7th Control System Cyber-Security Workshop (CS)2/HEP

Williamsburg Room (Marriott at the Brooklyn Bridge)

Williamsburg Room

Marriott at the Brooklyn Bridge

333 Adams Street Brooklyn, NY 11201 USA
Stefan Lueders (CERN)

Since Stuxnet in 2010, attacks against industrial control systems are regularly reported in the media; new vulnerabilities are regularly published and exploited; and politicians become more and more concerned about the resilience of the control systems controlling a nations critical infrastructure...

Modern accelerator and detector control systems do not differ significantly from the control systems used in industry or devices being part of the "Internet-of-Things" (IoT). Modern Information Technologies (IT) are commonly used, control systems are based more and more on common-of-the-shelf hardware/software (VME, PLCs, VxWorks, LynxOS, network switches, networked controls hardware, SCADA, commercial middleware, etc.) or Windows/Linux PCs. Furthermore, due to the academic freedom in the High Energy Physics community, control systems are produced in a wide, decentralized community, which leads to heterogeneous systems and often necessitates remote access. However, with this adoption of modern IT standards, control systems are also exposed to the inherent vulnerabilities of the corresponding hardware and software. The consequences of a security breach in an accelerator or detector control system might be severe, and attackers won't ignore HEP systems just because it's HEP.

Presentations by several HEP institutes worldwide on the application of Cyber-Security in Control Systems were given at the 6th ICALEPCS conference. This new (CS)2/HEP workshop is intended to continue sharing and discussing counter-measures, to review configuration and development procedures for secure control systems, and to review the progress since the last (CS)2/HEP workshop.

Potential Keywords and topics are:

  • Security, vulnerabilities and protective measures of front end devices (e.g. VME, LynxOS, VxWorks, PLCs, power supplies, networked controls hardware);
  • Control network security, network architectures, network segregation, firewalling and intrusion detection;
  • SCADA security, PC installation and management schemes;
  • Secure ("Kiosk") operation in multi-user environments (e.g. at light-sources, where users change quite frequently);
  • Authentication & Authorization on control systems;
  • Remote operations and expert interventions;
  • Software development and system configuration management;
  • Security policies, best practices, security events and lessons learned.
    • 09:00 09:40
    • 09:40 10:00
      The perspective of a small cog in a big machine 20m

      The work of the experiment controls group at the ISIS Pulsed Neutron and Muon Source is only a small part of what STFC does. This talk will endeavour to show the difficulties that can be faced between the disparate needs of an organisation like STFC and the practicalities of supporting a science research programme.

      Speaker: Mrs Kathryn Baker (ISIS/STFC)
    • 10:00 10:30
      Coffee Break 30m
    • 10:30 11:00
      An update on Cyber Security at Diamond Light Source 30m

      An increased awareness of the threat from ineffective cyber security has simulated Diamond Light Source to assess how cyber security is managed. I will explain the drivers and process we are going through to achieve this. I will also touch on what I see as some of the open issues we all face in effective management of cyber security in large scientific facilities.

      Speaker: Mr Mark Heron (Diamond)
    • 11:00 11:30
      The Control System Infrastructure team has deployed a dedicated isolated environment to support Safety Systems development at ESS 30m

      We have tried to take advantage of our standardised infrastructure components for controls like virtualization, centralized storage, system orchestration and software deployment strategy.
      Because we already have all these components in place for our Control System IT infrastructure we have decided to treat engineering workstations as disposable components in an isolated and dedicated virtualized environment.
      We have designed the environment to control who and when users can access the development environment, from which device, to which workstations and what they can run in this environment.

      Speaker: Stephane Armanet (ESSS)
    • 11:30 12:00
      Cybersecurity in the Cherenkov Telescope Array 30m

      The Cherenkov Telescope Array (CTA) is the next-generation atmospheric Cherenkov gamma-ray observatory. CTA will be deployed as two installations, one in the Northern and the other in the Southern Hemisphere, containing dozens of telescopes of different sizes and designs, used for covering different energy domains. These telescopes, as well as many auxiliary instruments, will be coordinated by the Array Control and Data Acquisition (ACADA) software. An Integrated Protection System will take care of personnel and machine protection. Every morning after the observations, ACADA will deliver to a Data Processing and Preservation System the raw data acquired during the night for further processing in the offsite CTA data centers. An offline Science User Support System will deliver to ACADA the mid-term schedule. The mid-term schedule will be used by ACADA to determine automatically the night observations, taking into account the weather, incoming transient alerts, and laser traffic control systems on the sites. This contribution summarises the cybersecurity situation and plans in the CTA project.

