{"id":23,"date":"2016-03-21T15:19:05","date_gmt":"2016-03-21T15:19:05","guid":{"rendered":"https:\/\/blogs-staging.imperial.ac.uk\/security-institute\/?p=23"},"modified":"2016-03-21T15:36:00","modified_gmt":"2016-03-21T15:36:00","slug":"security-of-industrial-control-systems","status":"publish","type":"post","link":"https:\/\/blogs-staging.imperial.ac.uk\/security-institute\/2016\/03\/21\/security-of-industrial-control-systems\/","title":{"rendered":"Security of Industrial Control Systems"},"content":{"rendered":"<p><strong><em>A post by <a href=\"http:\/\/www.imperial.ac.uk\/people\/c.hankin\">Professor Chris Hankin<\/a>, Director ISST<\/em><\/strong><\/p>\n<p>Operational Technology (OT), as distinct from Information Technology (IT), refers to the hardware and software that controls an industrial process.\u00a0 Despite increasing similarities between OT and IT architectures and components there are quite fundamental differences in the make-up of cyber attacks on each.\u00a0 In <a href=\"http:\/\/www.langner.com\/en\/wp-content\/uploads\/2013\/11\/To-kill-a-centrifuge.pdf\"><em>To Kill a Centrifuge<\/em><\/a>, an in-depth technical analysis of the Stuxnet attack, Ralph Langner has already identified three distinct layers of a sophisticated cyber-physical attack: the IT, the Industrial Control Systems (ICS) and the physical layers.\u00a0 The SANS Institute in the U.S. has recently published an <a href=\"https:\/\/www.sans.org\/reading-room\/whitepapers\/ICS\/industrial-control-system-cyber-kill-chain-36297#__utma=195150004.1101849023.1458562212.1458562212.1458562212.1&amp;__utmb=195150004.10.9.1458562336091&amp;__utmc=195150004&amp;__utmx=-&amp;__utmz=195150004.1458562212.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided)&amp;__utmv=-&amp;__utmk=17864057\">anatomy of cyber attacks\u00a0 on ICS<\/a>, involving two multi-phase stages: 1) cyber intrusion preparation and execution \u2013 what can be thought of as intelligence gathering; and 2) ICS attack development and execution.<\/p>\n<p>Since it is generally the physical damage that grabs headlines, and there hasn\u2019t been much news about attacks on ICS, one must assume that a significant proportion of the incidents reported to ICS-Cert each year (roughly 250) are intelligence gathering operations.\u00a0 The recent attack on the Ukrainian power grid may have added a third, post-attack stage \u2013 a distributed denial of service (DDoS) attack on the energy company to prevent reporting of outages and slow down the restoration of power.<\/p>\n<p>Against this backdrop, the UK government sponsored <a href=\"https:\/\/www.epsrc.ac.uk\/newsevents\/news\/cyberattackthreatscriticalinfrastructure\/\">Research Institute in Trustworthy ICS<\/a> \u00a0(RITICS) is addressing three key questions:<\/p>\n<ol>\n<li>Can we develop frameworks for assessing the physical harm that might arise from cyber attacks?<\/li>\n<li>Can we better communicate risk that arises from cyber threats?<\/li>\n<li>Can we develop new defensive measures?<\/li>\n<\/ol>\n<p>RITICS is hosted at Imperial College London and is a partnership of 5 universities: Imperial, Queen\u2019s University Belfast, the University of Birmingham, Lancaster University and City University London.<\/p>\n<p>&nbsp;<\/p>\n<p>We are approaching Question 1 with use-cases from transport and energy; Question 2 with use-cases from transport, energy and water; and Question 3 with use-cases from energy.\u00a0 It is still early days in our work, but we hope to offer new insights and techniques to ICS providers, owners and operators \u2013 and we are open to new industrial partners.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"843\" class=\"aligncenter  wp-image-25\" src=\"https:\/\/blogs-staging.imperial.ac.uk\/security-institute\/files\/2016\/03\/RITICS-Generic-Architecture-1024x843.png\" alt=\"RITICS Generic Architecture\" \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A post by Professor Chris Hankin, Director ISST Operational Technology (OT), as distinct from Information Technology (IT), refers to the hardware and software that controls an industrial process.\u00a0 Despite increasing similarities between OT and IT architectures and components there are quite fundamental differences in the make-up of cyber attacks on each.\u00a0 In To Kill a [&hellip;]<\/p>\n","protected":false},"author":961,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29377],"tags":[],"class_list":["post-23","post","type-post","status-publish","format-standard","hentry","category-cyber-security"],"_links":{"self":[{"href":"https:\/\/blogs-staging.imperial.ac.uk\/security-institute\/wp-json\/wp\/v2\/posts\/23","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs-staging.imperial.ac.uk\/security-institute\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs-staging.imperial.ac.uk\/security-institute\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs-staging.imperial.ac.uk\/security-institute\/wp-json\/wp\/v2\/users\/961"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs-staging.imperial.ac.uk\/security-institute\/wp-json\/wp\/v2\/comments?post=23"}],"version-history":[{"count":14,"href":"https:\/\/blogs-staging.imperial.ac.uk\/security-institute\/wp-json\/wp\/v2\/posts\/23\/revisions"}],"predecessor-version":[{"id":36,"href":"https:\/\/blogs-staging.imperial.ac.uk\/security-institute\/wp-json\/wp\/v2\/posts\/23\/revisions\/36"}],"wp:attachment":[{"href":"https:\/\/blogs-staging.imperial.ac.uk\/security-institute\/wp-json\/wp\/v2\/media?parent=23"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs-staging.imperial.ac.uk\/security-institute\/wp-json\/wp\/v2\/categories?post=23"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs-staging.imperial.ac.uk\/security-institute\/wp-json\/wp\/v2\/tags?post=23"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}