Friday, October 28, 2016 3 years ago Vienna, Austria

MWR's William Jardine will be presenting research he co-authored on Selective Non-Invasive Active Monitoring for ICS Intrusion Detection at CPS-SPC in Vienna.

Event Description

Cyber-Physical Systems (CPS) integrate computing and communication capabilities with monitoring and control of entities in the physical world. These systems are usually composed of a set of networked agents, including sensors, actuators, control processing units, and communication devices. While some forms of CPS are already in use, the widespread growth of wireless embedded sensors and actuators is creating several new applications in areas such as medical devices, autonomous vehicles, and smart infrastructure, and is increasing the role that the information infrastructure plays in existing control systems such as in the process control industry or the power grid.

Many CPS applications are safety-critical: their failure can cause irreparable harm to the physical system under control, and to the people who depend, use or operate it. In particular, critical cyber-physical infrastructures such as the electric power generation, transmission and distribution grids, oil and natural gas systems, water and waste-water treatment plants, and transportation networks play a fundamental and large-scale role in our society and their disruption can have a significant impact to individuals, and nations at large. Securing these CPS infrastructures is therefore vitally important.

Similarly because many CPS systems collect sensor data non-intrusively, users of these systems are often unaware of their exposure. Therefore in addition to security, CPS systems must be designed with privacy considerations.

To address some of these issues, we invite original research papers on the security and/or privacy of Cyber-Physical Systems.

Talk presented by MWR

  • Time: 10:00:00
  • Room: Lecture Hall E in Hofburg Palace
  • Topic: SENAMI: Selective Non-Invasive Active Monitoring for ICS Intrusion Detection
  • Speakers: William Jardine
  • Description: Industrial Control Systems (ICS) are bespoke computer systems that control things like national critical infrastructure. Specifically, the project was focused on water treatment ICS, using Lancaster University's water testbed. The research also includes the specifics of the Stuxnet attack on an Iranian nuclear facility, which used the same ICS hardware as the Lancaster testbed. The work is an Intrusion Detection System (IDS) for these Siemens ICS, which seeks to highlight the deficiencies of standard passive/network IDS alone for detecting very targeted ICS cyber attacks. So it uses "active" monitoring, which requests values directly from the PLC devices that control the ICS. Specifically, it uses "selective, non-invasive active monitoring" (hence the name: SENAMI) of a few specific values to detect Stuxnet-like attempts to disrupt monitoring.



Accreditations & Certificates

MWR is an accredited member of The Cyber Security Incident Response Scheme (CSIR) approved by CREST (Council of Registered Ethical Security Testers).
MWR is certified under the Cyber Incident Response (CIR) scheme to deal with sophisticated targeted attacks against networks of national significance.
We are certified to comply with ISO 9001 and 14001 in the UK, internationally accepted standards that outline how to put an effective quality and environmental management systems in place.
MWR is certified to comply with ISO 27001 to help ensure our client information is managed securely.
As an Approved Scanning Vendor MWR is approved by PCI SSC to conduct external vulnerability scanning services to PCI DSS Requirement 11.2.2.
We are members of the Council of Registered Ethical Security Testers (CREST), an organisation serving the needs of the information security sector.
MWR is a supplier to the Crown Commercial Service (CCS), which provides commercial and procurement services to the UK public sector.
MWR is a Qualified Security Assessor, meaning we have been qualified by PCI to validate other organisation's adherence to PCI DSS.
As members of CHECK we are measured against high standards set by NCSC for the services we provide to Her Majesty's Government.
MWR’s consultants hold Certified Simulated Attack Manager (CCSAM) and Certified Simulated Attack Specialist (CCSAS) qualifications and are authorized by CREST to perform STAR penetration testing services.