The conference was organized by Dr. Mauricio Papa, Assistant Professor of Computer Science at the University of Tulsa, Dr. Sujeet Shenoi, F.P. Walter Professor of Computer Science at the University of Tulsa, and Eric Goetz, Associate Director for Research at I3P, and was supported by the Institute for Information Infrastructure Protection (I3P). The program committee drew members from the IFIP Working Group 11.10.
The conference began with a keynote lecture given by Dr. Ruth A. David, President and CEO of ANSER Institute for Homeland Security. In her lecture Dr. David provided the rationale for resilience in computer systems and networks, otherwise known as defense in depth. The message in her talk was that protection mechanisms, i.e. intrusion prevention, access control, hardened configurations, etc., ultimately must be deployed in computer systems and networks, but reliability of security should not be all placed on them. Protection mechanisms sooner or later will get broken, and in that case we need to think of additional layers of defense. Dr. David stressed the importance of research, development, and deployment of intrusion tolerance mechanisms capable of supporting continuity of service even when the system has been brought to a degraded state by successful attacks.
Dr. Scott Dynes of the Dartmouth College held a presentation on cyber risks to IT-dependent organizations, including owners and operators of power systems and critical infrastructure in general. This presentation provided insight into supply chain risks organizations are exposed to. Nowadays technology designers, owners of foundries and manufacturing facilities, marketing and delivering folks are found in different organizations which form enterprises for collaboration. The enabling technology for these enterprises is the Internet, therefore cyber security is a substantial concern. Viruses, worms, malware in general, compromises of data and intellectual property storage, and other cyber failures have considerable effects on these enterprises in general, and on smaller firms in particular. These effects include supply chain disruptions and delays, theft of shared intellectual property, data integrity violations, etc.
Dan Assaf of the University of Toronto held a presentation on CIP regulation. He talked about en empirical analysis based on two case studies. Assaf presented two regulatory models where he highlighted relevant interactions that take place between various organizations, including national security organizations, when involved in preparation and enforcement of regulatory standards on cyber security of critical infrastructure.
Dorsey Wilkin of the Air Force Institute of Technology talked about some of the intricacies of policies and politics of critical infrastructure defense. What most took my attention was an outline of an active and offensive approach to attacks on critical infrastructure. The underlying principle of the approach in question is to counter these attacks by attacking and subsequently disabling the systems used to launch them. Such an active response to harmful attacks raises a myriad of concerns, but, as an old saying says, the end justifies the means.
The conference program had a presentation on standards-driven security by Prof. Ann Miller of the University of Missouri-Rolla, but unfortunately she didn’t make it to the conference. Debin Liu of the Indiana University talked about a game theory analysis of attacks mounted by insiders. Liu provided a mathematical model that captures the behavior of insiders in security relevant situations.
Tyson Macaulay of Bell Canada held a presentation on operational risk management and operational continuity controls. Risk in this context is defined as a function of likelihood and consequences, where likelihood represents the probability of occurrence of a hazard and the consequences are the impact of this hazard on infrastructure. Metrics such as network of origin of a cyber action, estimated resources, i.e. money, skills, time, etc., available to attackers, their motivations, their objectives, etc., are used to assess the threat environment. Estimations of values of these metrics then allow for accordingly adjusting operational continuity real-time controls such as physical surveillance or firewall technology.
An analysis of the security of RSVP-TE protocol, i.e. Resource Reservation Protocol – Traffic Engineering, was discussed by Mike Spainhower et al. of the University of Tulsa. The presentation discussed a series of mainly spoofing based manipulations of functions implemented in this protocol. In theory there are network configuration and authentication measurements that could prevent these attacks. Nevertheless, in practice such measurements are not generally taken.
Dr. Igor Fovino of the Joint Research Center, Italy, held a presentation on security assessment of a power plant. Dr. Fovino provided a description of a case study in which his team was tasked to identify ways of attacking a power plant in a cyber way. He discussed an approach which combines specifications of the power plant in question with a series of attack trees developed especially for a power plant. The power plant was reconstructed in laboratory settings especially for this assessment. The outcome of this case study was the identification of a large number of vulnerabilities that might have enabled an attacker to even impact the edge devices directly interfacing with the power plant.
Stig Ole Johnsen of SINTEF also discussed a case study. His presentation centered around a remote oil and gas platform operated remotely via the network from teams in UK and Norway. Johnsen discussed known security issues which regarded the platform in question.
Day 1 of the conference was concluded by a great panel led by Brian Singer of Wurldtech, and formed by Brian Singer himself, Sean McGurk, Director of the Control Systems Security Program at Department of Homeland Security, Zachary Tudor, Program Director at SRI International, and Marcus Sachs, Executive Director, Government Affairs and National Security Policy, Verizon.
The second day of the conference began with a key note lecture given by Paul Kurtz, Partner and Chief Operating Officer, Good Harbor Consulting LLC. Mr. Kurtz provided substantial insight into practical concepts of cyber espionage at the present time. He also talked about a large cyber security initiative taken by prominent companies in the computer industry to develop software with security in mind.
Dr. Sujeet Shenoi of the University of Tulsa held a presentation on taxonomies of attacks applicable to the Modbus protocol. He began with an overview of Modbus internals, i.e. organization of application data units, description of data and addressing models, and an overview of Modbus transactions. He then built upon these ground definitions to explain a variety of attacks on Modbus applications.
