Cyber Research Center - Industrial Control Systems - CRC-ICS

  • "Industrial Espionage is the main Reason for Cyber Attacks!"
  • "Airports & Airlines are Interesting Targets for Political Motivated Groups!"

Cyber Research: Cyber Terrorism, Threat Intelligence and Exploitation

Security, Cyber Security  and Cyber Terrorism challenges  today  are  very  real  and  wide-ranging  with  significant  implications across most critical  sectors  of  our  society in  order  to  address  this  situation  cyber security research  needs  to  be  applicable  across  multiple  domains  and  communities. Cyber Terrorism and Cyber Security  are  no  longer  the  sole  purview  of  risk managers, computer  scientists  and  engineers;  it  needs  to  also  be  accessible  to  researchers and practitioners  in  critical  infrastructure  domains  such  as  energy, transportation,  manufacturing,  finance,  healthcare,  economics,  human  behavior,  and  many others.
Security and cyber security challenges today are very real and wide-ranging with significant implications across most critical sectors of our society in order to address thsi situation cyber security research needs to be applicable across multiple domains and communities. Cyber Risk Landscape by Motivation and Impact (www.CRC-ICS.net)
For  research  in  cyber security  to  be  impact-full,  it  must  be  based  on  both  sound  science  and on  the  real  world best practices. Security architectures  and industrial designs are  needed  that  provide  generic security frameworks and reference architectures that allow  for specialized,  domain specific instantiations.
This  architectural  principle is  more important  than  the actual connection  fabric and  it moves  the  discussion  of  research  from  one  of  realization mechanisms  to  the  higher level  design  and safety & security  requirements  that can deal with current and future Cyber Security / Terrorism threats and operations.

The Cyber Research Center - Industrial Control Systems has focused the research to a limited set of topics: Cyber Terrorism, Threat Intelligence and Exploitation; Security Reference Architectures for Industrial Control Systems; Cyber (Security) Assessments; Cyber Governance Guide and Models.

Cyber Terrorism: The New Reality

Threat Intelligence & Exploitation

Threat Intelligence and Analytics are key elements in understanding and protecting ICS environments. Cyber-terrorosts operate in a wild west of unregulated and international virtual spaces. Cyber Threat Intelligence and Exploitation (www.CRC-ICS.net)Threat Intelligence and Analytics are a key elements in understanding and protecting ICS environments. Cyber-Terrorists operate in a Wild West of unregulated and international virtual spaces. The rise of the global jihad movement in the recent decades has coincided with the expansion and development of online communication platforms. He goes on to explain that these anonymous platforms are ideal for terrorists as they are decentralized, outside the scope of restriction, without censorship, and openly accessible to whoever wants them, all while bypassing 'traditional channels of authority' and empowering non-state actors as a result.
First, it is crucial to define 'Cyber-Terrorism' as a concept. As the Federal Bureau of Investigation (FBI) says, cyber-terrorists are different from other cyber threats such as hackers, hackers for hire, and global cyber syndicates. More specifically, the FBI defines Cyber-Terrorism as 'premeditated, politically motivated attack against information, computer systems, computer programs and data which results in violence against non-combatant targets by sub-national groups or clandestine agents.'

