Industrial Control Systems

Flood Type DoS Attack Mitigation Technology for Cybersecurity in Industrial Control Systems

Explainable Anomaly Detection for Industrial Control System Cybersecurity

Industrial Control Systems (ICSs) are becoming more and more important in managing the operation of many important systems in smart manufacturing, such as power stations, water supply systems, and manufacturing sites. While massive digital data can be a driving force for system performance, data security has raised serious concerns. Anomaly detection, therefore, is essential for preventing network security intrusions and system attacks. Many AI-based anomaly detection methods have been proposed and achieved high detection performance, however, are still a ”black box” that is hard to be interpreted. In this study, we suggest using Explainable Artificial Intelligence to enhance the perspective and reliable results of an LSTM-based Autoencoder-OCSVM learning model for anomaly detection in ICS. We demonstrate the performance of our proposed method based on a well-known SCADA dataset.

Analyzing the Impact of Cybersecurity on Monitoring and Control Systems in the Energy Sector

Monitoring and control systems in the energy sector are specialized information structures that are not governed by the same information technology standards as the rest of the world’s information systems. Such industrial control systems are also used to handle important infrastructures, including smart grids, oil and gas facilities, nuclear power plants, water management systems, and so on. Industry equipment is handled by systems connected to the internet, either via wireless or cable connectivity, in the present digital age. Further, the system must work without fail, with the system’s availability rate being of paramount importance. Furthermore, to certify that the system is not subject to a cyber-attack, the entire system must be safeguarded against cyber security vulnerabilities, threats, and hazards. In addition, the article looks at and evaluates cyber security evaluations for industrial control systems, as well as their possible impact on the accessibility of industrial control system operations in the energy sector. This research work discovers that the hesitant fuzzy-based method of the Analytic Hierarchy Process (AHP) and the Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) is an operational procedure for estimating industrial control system cyber security assessments by understanding the numerous characteristics and their impacts on cyber security industrial control systems. The author evaluated the outputs of six distinct projects to determine the quality of the outcomes and their sensitivity. According to the results of the robustness analysis, alternative 1 shows the utmost effective cybersecurity project for the industrial control system. This research work will be a conclusive reference for highly secure and managed monitoring and control systems.

CNN based method for the development of cyber-attacks detection algorithms in industrial control systems

Extensive communication between smart devices in contemporary Industrial Control Systems (ICS) opens up a vast area for different cyber-attacks and malicious threats. The negative effects of these attacks can not only disrupt or completely disable the system functioning, but also they can have serious safety related consequences. Therefore, cybersecurity in ICS becomes one of the most important issues. In this paper we propose a method for the design of algorithms for the detection of cyber-attacks on communication links between smart devices. The method belongs to the class of semi-supervised data driven approaches and it is based on Convolutional Neural Networks (CNN). Starting from a predefined range of network hyperparameters and data obtained from system operation without attacks, the proposed method autonomously selects suitable CNN architecture and thresholds for online intrusion detection. Following the characteristics of ICS, the proposed intrusion detection is host based, and in our research we consider the structure of ICS and the feasibility of the attack detection algorithm implementation on control system devices. The method is experimentally verified using two case studies. In the first case study that refers to the publicly available dataset obtained from Secure Water Treatment (SWaT) testbed, we present a comparative analysis of the developed method with alternative approaches. The second case study considers a custom developed electro-pneumatic positioning system; in this system we carry out the real-world implementation and validation of the intrusion detection algorithm developed using the proposed method.

Operational Technology on Construction Sites: A Review from the Cybersecurity Perspective

The digital transformation in the construction industry affects how information is exchanged and disrupts the way construction sites operate. The levels of operational technology (OT) to control and monitor site activities by utilizing robotic, autonomous, and remotely controlled machines raise cybersecurity concerns. As construction sites are places where humans and machines work together, the potential safety outcomes of cybersecurity vulnerabilities are magnified. This study’s motivation was to understand the current state of the art and identify gaps to suggest future directions regarding OT in construction from the cybersecurity perspective. To achieve that, a bibliometric analysis was conducted. The analysis utilized the Scopus database to retrieve related publications and VOSviewer version 1.6.15 software to visualize bibliometric networks. Main research themes were identified, and each theme was reviewed from a cybersecurity perspective. The limitations of the analysis include the lack of industry-based categorization, the domination of publications focusing on the cybersecurity of industrial control systems (ICSs), and the set of keyword combinations used for the literature search that could be expanded to cover a broader range of research topics. The findings reveal the lack of focus on the construction phase in the construction cybersecurity research. Moreover, cybersecurity aspects are absent in the construction automation studies, and there is a need for bespoke threat modeling and intrusion detection systems for all the phases of construction projects. Suggestions for further research on the potential threats against the construction phase are provided. Future directions include possible adaptations of the available cybersecurity frameworks considering the utilization of OT on construction sites and investigating the methods to evaluate security levels on construction sites and countermeasures against cyberattacks.