RITICS: Trustworthy Industrial Control Systems

Lead Research Organisation: Imperial College London
Department Name: Institute for Security Science and Tech

Abstract

Industrial control systems (ICSs) can take on a range of configurations, involving diverse mixtures of hardware, software, human inputs, network topologies and communication protocols. Generally, an ICS instance may be described as a set of supervisory devices -- including a single device in some cases -- which, through the acquisition of data and the ability to issue instructions, controls the actions and reactions of field devices responsible for the execution of an industrial process or processes. In large utility scale industrial processes, ICSs are manifest as Supervisory Control and Data Acquisition (SCADA) systems; characterised by geographically dispersed control targets requiring centralised management over disparate communication networks, often using diverse protocols and modalities, with varying reliability and latency. At more local scales, such as may be found in manufacturing plants, access to high reliability networks enables ICS specification to be freed of SCADA type constraints, giving rise to ICS manifestations referred to as Distributed Control Systems (DCSs). Examined on even smaller scales, specialised computers known as Programmable Logic Controllers (PLCs) provide control of small numbers of devices and in some cases may represent the entire ICS for a small organisation -- where the scale of a DCS may well be inappropriate. It follows that SCADA systems are often comprised of numerous DCS and PLC subsystems and components.

Typically, data input in ICSs is provided by a series of sensors and semi-automated input procedures and control output is issued to field devices such as actuators, switches and other components. Often, general definitions of ICSs stop here, neglecting to include the complex human behavioural and wider organisational policy aspects that are integral to the real-world use and integrity of such systems. Therefore, whenever referring to ICS of any form, this bid will implicitly include such factors, as to neglect doing so would significantly limit the mission of developing trustworthy ICSs, from the outset.

Some of the key trends in the development and implementation of ICS of relevance to this bid may be summarised as: the evolution of organisations towards adopting IT solutions to support ICS functions, despite the lack of organisational cultures/structures where the utility and security of both are planned and managed in joint technical committees; increased availability and uptake of ICS solutions in industry of varying scales due to factors such as the drive towards the use of COTS protocols/code modules/middleware for ICS design and delivery (eg: http://openscada.org/); increased interconnectivity of organisations' cyber infrastructures motivated by economic and efficiency drivers; the move toward decentralised control, exploiting edge computing advances; and the loss of expertise in legacy ICS components (configurations, dependencies and failure modes).

From both the perspectives of attack success probability and consequence, any one of the above suggest an increase of threat risk to ICSs that would be worth considering. Viewed in combination, however, the argument for increased risk becomes far more explicit and the complexity of the vulnerabilities that need to be addressed begins to become apparent. ICSs are integral to utility, manufacturing and processing industries of all scales and, as a result, the socio-economic impact of their compromise or failure has the potential to be very significant.

This research project will address Challenge 3 of the call document: ``What could be novel, effective and efficient interventions?''. In particular, we expect to produce models and tools in support of effective interventions.

Planned Impact

Some of the main outputs of our initial work will include: a mapping of known/well understood cyber threat mitigation strategies to the ICS threat space, identifying the quick wins; revealing potential drivers, policies and initiatives that are needed at various scales for implementing mitigation measures and identifying barriers to innovation and adoption of good practices; and identifying technology, organisational social-science and behavioural capability gaps for threat mitigation risk and containing impact within scales. In the longer term we expect to design novel models and tools in support of efficient and effective interventions.

Our impact on the industrial sector will focus on two main areas: extending knowledge by deepening the understanding of the threats, vulnerabilities and risks in the ICS domain; expanding capability through building new technical capabilities. Specifically, we will: undertake underpinning research on ICS security; develop research techniques to identify areas of higher risks in ICS; and, in the longer term, apply the results of our research to build innovative solutions. This will maker it safer to conduct business in one part of cyberspace by providing trustworthy industrial control systems.

One role of RITICS will be to identify security challenges from the ICS domain and expose the academic community to them -- this will provide a new source of intellectually challenging and practically-oriented problems for the academic cyber security community to address.

The results of our investigation will have an impact on the education of developers of Industrial Control Systems. We expect to acquire a better understanding of common weaknesses and associated vulnerabilities which will inform our teaching programs and, through CPNI and other government agencies, could be disseminated more widely to the practitioner community.
 
Description In addition to coordinating the work of the 5 universities involved in RITICS, we pursued an active research programme at Imperial. The main findings included: development of algorithms for the optimisation of portfolios of cyber controls for protecting industrial control systems (ICS) and an evaluation of defence-in-depth strategies; a study of the role of software/hardware diversification in protecting ICS against malware intrusion; development of algorithms for the analysis of network traffic based on deep learning; and a preliminary study of adversarial machine learning. The PI also served on a Cyber Security Advisory Board that led to the development of a national cyber security strategy for the railway sector and contributed to an ERNCIP project on the certification of ICS components.
Exploitation Route RITICS is being continued for a further 5 years with funding from EPSRC and the National Cyber Security Centre/Cabinet Office.
Sectors Construction

Digital/Communication/Information Technologies (including Software)

Energy

Manufacturing

including Industrial Biotechology

Security and Diplomacy

Transport

URL http://www.ritics.org
 
Description The PI was a member of the Cyber Security Advisory Group for the Rail Safety and Standards Board. The Group has developed a Cyber Security Strategy for the UK Railways which was adopted by the Rail Delivery Group in January 2017 (ISST, Imperial College London is acknowledged as part of the CSAG). The PI was a member of the Industrial and Automated Control Systems Thematic Group of the European Research Network on Critical Infrastructure Protection. He contributed to the development of the framework for the cybersecurity certification of IACS components (https://erncip-project.jrc.ec.europa.eu/sites/default/files/JRC102550_introduction-to-iccf_erncip-iacs-tg-onlineversion.pdf).
First Year Of Impact 2015
Sector Digital/Communication/Information Technologies (including Software),Transport
Impact Types Policy & public services

 
Description KIOS Research and Innovation Centre of Excellence
Amount € 15,000,000 (EUR)
Funding ID 739551 
Organisation European Commission H2020 
Sector Public
Country Belgium
Start 03/2017 
End 02/2024
 
Description Research Institute in Trustworthy Inter-connected Cyber-physical Systems (RITICS)
Amount £659,036 (GBP)
Funding ID EP/R022844/1 
Organisation Engineering and Physical Sciences Research Council (EPSRC) 
Sector Public
Country United Kingdom
Start 01/2018 
End 12/2022
 
Description UK/Singapore Collaboration Scheme
Amount £203,000 (GBP)
Funding ID EP/N020138/1 
Organisation Engineering and Physical Sciences Research Council (EPSRC) 
Sector Public
Country United Kingdom
Start 03/2016 
End 04/2018
 
Description Collaboration with the NCSC Research Institute in Trustworthy Inter-connected Cyber-physical Systems (RITICS) 
Organisation University of Bristol
Department Department of Computer Science
Country United Kingdom 
Sector Academic/University 
PI Contribution Memberships of RITICS Advisory Board. Collaboration on new tasks on IoT in Control activity.
Collaborator Contribution Membership of the PETRAS Steering Group. Collaboration on new tasks on IoT in Control.
Impact This is a relatively new collaboration, so there are no outputs or outcomes yet.
Start Year 2017