Dr. Himanshu Khurana of the University of Illinois at Urbana-Champaign provided a comprehensive taxonomy of attacks on control systems and networks used to monitor and control the electrical power grid. He also outlined potential solutions for each category of attacks discussed, and pointed out research directions which have the potential of improving the cyber security of the electrical power grid.
Dr. Emiliano Casalicchio of the Università di Roma “Tor Vergata” held two individual presentations on critical infrastructure interdependencies. Dr. Casalicchio explained cascading effects among interdependent infrastructure systems, provided means of quantifying these cascading effects, and described approaches to their modeling and simulation. As a matter of fact simulation is among the most feasible and efficient mechanisms for analyzing infrastructure interdependencies, and Dr. Casalicchio’s presentations were a push toward that direction.
Eric Luiijf of TNO is a prominent CIP researcher in Europe. At this conference Mr. Luiijf provided an analysis of critical infrastructure dependencies. He talked about a series of such dependencies and quantified how and to what degree disruptions that take place in industries such as water, natural gas and oil, electricity, etc., impact each-other.
Hamed Okhravi of the University of Illinois at Urbana-Champaign talked about devising and implementing trusted computing solutions for process control networks. He described an application of cryptographic mechanisms embedded within control systems to provide authentication-based access control, confidentiality, and integrity for process control communications.
Jeff Hieb of the University of Louisville held a presentation on security hardening of field devices such as remote terminal units (RTUs). He outlined an investigation of reduced kernel concepts for field devices, including the application of Multiple Independent Levels of Security architecture for achieving resource partitioning, kernel component verification, and kernel minimization and reduction in field devices.
Julian Rrushi of the University of Illinois at Urbana-Champaign and the Università degli Studi di Milano talked about a model-based anomaly intrusion detection approach devised ad hoc for power plants. The approach that Rrushi described employs the stochastic activity network (SAN) formalism to develop atomic models of both control systems and physical power plant components along with the physical processes that take place in the latter. The SAN models developed in this work are such that their solution produces an estimation of legitimate values stored in control system memory locations allocated for process variables, and an estimation of legitimate change flows followed by values stored in such memory locations.
Dr. Stephen D. Wolthusen of the Gjovik University College and Royal Holloway, University of London, talked about model-based anomaly intrusion detection in control networks. Dr. Wolthusen described an approach which uses applied statistics to model various properties of critical infrastructure networks along with what their deviations are and how they occur.
Dr. Alberto Paoluzzi of the Università degli Studi di Roma III held a presentation on leveraging simulation for critical infrastructure cyber security. Dr. Paoluzzi explained the application of geometric modeling and discrete simulation to model known infrastructure behaviors. These simulations are based on applied mathematics and their aim is to develop capabilities that recognize risky situations and suggest effective countermeasures.
Dr. William J. Tolone of the University of North Carolina at Charlotte talked about critical infrastructure modeling and simulation. He explained a variety of techniques for simulating infrastructures such as the electrical power grid. Dr. Tolone also provided a demonstration of a simulation tool developed for simulating the operation of large power systems. This tool didn’t appear to be computational power hungry, and was running smoothly in a laptop computer.
Day 2 of the conference was concluded by a great panel formed by Seymour Goodman, Professor of International Affairs and Computing, Georgia Institute of Technology; Stephen Lukasik, Former Director, DARPA and Chief Scientist, Federal Communications Commission; Anthony Rutkowski, Vice President for Government and Regulatory Affairs, VeriSign; and Michael Corcoran, UK Defense Advisor, DSTL.
The third day of the conference began with a presentation of a research work carried out by Dr. Jeffrey Hunker of the Carnegie Mellon University, and Mr. Robert Hutchinson of Sandia National Labs. This research investigates approaches to attribution of attacks on process control systems, namely characterization of attacks, identification of attacking machines, identification of controlling machines, identification of humans behind the attacks, identification of the organizations sponsoring the attacks, and forensic issues in general as applied to process control networks and systems.
Dr. Paul V. Craven of the Simpson College held a presentation on modeling train control system networks. As railroads have been increasing their dependence on computer-based systems, cyber attacks represent a potential way of disrupting them. Dr. Craven described models of features and functions of the nodes in train control system networks, including a description of how vehicles are tracked, their interconnectivity, the communication protocols used in them, and aspects of security in such control infrastructure.
Modbus was the subject of two presentations. Dr. Ryan Shayto of the University of Tulsa talked about assessment of the integrity of Modbus-based systems used to control pipelines, while Julian Rrushi of the University of Illinois at Urbana-Champaign and the Università degli Studi di Milano talked about the construction of a logical memory boundary based on a stream cipher to protect byte-oriented protocols such as Modbus from memory corruption attacks.
The research work carried out by Baina et al. of the University of Toulouse regards the invention and implementation of a collaborative access control framework for specifying and maintaining policies that regulate group interactions among a variety of collaborating critical infrastructure owners and operators.
The conference was concluded by a presentation held by Zahid Anwar of the University of Illinois at Urbana-Champaign. Anwar talked about SCADA Guardian, i.e. an approach devised to automatically assess and validate security conditions of control systems deployed in the electrical power grid. SCADA Guardian compares common information models (CIM) and workflow definitions, expressed in first order logic predicates, against power system cyber security requirements.
I conclude the description of this conference by mentioning an interesting keynote lecture given by Victor Sheymov, CEO of Invicta Networks, during the dinner on the first day of the conference. Mr. Sheymov, a former KGB officer and defector, talked about the nuts-and-bolts of the process of “knowing your enemy”.