SCEPTICS: A SystematiC Evaluation Process for Threats to Industrial Control Systems
Lead Research Organisation:
University of Birmingham
Department Name: Electronic, Electrical and Computer Eng
Abstract
Industrial Control Systems underpin almost all aspects of life in the UK, the power network operated by the National Grid and the rail network, which is over seen by the Rail Safety and Standards Board (RSSB) are two key examples of this.
In this project we will work with the National Grid and RSSB to perform a detailed security analysis of their systems, looking for possible points of cyber attack and building an understanding of the impact of possible failures. This will lead to better security for these important systems.
Based on what we learn from this analysis we will work with the company Level 3 TRL and Parsons Brinckerhoff to generalise our methods into business processes that other owners of industrial control systems can use to help ensure their systems are safe from cyber attacks.
In this project we will work with the National Grid and RSSB to perform a detailed security analysis of their systems, looking for possible points of cyber attack and building an understanding of the impact of possible failures. This will lead to better security for these important systems.
Based on what we learn from this analysis we will work with the company Level 3 TRL and Parsons Brinckerhoff to generalise our methods into business processes that other owners of industrial control systems can use to help ensure their systems are safe from cyber attacks.
Planned Impact
Industrial Control Systems (ICS) underpin almost all aspects of life in the UK, the systems that the National Grid and the Rail Safety and Standards Board are responsible for are key examples of this. We will help these organisations develop better methods with which to scope their systems, identify harm threats and understand the impacts of compromises. This will, in turn, lead to better security for these important systems and everyone who uses them.
A longer-term impact will be the documented security analysis processes that we will produced as part of this process. These processes will allow other ICS owners to repeat our analysis and identify harm threats and vulnerabilities in their own systems. This process will be developed in partnership with Level3 TRL to ensure that it is a useable, repeatable business process. This work will potentially help all ICS owners so helping to involve the overall cyber security of the UK.
A longer-term impact will be the documented security analysis processes that we will produced as part of this process. These processes will allow other ICS owners to repeat our analysis and identify harm threats and vulnerabilities in their own systems. This process will be developed in partnership with Level3 TRL to ensure that it is a useable, repeatable business process. This work will potentially help all ICS owners so helping to involve the overall cyber security of the UK.
Organisations
- University of Birmingham (Lead Research Organisation)
- CPNI (Co-funder)
- National Cyber Security Centre (Collaboration)
- IBM (Collaboration)
- Thales Group (Collaboration)
- NCC Group (Collaboration)
- BOMBARDIER INC. (Collaboration)
- Siemens AG (Collaboration)
- Atkins (United Kingdom) (Collaboration)
- L3Harris (United Kingdom) (Project Partner)
- WSP Civils (United Kingdom) (Project Partner)
- Rail Safety and Standards Board (United Kingdom) (Project Partner)
- National Grid (United Kingdom) (Project Partner)
Publications
Deng N
(2016)
Small-signal Stability Analysis and Control System Design of a Meshed Multi-terminal High-Voltage Direct Current Grid with a Current Flow Controller
in Electric Power Components and Systems
Yang C
(2018)
Real-Time FPGA-RTDS Co-Simulator for Power Systems
in IEEE Access
Zhao X
(2016)
A Wind-Wave Farm System With Self-Energy Storage and Smoothed Power Output
in IEEE Access
Xue Y
(2017)
Reactive Power and AC Voltage Control of LCC HVDC System With Controllable Capacitors
in IEEE Transactions on Power Systems
Li J
(2016)
Small Signal Stability of Fractional Frequency Transmission System With Offshore Wind Farms
in IEEE Transactions on Sustainable Energy
Xue Y
(2018)
RTDS-based HIL testing platform for complex modern electricity transmission systems
in The Journal of Engineering
Guan R
(2018)
Advanced RTDS-based studies of the impact of STATCOM on feeder distance protection
in The Journal of Engineering
