Exalens protects digital manufacturing against downtime and safety incidents through early warning of both system malfunctions and cyber security breaches. With ground-breaking cyber-physical security analyst AI, manufacturers enhance their operational resilience with automated incident detection and response.
Context Aware Security for Industrial Control Systems
Context Aware Security for cyber Physical Edge Resources for industrial control systems (CASPER)
Industrial cyber-physical systems (ICPSs) manage critical infrastructures by controlling the processes based on the “physics” data gathered by edge sensor networks. Recent innovations in ubiquitous computing and communication technologies have prompted the rapid integration of highly interconnected systems to ICPSs. Hence, the “security by obscurity” principle provided by air-gapping is no longer followed. As the inter-connectivity in ICPSs increases, so does the attack surface. Industrial vulnerability assessment reports have shown that a variety of new vulnerabilities have occurred due to this transition, leading to an increase in the targeting of ICPSs. Key findings from Verizon’s 2020 data breach report show that 381 data breaches (10% of total) are against industrial systems, not all target OT equipment.
Cyber-attacks on Industrial Control Systems (ICS) are monitored through traditional techniques such as Network Traffic Analysis (NTA). While we acknowledge the merit of NTA, more sophisticated attacks (example below) will evade NTA approaches by spoofing the readings from the sensors making ICS significantly vulnerable. Let us consider a scenario: if an attacker intends to overheat a system, they could alter the fan behaviour (e.g., speed). At the same time, the attacker may also maliciously control the connected temperature sensors to prevent reporting increased temperatures back to the control system, which leads to overheating. To detect such sophisticated attacks, we propose to develop a secondary low-cost IoT sensor network which combines sensors data and state-of-the-art deep learning techniques to detect anomalies. Further, this secondary IoT sensors would use a secondary network (e.g., Bluetooth, ZigBee) and stay as an air-gapped system to reduced potential parallel attacks. For example, an unexpected fan shutdown might be detected through changes in temperature, or absence of noise where all parameters can be captured through sensors (i.e., physical observations).
We aim to develop a context-aware anomaly detection mechanism/model that physically observes ICPS edge devices to detect cyberattacks. The proposed approach aims to answer the question of “Can we accurately detect cyberattacks in an industrial environment with a low-cost IoT network by observing physical behaviours?”. The followings are the main objectives of the project:
- Review the current ICPSs from a cybersecurity perspective.
- Develop end-to-end reconfigurable IoT sensing infrastructure for training and deploying analytics at scale.
- Augment cyberattack detection through physical, behavioural monitoring in ICPSs.
- Evaluate the efficiency of a Context-aware, Dynamically Adaptive IoT Edge Network for Cyber Attack Detection in Industrial Control Systems (CASPER) through experimental evaluations.
Team
Partners
Exalens
PETRAS 2
PETRAS National Centre of Excellence for IoT Systems Cybersecurity is a consortium of eleven leading UK universities which will work together over the next three years to explore critical issues in privacy, ethics, trust, reliability, acceptability, and security.
Government Communications Headquarters (GCHQ)
Government Communications Headquarters, commonly known as GCHQ, is an intelligence and security organisation responsible for providing signals intelligence and information assurance to the government and armed forces of the United Kingdom.
Outcomes
Conference
Hakan Kayan, Omer Rana, Pete Burnap, and Charith Perera, Artifact: CASPER: Context-Aware Anomaly Detection System for Industrial Robotic Arms, In Proceedings of IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops), pp 3-4, 2023
Conference
Hakan Kayan, Omer Rana, Pete Burnap, and Charith Perera, CASPER: Context-Aware Anomaly Detection System for Industrial Robotic Arms, In Proceedings of IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops), pp 282-284, 2023
Journal
Hakan Kayan, Yasar Majib, Wael Alsafery, Mahmoud Barhamgi, Charith Perera AnoML-IoT: An end to end re-configurable multi-protocol anomaly detection pipeline for Internet of Things, Elsevier Internet of Things (Elsevier IOT) Volume 16, 100437, December 2021 (19)
Journal
Hakan Kayan, Matthew Nunes, Omer Rana, Pete Burnap, Charith Perera Cybersecurity of Industrial Cyber-Physical Systems: A Review , ACM Computing Surveys (ACM CSUR), Volume 54, Issue 11s, January 2022, Article No.: 229, pp 1–35 (35)