      Speaker: Igor Oya (Cherenkov Telescope Array Observatory gGmbh)
    • 12:00 13:15
      Lunch Break 1h 15m
    • 13:15 13:45
      SPES Control System Cyber Security aspects 30m

      In SPES project, EPICS has been chosen as framework to realize and renovate the control system for both the principal linear accelerator and the new lines under construction.
      This new architecture is in continuous evolution, both under functionality and security aspects and these aspects are reflected into the organization of control system hardware, software and data, which are organized to guarantee the computer security. In this scenario, a new network was designed in order to manage and control the new ecosystem.
      This talk wants to describe and expose the actual status and the experiences related to manage and supervise the SPES Control System Cyber Security

      Speaker: Mr Maurizio Montis (INFN)
    • 13:50 14:20
      Cyber Attack! Super Computers under Siege 30m

      Trailblazing scientific facilities are attractive targets for cyber criminals. Hear about data breaches and recovery efforts at the Lawrence Livermore National Laboratory, home of elite high performance computers and the world’s most energetic laser.

      Speaker: Ms Lisa Belk (LLNL)
    • 14:25 14:55
      Lessons from DOE IG Audit of Security of Industrial Control Systems 30m

      The Spallation Neutron Source (SNS) at the Oak Ridge National Laboratory makes heavy use of commercial industrial controls technology and methods to implement the machine control system. In particular, the SNS conventional facilities, vacuum, target and various protection system controls are implemented using Allan-Bradley PLCs and programming software. The US Department of Energy, Office of the Inspector General conducted an audit entitled “Security Over Industrial Control Systems at Select Department of Energy Locations” in June 2019. This report summarizes their findings and recommendations to identify lessons that can be applied to machine control systems using industrial controls technology.

      Speaker: Ms Karen White (Oak Ridge National Laboratory)
    • 15:00 15:30
    • 15:30 16:00
      Coffee Break 30m
    • 16:00 16:30
      Vulnerability management at ESS 30m

      Vulnerability management can be a complex and cumbersome process to implement and manage. At ESS, we aim to simplify the process by using iterative steps to assesses and manage vulnerabilities. The architecture presented therein describes how we organize assessments, taking into account control system components,
      focusing on Issue creation & tracking and patch management.

      Speaker: Mr Remy Mudingay (ESSS)
    • 16:30 17:00
      Detecting IoT Devices and How They put Large Heterogeneous Networks at Security Risk 30m

      The introduction of the Internet of Things (IoT) was a big revolution by interconnecting embedded devices over the network made for specific purposes. IoT has changed the world we live in from the way we measure, make calls, print information and even the way we get energy in our offices or homes. There are a lot of categories of IoT devices like printers, closed-circuit television cameras (CCTV), programmable logic controller (PLCs), IP phones, network storage devices, oscilloscopes and many more. As IoT devices started growing, security issues have emerged. For end-users, functionality or convenience aspects of IoT products matter more than focusing on security.

      We take this fact as a motivation for our work and developed a tool that detects IoT devices by automatically scanning the network. We found 19 categories of devices with our NetScanIoT tool and then performed a vulnerability assessment of these heterogeneous devices manually over the large-scale network at European Organization for Nuclear Research (CERN). We hereby discovered that even administrators of IoT devices working in the IT sector do not configure their devices properly.

      In this paper, we propose a method to identify IoT devices using the web interface as a start for security experts, when assessing the risk of IoT devices. We evaluated our approach with 11 categories of devices installed in CERN, which include 42 device models manufactured by 26 vendors across the world. Web-IoT Detection (WID) identifies the manufacturer, device model, and the firmware version currently running on the device.

      Speaker: Dr Stefan Lueders (CERN)