Description | The SCEPTICS project has developed a set of systems level common processes that can be applied by ICT professionals within the rail industry to scope their own industrial control systems, allowing them to get a broad understanding of the potential risks of cyber attack, and delivering sets of priority areas / systems to investigate using more detailed threat analysis tools and approaches. Further, the SCEPTIC projects has developed a new Key Management and Distribution Scheme for use in the European Rail Traffic Management System (ERTMS). Its aim is to simplify key management and improve cross-border operations through hierarchical partitioning. The current scheme used in ERTMS involves the creation and distribution of 3DES keys to train and trackside entities, which are then used as part of the Euro Radio Protocol to provide message authentication. This results in the distribution of tens of thousands of keys using portable media, a prohibitively high burden on management and resourcing. The project has developed a symmetric key solution, TRAKS, which has the benefit of being backwards compatible with the current ERTMS standard and being post-quantum secure. This new scheme reduces the number of cryptographic keys in circulation, and maintains the current security model. This is achieved by dynamically deriving unique keys from a shared secret, i.e. the line secret, which is combined with IDs of trains, and of signalling equipment. In addition to providing better key management, the scheme also adds authentication to the location data provided by EuroBalises. |
Exploitation Route | The SCEPTICS project team is now working within the UK Railway Research and Innovation Network (UKRRIN - https://www.ukrrin.org.uk/) with the National Cyber Security Centre and a number of rail industry partners to take forward the results of the project. Spec |
Sectors | Digital/Communication/Information Technologies (including Software) Security and Diplomacy Transport |
URL | https://ritics.org/sceptics/ |
Description | The SCEPTICS project has worked extensively with the rail industry (and adjacent industries) throughout the project. This has resulted in ongoing collaborations with the RITICS (Research Institute in Trust-worthy Inter-connected Cyber-physical Systems) consortium (http://ritics.org), which has resulted in further, higher TRL, work supported by the National Cyber Security Centre. Further, direct collaborations to enable knowledge transfer of the results are taking place within the Data Integration and Cyber-Security theme within the new UK Rail Research and Innovation Network (UKRRIN) Centre of Excellence in Digital Systems, which is led by the University of Birmingham (https://www.ukrrin.org.uk/). Knowledge transfer activities have resulted in the identification and development of new approaches to eliminate security risks in a number of railway subsystems, for example, the identification of cybersecurity vulnerabilities in the European Railway Traffic Management System (ERTMS) and the development of new security approaches to overcome this issues. |
Sector | Digital/Communication/Information Technologies (including Software),Security and Diplomacy,Transport |
Impact Types | Policy & public services |
Description | Effective Solutions for the NIS Directive - Supply Chain Requirements for Third Party Devices |
Amount | £300,000 (GBP) |
Organisation | National Cyber Security Centre |
Sector | Public |
Country | United Kingdom |
Start | 01/2019 |
End | 01/2021 |
Description | UKRRIN Centre of Excellence in Digital Systems |
Amount | £28,100,000 (GBP) |
Organisation | Higher Education Funding Council for England |
Sector | Public |
Country | United Kingdom |
Start | 03/2018 |
End | 03/2020 |
Description | NCC Group |
Organisation | NCC Group |
Country | United Kingdom |
Sector | Private |
PI Contribution | Analysis in railway-specific equipment including GSM-R handsets and Lineside telephone equipment for security assurance research. |
Collaborator Contribution | Provision of equipment budget and procurement of devices which would not have been previously possible. |
Impact | Security analysis of rail equipment and future research collaborations. |
Start Year | 2017 |
Description | NCSC Small Equipment Grant |
Organisation | National Cyber Security Centre |
Country | United Kingdom |
Sector | Public |
PI Contribution | Carrying out cybersecurity analyses of trusted devices used in the rail sector. |
Collaborator Contribution | Providing financial assistance to procure rail-specific equipment. |
Impact | Analyses of rail-specific devices which has fed into a successful grant into the implications of poor supply chain security. |
Start Year | 2017 |
Description | UKRRIN Centre of Excellence in Digital Systems |
Organisation | Bombardier Inc. |
Department | Bombardier Transportation |
Country | Germany |
Sector | Private |
PI Contribution | We lead the new UK Rail Research and Innovation Network. This is a collaboration between 8 universities and 16 companies. The network comprises of 3 Centres of Excellence: Digital Systems - led by Birmingham; Rolling Stock - led by Huddersfield with Newcastle and Loughborough; and Infrastructure - led by Southampton with Sheffield, Nottingham, Loughborough and Heriot Watt. |
Collaborator Contribution | £28.1M has been secured from the Higher Education Funding Council for England. There is contract private investment for 16 companies totally £64.4m. The Digital Centre of Excellence will lead on four themes, one of which is cybersecurity. |
Impact | No outcomes yet. |
Start Year | 2018 |
Description | UKRRIN Centre of Excellence in Digital Systems |
Organisation | IBM |
Department | IBM UK Ltd |
Country | United Kingdom |
Sector | Private |
PI Contribution | We lead the new UK Rail Research and Innovation Network. This is a collaboration between 8 universities and 16 companies. The network comprises of 3 Centres of Excellence: Digital Systems - led by Birmingham; Rolling Stock - led by Huddersfield with Newcastle and Loughborough; and Infrastructure - led by Southampton with Sheffield, Nottingham, Loughborough and Heriot Watt. |
