nach oben

Erschienen in:

2023 | OriginalPaper | Buchkapitel

A Low-Cost Environment for Teaching Fundamental Cybersecurity Concepts in CPS

verfasst von : Kanthanet Tharot, Quoc Bao Duong, Andreas Riel, Jean-Marc Thiriet

Erschienen in: Systems, Software and Services Process Improvement

Verlag: Springer Nature Switzerland

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Cyberattacks targeting Cyber-Physical Systems (CPS) are becoming increasingly concerning since the well-known Stuxnet attack. These systems are mostly based on Programmable Logic Controllers (PLCs), which have low cybersecurity protection levels that make them vulnerable to the next generation of cyberattacks. Therefore, building resilience to such attacks through cybersecurity has become a significant concern for Industry 4.0. Due to the lack of published research papers on effective methods to train for cyberattacks on manufacturing systems, this experimental paper proposes a low-cost platform for cyberattack scenarios, to demonstrate some possibilities to attack CPS. Attacks on critical CPS assets may have severe consequences in the physical world (e.g. accidents). An experimental environment used to train students and operators in such attacks and related prevention and mitigation measures can be used to sensitize and train staff in CPS cyber-security related challenges and mitigation strategies. This paper proposes such an experimental setup, and some fundamental and accessible training scenarios.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Consistency of Cybersecurity Process and Product Assessments in the Automotive Domain

Nächstes Kapitel CYBERENG - Training Cybersecurity Engineer and Manager Skills in Automotive - Experience

https://settimino.sourceforge.net/.

https://snap7.sourceforge.net/siemens_comm.html.

Ramirez, R., Chang, C.K., Liang, S.H.: PLC cyber-security challenges in industrial networks. In: MESA 2022 - 18th IEEE/ASME International Conference on Mechatronic and Embedded Systems and Applications, Proceedings (2022)

DeSmit, Z., Elhabashy, A.E., Wells, L.J., Camelio, J.A.: Cyber-physical vulnerability assessment in manufacturing systems. Procedia Manuf. 5, 1060–1074 (2016)CrossRef

Hui, H., McLaughlin, K., Sezer, S.: Vulnerability analysis of S7 PLCs: manipulating the security mechanism. Int. J. Crit. Infrastruct. Prot. 35, 100470 (2021)CrossRef

Shakarian, P., Shakarian, J., Ruef, A.: Attacking Iranian nuclear facilities: stuxnet. Introduction to cyber-warfare, pp. 223–239 (2013)

Firoozjaei, M.D., Mahmoudyar, N., Baseri, Y., Ghorbani, A.A.: An evaluation framework for industrial control system cyber incidents. Int. J. Crit. Infrastruct. Prot. 36, 100487 (2022)CrossRef

Perales Gómez, Á.L., et al.: SafeMan: a unified framework to manage cyber-security and safety in manufacturing industry. Softw. Pract. Exp. 51, 607–627 (2021)

Definition of Information Technology (IT): Gartner Information Technology Glossary. https://www.gartner.com/en/information-technology/glossary/it-information-technology. Accessed 1 May 2023

Definition of Operational Technology (OT): Gartner Information Technology Glossary. https://www.gartner.com/en/information-technology/glossary/operational-technology-ot. Accessed 11 June 2023

TrendMicro, “Rethinking Tactics”. https://www.trendmicro.com/vinfo/fr/security/research-and-analysis/threat-reports/roundup/rethinking-tactics-annual-cybersecurity-roundup-2022. Accessed 1 May 2023

10.

Ramirez, R., Chang, C.K., Liang, S.H.: PLC cybersecurity test platform establishment and cyberattack practice. Electronics 12, 1195 (2023)

11.

Ghaleb, A., Zhioua, S., Almulhem, A.: On PLC network security. Int. J. Crit. Infrastruct. Prot. 22, 62–69 (2018)CrossRef

12.

Matoušek, P.: Security of smart grid communication habilitation. Brno University of Technology (2021)

13.

Tharot, K., Quoc, B.D., Riel, A., Thiriet, J.-M.: A cybersecurity training concept for cyber-physical manufacturing systems (2023, preprint)

14.

MITRE ATT&CK: The adversarial tactics techniques (2020). https://attack.mitre.org/

15.

Nawrocki, M., Schmidt, T.C., Wählisch, M.: Industrial control protocols in the internet core: dismantling operational practices. Int. J. Network Manag. 32(1) (2022)

16.

Riel, A., Kreiner, C., Macher, G., Messnarz, R.: Integrated design for tackling safety and security challenges of smart products and digital manufacturing. CIRP Ann. 66(1), 177–180 (2017)CrossRef

17.

Messnarz, R., et al.: Implementing functional safety standards – experiences from the trials about required knowledge and competencies (SafEUr). In: McCaffery, F., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2013. CCIS, vol. 364, pp. 323–332. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39179-8_29CrossRef

18.

Dobaj, J., Riel, A., Macher, G., Egretzberger, M.: A Method for deriving technical requirements of digital twins as industrial product-service system enablers. In: Systems, Software and Services Process Improvement: 29th European Conference, EuroSPI 2022, Salzburg, Austria, August 31–September 2, 2022, Proceedings, pp. 378–392. Springer International Publishing, Cham (2022)CrossRef

19.

Schmittner, C., et al.: Automotive cybersecurity - training the future. In: Yilmaz, M., Clarke, P., Messnarz, R., Reiner, M. (eds.) EuroSPI 2021. CCIS, vol. 1442, pp. 211–219. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-85521-5_14CrossRef

20.

Pries-Heje, J., Johansen, J., Messnarz, R.: SPI Manifesto (2010). https://conference.eurospi.net/images/eurospi/spi_manifesto.pdf

Titel: A Low-Cost Environment for Teaching Fundamental Cybersecurity Concepts in CPS
verfasst von: Kanthanet Tharot
Quoc Bao Duong
Andreas Riel
Jean-Marc Thiriet
Verlag: Springer Nature Switzerland
Buch: Systems, Software and Services Process Improvement
Print ISBN: 978-3-031-42306-2

Electronic ISBN: 978-3-031-42307-9

Copyright-Jahr: 2023
DOI: https://doi.org/10.1007/978-3-031-42307-9_25

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner