Cyber Security and Industrial Control

SystemsSystems

Chris Hankin

October 2014

Hackmageddon.com

Hackmageddon.com

Hackmageddon.com

The Changing Cyber Security Landscape

• Recent issues: Heartbleed and ShellShock

• Worms: Stuxnet

• Remote Access Trojans: Havex

• Advanced Persistent Threats

Last 3 targeted at disrupting ICS operation:

Convergence of ICS and Enterprise IT ...

... but with major differences:

• Time critical versus high throughput

• Continuous operation

• Increased importance of edge clients

• Complex interactions with physical processes

• Resource constraints

• Legacy issues: 15-20+ years of operation

• Access to components can be difficult

A change of emphasis ...

C

I

A

Espionage

I

A

I

C

... not forgetting: Maintainability, Reliability and Safety

Espionage

Sabotage

Key Questions / Challenges

Do we understand the harm threats pose to our ICS systems and business?

Can we confidently articulate these Can we confidently articulate these threats as business risk?

What could be novel effective and efficient interventions?

Research Institute in Trustworthy Industrial Control Systems

£2.4M programme, 5 coordinated projects.

Phase 1 (Directorship) awarded 01/01/14,

Chris Hankin, Imperial College London.

Phase 2 awarded 01/10/14.

Key challenges:

1. Mapping cyber threat to physical harm: do

we understand the harm that threats pose

to ICS and business?

MUMBA: Multifaceted metrics for

ICS business risk analysis

RITICS: Novel, effective and

efficient interventions

to ICS and business?

2. Do we understand and can we confidently

articulate these threats as business risk?

3. What are the novel effective and efficient

interventions?

CAPRICA: Converged approach towards

resilient industrial control systems and

cyber assurance

CECRICS: Communicating and evaluating

cyber risk and dependencies in ICS

SCEPTICS: A systematic

evaluation process for threats to ICS

(incl. national grid and rail networks)

Thank you