Collaborator Contribution | £28.1M has been secured from the Higher Education Funding Council for England. There is contract private investment for 16 companies totally £64.4m. The Digital Centre of Excellence will lead on four themes, one of which is cybersecurity. |
Impact | No outcomes yet. |
Start Year | 2018 |
Description | UKRRIN Centre of Excellence in Digital Systems |
Organisation | Siemens AG |
Department | Siemens Mobility |
Country | Global |
Sector | Private |
PI Contribution | We lead the new UK Rail Research and Innovation Network. This is a collaboration between 8 universities and 16 companies. The network comprises of 3 Centres of Excellence: Digital Systems - led by Birmingham; Rolling Stock - led by Huddersfield with Newcastle and Loughborough; and Infrastructure - led by Southampton with Sheffield, Nottingham, Loughborough and Heriot Watt. |
Collaborator Contribution | £28.1M has been secured from the Higher Education Funding Council for England. There is contract private investment for 16 companies totally £64.4m. The Digital Centre of Excellence will lead on four themes, one of which is cybersecurity. |
Impact | No outcomes yet. |
Start Year | 2018 |
Description | UKRRIN Centre of Excellence in Digital Systems |
Organisation | Thales Group |
Department | Thales UK Limited |
Country | United Kingdom |
Sector | Private |
PI Contribution | We lead the new UK Rail Research and Innovation Network. This is a collaboration between 8 universities and 16 companies. The network comprises of 3 Centres of Excellence: Digital Systems - led by Birmingham; Rolling Stock - led by Huddersfield with Newcastle and Loughborough; and Infrastructure - led by Southampton with Sheffield, Nottingham, Loughborough and Heriot Watt. |
Collaborator Contribution | £28.1M has been secured from the Higher Education Funding Council for England. There is contract private investment for 16 companies totally £64.4m. The Digital Centre of Excellence will lead on four themes, one of which is cybersecurity. |
Impact | No outcomes yet. |
Start Year | 2018 |
Description | UKRRIN Centre of Excellence in Digital Systems |
Organisation | WS Atkins |
Department | Atkins Rail |
Country | United Kingdom |
Sector | Private |
PI Contribution | We lead the new UK Rail Research and Innovation Network. This is a collaboration between 8 universities and 16 companies. The network comprises of 3 Centres of Excellence: Digital Systems - led by Birmingham; Rolling Stock - led by Huddersfield with Newcastle and Loughborough; and Infrastructure - led by Southampton with Sheffield, Nottingham, Loughborough and Heriot Watt. |
Collaborator Contribution | £28.1M has been secured from the Higher Education Funding Council for England. There is contract private investment for 16 companies totally £64.4m. The Digital Centre of Excellence will lead on four themes, one of which is cybersecurity. |
Impact | No outcomes yet. |
Start Year | 2018 |
Title | The SCEPTICS Tool for Threat Analysis |
Description | The SCEPTICS tool allows Industrial Control System Asset Owners to be able to assess the security characteristics of their system architectures and identify potential sources for exploitation. The tool also allows the asset owner to test strategies for improving the holistic security of their architectures. |
Type Of Technology | Webtool/Application |
Year Produced | 2018 |
Impact | The SCEPTICS tool is currently under closed testing with industrial partners and subject to wider revisions. Following discussions with Operators of Essential Services, there is an identified need for such a tool, specifically to communicate cybersecurity issues to engineers who may not have the necessary experience and expertise. |
Description | AIT Symposium on Cybersecurity |
Form Of Engagement Activity | Participation in an open day or visit at my research institution |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Industry/Business |
Results and Impact | Attendance at the AIT SPARKS Project symposium, talking about the outputs of the SCEPTICS projects and discussions about related research. |
Year(s) Of Engagement Activity | 2017 |
Description | Atkins workshop (8th Nov.) |
Form Of Engagement Activity | Participation in an open day or visit at my research institution |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Industry/Business |
Results and Impact | Engagement with cyber security team at Atkins rail looking at potential for future exploitation of SCEPTICS outcomes. |
Year(s) Of Engagement Activity | 2017 |
Description | Chair and Presentation of the Rail Cyber Security Summit 2016 |
Form Of Engagement Activity | Participation in an activity, workshop or similar |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Industry/Business |
Results and Impact | Chaired and presented at the first one-day Rail Cyber Security Summit. |
Year(s) Of Engagement Activity | 2016 |
Description | Cybersecurity Workshop at RSSB (14th March) |
Form Of Engagement Activity | Participation in an activity, workshop or similar |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Industry/Business |
