Biblio
with the continuous growing threat of cyber terrorism, the vulnerability of the industrial control systems (ICS) is the most common subject for security researchers now. Attacks on ICS systems keep increasing and their impact leads to human safety issues, equipment damage, system down, unusual output, loss of visibility and control, and various other catastrophic failures. Many of the industrial control systems are relatively insecure with chronic and pervasive vulnerabilities. Modbus-Tcpis one of the widely used communication protocols in the ICS/ Supervisory control and data acquisition (SCADA) system to transmit signals from instrumentation and control devices to the main controller of the control center. Modbus is a plain text protocol without any built-in security mechanisms, and Modbus is a standard communication protocol, widely used in critical infrastructure applications such as power systems, water, oil & gas, etc.. This paper proposes a passive security solution called Deep-security-scanner (DSS) tailored to Modbus-Tcpcommunication based Industrial control system (ICS). DSS solution detects attacks on Modbus-TcpIcs networks in a passive manner without disturbing the availability requirements of the system.
Aiming at the requirements of network access control, illegal outreach control, identity authentication, security monitoring and application system access control of information network, an integrated network access and behavior control model based on security policy is established. In this model, the network access and behavior management control process is implemented through abstract policy configuration, network device and application server, so that management has device-independent abstraction, and management simplification, flexibility and automation are improved. On this basis, a general framework of policy-based access and behavior management control is established. Finally, an example is given to illustrate the method of device connection, data drive and fusion based on policy-based network access and behavior management control.
This research provides security and safety extensions to a blockchain based solution whose target is e-health. The Advanced Blockchain platform is extended with intelligent monitoring for security and machine learning for detecting patient treatment medication safety issues. For the reasons of stringent HIPAA, HITECH, EU-GDPR and other regional regulations dictating security, safety and privacy requirements, the e-Health blockchains have to cover mandatory disclosure of violations or enforcements of policies during transaction flows involving healthcare. Our service solution further provides the benefits of resolving the abnormal flows of a medical treatment process, providing accountability of the service providers, enabling a trust health information environment for institutions to handle medication safely, giving patients a better safety guarantee, and enabling the authorities to supervise the security and safety of e-Health blockchains. The capabilities can be generalized to support a uniform smart solution across industry in a variety of blockchain applications.
With the rapid development of Internet of Things applications, the power Internet of Things technologies and applications covering the various production links of the power grid "transmission, transmission, transformation, distribution and use" are becoming more and more popular, and the terminal, network and application security risks brought by them are receiving more and more attention. Combined with the architecture and risk of power Internet of Things, this paper first proposes the overall security protection technology system and strategy for power Internet of Things; then analyzes terminal identity authentication and authority control, edge area autonomy and data transmission protection, and application layer cloud fog security management. And the whole process real-time security monitoring; Finally, through the analysis of security risks and protection, the technical difficulties and directions for the security protection of the Internet of Things are proposed.
Digital twins open up new possibilities in terms of monitoring, simulating, optimizing and predicting the state of cyber-physical systems (CPSs). Furthermore, we argue that a fully functional, virtual replica of a CPS can also play an important role in securing the system. In this work, we present a framework that allows users to create and execute digital twins, closely matching their physical counterparts. We focus on a novel approach to automatically generate the virtual environment from specification, taking advantage of engineering data exchange formats. From a security perspective, an identical (in terms of the system's specification), simulated environment can be freely explored and tested by security professionals, without risking negative impacts on live systems. Going a step further, security modules on top of the framework support security analysts in monitoring the current state of CPSs. We demonstrate the viability of the framework in a proof of concept, including the automated generation of digital twins and the monitoring of security and safety rules.
The connection of automotive systems with other systems such as road-side units, other vehicles, and various servers in the Internet opens up new ways for attackers to remotely access safety relevant subsystems within connected cars. The security of connected cars and the whole vehicular ecosystem is thus of utmost importance for consumer trust and acceptance of this emerging technology. This paper describes an approach for on-board detection of unanticipated sequences of events in order to identify suspicious activities. The results show that this approach is fast enough for in-vehicle application at runtime. Several behavior models and synchronization strategies are analyzed in order to narrow down suspicious sequences of events to be sent in a privacy respecting way to a global security operations center for further in-depth analysis.
The focus of this paper is to propose an integration between Internet of Things (IoT) and Video Surveillance, with the aim to satisfy the requirements of the future needs of Video Surveillance, and to accomplish a better use. IoT is a new technology in the sector of telecommunications. It is a network that contains physical objects, items, and devices, which are embedded with sensors and software, thus enabling the objects, and allowing for their data exchange. Video Surveillance systems collect and exchange the data which has been recorded by sensors and cameras and send it through the network. This paper proposes an innovative topology paradigm which could offer a better use of IoT technology in Video Surveillance systems. Furthermore, the contribution of these technologies provided by Internet of Things features in dealing with the basic types of Video Surveillance technology with the aim to improve their use and to have a better transmission of video data through the network. Additionally, there is a comparison between our proposed topology and relevant proposed topologies focusing on the security issue.
Cyber security operations centre (CSOC) is an essential business control aimed to protect ICT systems and support an organisation's Cyber Defense Strategy. Its overarching purpose is to ensure that incidents are identified and managed to resolution swiftly, and to maintain safe & secure business operations and services for the organisation. A CSOC framework is proposed comprising Log Collection, Analysis, Incident Response, Reporting, Personnel and Continuous Monitoring. Further, a Cyber Defense Strategy, supported by the CSOC framework, is discussed. Overlaid atop the strategy is the well-known Her Majesty's Government (HMG) Protective Monitoring Controls (PMCs). Finally, the difficulty and benefits of operating a CSOC are explained.
When the system is in normal state, actual SCADA measurements of power transfers across critical interfaces are continuously compared with limits determined offline and stored in look-up tables or nomograms in order to assess whether the network is secure or insecure and inform the dispatcher to take preventive action in the latter case. However, synchrophasors could change this paradigm by enabling new features, the phase-angle differences, which are well-known measures of system stress, with the added potential to increase system visibility. The paper develops a systematic approach to baseline the phase-angles versus actual transfer limits across system interfaces and enable synchrophasor-based situational awareness (SBSA). Statistical methods are first used to determine seasonal exceedance levels of angle shifts that can allow real-time scoring and detection of atypical conditions. Next, key buses suitable for SBSA are identified using correlation and partitioning around medoid (PAM) clustering. It is shown that angle shifts of this subset of 15% of the network backbone buses can be effectively used as features in ensemble decision tree-based forecasting of seasonal security margins across critical interfaces.
Enforcing security in process-aware information systems at runtime requires the monitoring of systems' operation using process information. Analysis of this information with respect to security and compliance aspects is growing in complexity with the increase in functionality, connectivity, and dynamics of process evolution. To tackle this complexity, the application of models is becoming standard practice. Considering today's frequent changes to processes, model-based support for security and compliance analysis is not only needed in pre-operational phases but also at runtime. This paper presents an approach to support evaluation of the security status of processes at runtime. The approach is based on operational formal models derived from process specifications and security policies comprising technical, organizational, regulatory and cross-layer aspects. A process behavior model is synchronized by events from the running process and utilizes prediction of expected close-future states to find possible security violations and allow early decisions on countermeasures. The applicability of the approach is exemplified by a misuse case scenario from a hydroelectric power plant.