ICS Projects
CSIT has two projects funded as part of RITICS, the UK’s national Research Institute in Trustworthy Inter-connected Cyber-physical Systems (https://ritics.org/ ), CAPRICA and COSMIC.
CAPRICA: Converged Approach towards Resilient Industrial control systems and Cyber Assurance
Research outcomes:
- We developed a technology platform enabling islanded microgrid to operate synchronized with main grid , supported via real-time control, utilizing PMU data, which is secure from IT perspective
- A secure network protocol gateway was developed with the first implementation of IEC 61850-90-5 using the full security suite
- Intrusion detection tools were created for insecure legacy devices operating IEEE C37.118.2 network communications
COSMIC: Cloud-enabled Operation, Security, Monitoring, and Forensics
Challenges:
- ICS systems have high deployment complexity, often lack security patches/updates and deployed to last for several decades.
- Currently deployed ICS were not designed with the future Industry 4.0 vision in mind.
- Presence of legacy systems not only introduce security and privacy issues, but also prohibit adoption of emerging technologies (interoperability issues).
COSMIC will embrace the inescapable migration of legacy ICS to the cloud, by investigating the secure migration of our CAPRICA platform to the cloud. The research aims are to:
- Improve security, resilience and system failover protection
- Enhanced intrusion response and cyber forensics
- Improved productivity and operations due to big data analytics
- Ease the path to integration and adoption of emerging technologies and services
ADAMA: Analysing and Detecting Advanced Multistage Attacks Against ICS
Research outcomes:
- Novel threat models where nine recent real-world attacks against ICS were analysed, and key commonalities identified. A set of metrics that focus on cyber-physical aspects of smart grids has been proposed.
- Virtual test-bed environments have been developed to closely match the operation of a realistic smart grid network, using the IEC 60870-5-104 protocol. Novel attack methods have been investigated, particularly in data exfiltration. Machine learning approaches have been applied and tested against realistic attack scenarios for attack detection in a IEC 60870-5-104 SCADA environment.
- An evidential network model has been demonstrated that can take sensor information from intrusion detection systems, firewalls, etc, and infer the security status of the system, i.e. predict the likelihood that abnormal sensor readings imply a cyber attack is taking place.
SPARKS: Smart Grid Protection Against Cyber Attacks
PRECYSE: Prevention, Protection and Reaction to Cyber Attacks on Critical Infrastructures
Publications
Our research papers in ICS security can be found at