Results and Impact | Workshop hosted by RSSB with invited audience from across the rail sector (supply chain, operators, infrastructure managers and policy makers) to present cybersecurity research in the rail sector at the University. |
Year(s) Of Engagement Activity | 2016 |
Description | Department for Transport engagement (16th Jan) |
Form Of Engagement Activity | Participation in an activity, workshop or similar |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Policymakers/politicians |
Results and Impact | Hosted transport cyber security team members from DfT at the University to discuss the SCEPTICS project and it's outcomes - led to larger follow-up workshop at DfT |
Year(s) Of Engagement Activity | 2018 |
Description | Discussion at DfT NIS Industry Event (3rd April) |
Form Of Engagement Activity | Participation in an open day or visit at my research institution |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Industry/Business |
Results and Impact | Discussions with DfT and Operators of Essential Services regarding the impact of the NIS Directive for cybersecurity (relating to outputs of the SCEPTICS project). |
Year(s) Of Engagement Activity | 2018 |
Description | Dissemination at cyber security reception at the Polish Embassy (5th June) |
Form Of Engagement Activity | Participation in an open day or visit at my research institution |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Professional Practitioners |
Results and Impact | Attended reception host by Polish ambassador aim at strengthening links in cyber. Used opportunity to network with other attendees and disseminate project. |
Year(s) Of Engagement Activity | 2017 |
Description | Engagement at Department for Transport (2nd Feb.) |
Form Of Engagement Activity | Participation in an activity, workshop or similar |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Policymakers/politicians |
Results and Impact | Full day event at DfT to disseminate outcomes of the SCEPTICS project to various teams. |
Year(s) Of Engagement Activity | 2018 |
Description | High Integrity Software 2015 |
Form Of Engagement Activity | A formal working group, expert panel or dialogue |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Professional Practitioners |
Results and Impact | Talk at "Formal Security Analysis of Critical Infrastructure" at "High Integrity Software 2015" http://his-2015.co.uk/session/formal-security-analysis-of-critical-infrastructure. |
Year(s) Of Engagement Activity | 2015 |
URL | http://his-2015.co.uk/session/formal-security-analysis-of-critical-infrastructure |
Description | ICS Research Showcase (Co-located with other RIs) (17 October) |
Form Of Engagement Activity | Participation in an activity, workshop or similar |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Industry/Business |
Results and Impact | Joined the rest of the RITICS consortium at the annual ICS research showcase event to discuss the SCEPTICS outcomes and present a poster. |
Year(s) Of Engagement Activity | 2017 |
Description | ICS Showcase event (NCSC, 16th October) |
Form Of Engagement Activity | Participation in an activity, workshop or similar |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Professional Practitioners |
Results and Impact | Participated in ICS cyber research showcase event hosted by NCSC. Presented 2 posters on the SCEPTICS project. |
Year(s) Of Engagement Activity | 2017 |
Description | Meeting with Thales |
Form Of Engagement Activity | A formal working group, expert panel or dialogue |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Professional Practitioners |
Results and Impact | Discussion with 5 people from Thales to discuss future working collaborations out of the SCEPTICS project. |
Year(s) Of Engagement Activity | 2017 |
Description | NCC Trust Forum - Rail Cybersecurity (6th June) |
Form Of Engagement Activity | Participation in an open day or visit at my research institution |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Professional Practitioners |
Results and Impact | Discussion of the SCEPTICS project with NCC colleagues, which fostered the later equipment grant. |
Year(s) Of Engagement Activity | 2017 |
Description | NCSC ACE-CSR Conference (28th June) |
Form Of Engagement Activity | A formal working group, expert panel or dialogue |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Professional Practitioners |
Results and Impact | Presentation on current research at the ACE-CSR conference in front of >100 cybersecurity academics, which led to the working collaboration between the University and NCC group. |
Year(s) Of Engagement Activity | 2017 |
Description | Network Rail engagement event (24th Nov.) |
Form Of Engagement Activity | Participation in an activity, workshop or similar |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Industry/Business |
Results and Impact | Full-day engagement event at Network Rail disseminating SCEPTICS finds to their comms and signalling team leads |
Year(s) Of Engagement Activity | 2017 |
Description | Presentation and Discussion with RSSB (15th Dec) |
Form Of Engagement Activity | A formal working group, expert panel or dialogue |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Industry/Business |