Cyber Terrorism: Why Use Threat Intelligence (TI)?
Threat Intelligence gives insights on attackers and their capabilities, providing invaluable information to enhance the security level. When companies use such intelligence, they can focus their actions on several crucial points to efficient protect themselves. Threat-Intelligence-Analysis-2015 (www.CRC-ICS.net)Threat Intelligence gives insights on attackers and their capabilities, providing invaluable information to enhance the security level. When companies use such intelligence, they can focus their actions on several crucial points to efficiently protect themselves:
  • Who is attacking: TI helps defenders attribute attacks/malicious activities to certain groups (cyber criminals, hacktivists, government/national agencies, etc.)
  • Why they are doing it: knowing who is behind an attack helps defenders understand their adversary’s motivations, how much effort they would put into an attack (advanced persistent threat [APT] vs opportunistic attacks), and how business/industry-specific such attacks could be.
  • What they are after: with this information defenders can prioritize their actions based on the importance of the asset or assets the attackers are targeting.
  • How they are proceeding: the so-called tactics, techniques, and procedures (TTPs) give insight about the way adversaries typically proceed, the tools and infrastructures they use, and more.
  • Where they come from: correlating an adversary’s country of origin with its geopolitical situation can help defenders understand their enemies.
  • How to recognize them: also dubbed indicators of compromise (IOC) or artifacts, these technical telltales (IP addresses, hashes, etc.) provide clear information that can be used to detect and signal a malicious presence.
  • How to mitigate them: information about the steps a company can take to protect itself.
  • All of these questions are directly connected to each other.
    Threat intelligence can be presented at two different levels, depending on the intended audience. On the one hand it can be at a strategic-level: it is human-readable, not too technical, and is meant to be solely processed by humans (e.g., C-suite personnel) to give them insight into the threat impact on business continuity, helping them make the right decisions. Typical formats of strategic intelligence are reports or newsletters for instance.
    Alternatively, intelligence can also be at the operational-level: once retrieved by SOC analysts, this machine-readable data is consumed by devices to make them able to act upon threats.

    Security Reference Architecture for Industrial Control Systems

    The model of a conceptual reference architecture compliant with the ISA99 / IEC62443 standards is based on a layerd model that addresses the connection with the internet drilled down to the level of process control equipment. Security Reference Architecture for Industrial Control Systems (www.CRC-ICS.net)Within modern TCP/IP based environments, such as the corporate infrastructure for managing the business that drives operations in a control system, there are technology-related vulnerabilities that need to be addressed. Historically, these issues have been the responsibility of the corporate IT security organization, usually governed by security policies and operating plans that protect vital information assets. Clearly, the main concern as control systems become part of these large architectures is providing security procedures that cover the control system domain as well. Contemporary network-based communications have security issues that must be addressed in the control system domain, as unique vendor-specific protocols and assumed legacy system security is not adequate to protect mission critical systems. So a security reference architecture for industrial control systems based on the ISA99 / IEC62443 standard is a must have to better protect and secure critical operations.

    Cyber / Security Assessment Guide - ICS/CI v3.8

    Security assessments should be bounded by a detailed assessment plan that specifies a schedule and budget, targets and goals, expected deliverables, hardware and resource requirements, rules of engagement and recovery procedures. Cyber Security Assessment Guide (www.CRC-ICS.net)Security assessments should be bounded by a detailed assessment plan that specifies a schedule and budget, targets and goals, expected deliverables, hardware and resource requirements, rules of engagement, and a recovery procedure. The Industrial Control Systems - Cyber Assessment Guide, will help organisations in assessing their current status in Security in Industrial Control Systems / Critical Infrastructures. The Cyber Assessment Guide is NOT a Risk Analysis itself, it is a helpful instrument to assess your current security activities, procedures, techniques and controls. The Cyber Assessment Guide is addressing the answers organisations should ask themselves, the Cyber Governance Guide both based on the Cyber Governance Model is addressing the topics more in detail.

    Cyber Governance Model / Guide for ICS/CI

    There is a strong need for a cyber governance model and guide for ICS which can help organisations drive their cyber awareness, cyber resistance and cyber resilience programs more effectively. Cyber Governance Model part of the Cyber Governance Guide (www.CRC-ICS.net)The increased focus on cyber security can mainly be attributed to the technological transformation we are going through with the emergence of cloud, analytics, mobile and social (CAMS) as a mainstream focus connected to today's industrial control systems environments. This all is creating a pressing need for a Cyber Governance Model and Guide for ICS which can help organisations drive their Cyber Awareness, Cyber Resistance and Cyber Resilience programs more effectively. The Cyber Governance Guide can be used in close correlation with the Cyber Assessment Guide.