Intro to the 7th CS2HEP

• Stefan Lueders (CERN)

Room: Williamsburg Room

The perspective of a small cog in a big machine

• Kathryn Baker (ISIS/STFC)

Room: Williamsburg Room The work of the experiment controls group at the ISIS Pulsed Neutron and Muon Source is only a small part of what STFC does. This talk will endeavour to show the difficulties that can be faced between the disparate needs of an organisation like STFC and the practicalities of supporting a science research programme.

An update on Cyber Security at Diamond Light Source

• Mark Heron (Diamond)

Room: Williamsburg Room An increased awareness of the threat from ineffective cyber security has simulated Diamond Light Source to assess how cyber security is managed. I will explain the drivers and process we are going through to achieve this. I will also touch on what I see as some of the open issues we all face in effective management of cyber security in large scientific facilities.

The Control System Infrastructure team has deployed a dedicated isolated environment to support Safety Systems development at ESS

• Stephane Armanet (ESSS)

Room: Williamsburg Room We have tried to take advantage of our standardised infrastructure components for controls like virtualization, centralized storage, system orchestration and software deployment strategy. Because we already have all these components in place for our Control System IT infrastructure we have decided to treat engineering workstations as disposable components in an isolated and dedicated virtualized environment. We have designed the environment to control who and when users can access the development environment, from which device, to which workstations and what they can run in this environment.

Cybersecurity in the Cherenkov Telescope Array

• Igor Oya (Cherenkov Telescope Array Observatory gGmbh)

Room: Williamsburg Room The Cherenkov Telescope Array (CTA) is the next-generation atmospheric Cherenkov gamma-ray observatory. CTA will be deployed as two installations, one in the Northern and the other in the Southern Hemisphere, containing dozens of telescopes of different sizes and designs, used for covering different energy domains. These telescopes, as well as many auxiliary instruments, will be coordinated by the Array Control and Data Acquisition (ACADA) software. An Integrated Protection System will take care of personnel and machine protection. Every morning after the observations, ACADA will deliver to a Data Processing and Preservation System the raw data acquired during the night for further processing in the offsite CTA data centers. An offline Science User Support System will deliver to ACADA the mid-term schedule. The mid-term schedule will be used by ACADA to determine automatically the night observations, taking into account the weather, incoming transient alerts, and laser traffic control systems on the sites. This contribution summarises the cybersecurity situation and plans in the CTA project.

SPES Control System Cyber Security aspects

• Maurizio Montis (INFN)

Room: Williamsburg Room In SPES project, EPICS has been chosen as framework to realize and renovate the control system for both the principal linear accelerator and the new lines under construction. This new architecture is in continuous evolution, both under functionality and security aspects and these aspects are reflected into the organization of control system hardware, software and data, which are organized to guarantee the computer security. In this scenario, a new network was designed in order to manage and control the new ecosystem. This talk wants to describe and expose the actual status and the experiences related to manage and supervise the SPES Control System Cyber Security

Cyber Attack! Super Computers under Siege

• Lisa Belk (LLNL)

Room: Williamsburg Room Trailblazing scientific facilities are attractive targets for cyber criminals. Hear about data breaches and recovery efforts at the Lawrence Livermore National Laboratory, home of elite high performance computers and the world’s most energetic laser.

Lessons from DOE IG Audit of Security of Industrial Control Systems

• Karen White (Oak Ridge National Laboratory)

Room: Williamsburg Room The Spallation Neutron Source (SNS) at the Oak Ridge National Laboratory makes heavy use of commercial industrial controls technology and methods to implement the machine control system. In particular, the SNS conventional facilities, vacuum, target and various protection system controls are implemented using Allan-Bradley PLCs and programming software. The US Department of Energy, Office of the Inspector General conducted an audit entitled “Security Over Industrial Control Systems at Select Department of Energy Locations” in June 2019. This report summarizes their findings and recommendations to identify lessons that can be applied to machine control systems using industrial controls technology.

Keeping Up with the Joneses

• James Jamilkowski (BNL)

Room: Williamsburg Room

Vulnerability management at ESS

• Remy Mudingay (ESSS)

Room: Williamsburg Room Vulnerability management can be a complex and cumbersome process to implement and manage. At ESS, we aim to simplify the process by using iterative steps to assesses and manage vulnerabilities. The architecture presented therein describes how we organize assessments, taking into account control system components, focusing on Issue creation & tracking and patch management.

Detecting IoT Devices and How They put Large Heterogeneous Networks at Security Risk

• Stefan Lueders (CERN)

Room: Williamsburg Room The introduction of the Internet of Things (IoT) was a big revolution by interconnecting embedded devices over the network made for specific purposes. IoT has changed the world we live in from the way we measure, make calls, print information and even the way we get energy in our offices or homes. There are a lot of categories of IoT devices like printers, closed-circuit television cameras (CCTV), programmable logic controller (PLCs), IP phones, network storage devices, oscilloscopes and many more. As IoT devices started growing, security issues have emerged. For end-users, functionality or convenience aspects of IoT products matter more than focusing on security. We take this fact as a motivation for our work and developed a tool that detects IoT devices by automatically scanning the network. We found 19 categories of devices with our NetScanIoT tool and then performed a vulnerability assessment of these heterogeneous devices manually over the large-scale network at European Organization for Nuclear Research (CERN). We hereby discovered that even administrators of IoT devices working in the IT sector do not configure their devices properly. In this paper, we propose a method to identify IoT devices using the web interface as a start for security experts, when assessing the risk of IoT devices. We evaluated our approach with 11 categories of devices installed in CERN, which include 42 device models manufactured by 26 vendors across the world. Web-IoT Detection (WID) identifies the manufacturer, device model, and the firmware version currently running on the device.