Results and Impact | Working discussion on cybersecurity issues in the rail sector, discussing existing work and strategic partnerships for future work. |
Year(s) Of Engagement Activity | 2015 |
Description | Presentation at ICS Cybersecurity London (26 March) |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Industry/Business |
Results and Impact | Presentation to an audience of 40 at the ICS Cybersecurity Event, led by the MUMBA project, presenting the SCEPTICS project and active work, sparking opportunities for further research. |
Year(s) Of Engagement Activity | 2016 |
Description | Presentation at Transport Security Live (Olympia) 2016 |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Industry/Business |
Results and Impact | Presentation on railway cyber-security issues at general transportation event. Identified commonality between the approaches adopted by different modes. |
Year(s) Of Engagement Activity | 2016 |
Description | Presentation to ICS Cyber Security Conference |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Industry/Business |
Results and Impact | Presentation to industry conference |
Year(s) Of Engagement Activity | 2016 |
Description | Presentation to Railway Safety and Standards Board |
Form Of Engagement Activity | A formal working group, expert panel or dialogue |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Policymakers/politicians |
Results and Impact | Talk to RSSB on 29 September 2015. |
Year(s) Of Engagement Activity | 2015 |
Description | Presentation to Transport Security Live (part of Counter Terrorism Expo 2015) |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Industry/Business |
Results and Impact | Presentation on the challenges faced by the Rail industry with respect to securing its Industrial Control Systems. Introduction of SCEPTICS, its aims, objectives and activities. Illustrations of how the SCEPTICS team will help industry professionals scope their ICS and priorities targets for in-depth analysis. |
Year(s) Of Engagement Activity | 2015 |
Description | Presentation to industry stakeholders (National Rail Enquiries) |
Form Of Engagement Activity | Participation in an activity, workshop or similar |
Part Of Official Scheme? | No |
Geographic Reach | Regional |
Primary Audience | Industry/Business |
Results and Impact | Presentation on the Aims, Objectives and Planned Activities of the project to Network Rail Enquiries. |
Year(s) Of Engagement Activity | 2015 |
Description | Presentation to industry stakeholders (Network Rail & BAE Systems) |
Form Of Engagement Activity | Participation in an activity, workshop or similar |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Industry/Business |
Results and Impact | Presentation on the Aims, Objectives and Planned Activities of the project to Network Rail and security contractors from BAE Systems. |
Year(s) Of Engagement Activity | 2015 |
Description | Presenting outputs of SCEPTICS (RSSRail 13th-16th Nov) |
Form Of Engagement Activity | A formal working group, expert panel or dialogue |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Industry/Business |
Results and Impact | Presenting outputs of the SCEPTICS project at the RSSRail Conference. |
Year(s) Of Engagement Activity | 2017 |
Description | Project meeting with Arup |
Form Of Engagement Activity | A formal working group, expert panel or dialogue |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Industry/Business |
Results and Impact | Discussion about future collaborations and bid for DfT Literature Review in Rail Cybersecurity. |
Year(s) Of Engagement Activity | 2017 |
Description | Proposal discussion with NCSC (31 October) |
Form Of Engagement Activity | A formal working group, expert panel or dialogue |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Policymakers/politicians |
Results and Impact | Working discussion with NCSC over proposals (TRAKS) to validate proposals and adoptability in the UK |
Year(s) Of Engagement Activity | 2017 |
Description | Scoping discussions for cross-industry committee remit (9th June) |
Form Of Engagement Activity | A formal working group, expert panel or dialogue |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Industry/Business |
Results and Impact | Invited participation in scoping meeting for new industry systems interface committee on data in rail. Discussed SCEPTICS outcomes and implications for industry. |
Year(s) Of Engagement Activity | 2017 |
Description | Supply chain workshop - cyber security for rail (29th March) |
Form Of Engagement Activity | Participation in an activity, workshop or similar |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Industry/Business |
Results and Impact | Hosted a cyber security workshop for the rail supply chain on the 29th March on behalf of Rail Alliance. Included specific presentations on SCEPTICS outputs. |
Year(s) Of Engagement Activity | 2017 |
Description | Visit by NCC (5th April) |
Form Of Engagement Activity | Participation in an open day or visit at my research institution |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Professional Practitioners |
Results and Impact | Visit from NCC Group as part of working collaboration to work on hardware security. |
Year(s) Of Engagement Activity | 2018 |