Sylvain Frey

SENAMI: Selective Non-Invasive Active Monitoring for ICS Intrusion Detection

Current intrusion detection systems (IDS) for industrial control systems (ICS) mostly involve the retrofitting of conventional network IDSs, such as SNORT. Such an approach is prone to missing highly targeted and specific attacks against ICS. Where ICS-specific approaches exist, they often rely on passive network monitoring techniques, offering a low cost solution, and avoiding any computational overhead arising from actively polling ICS devices. However, the use of passive approaches alone could fail in the detection of attacks that alter the behaviour of ICS devices (as was the case in Stuxnet). Where active solutions exist, they can be resource-intensive, posing the risk of overloading legacy devices which are commonplace in ICSs. In this paper we aim to overcome these challenges through the combination of a passive network monitoring approach, and selective active monitoring based on attack vectors specific to an ICS context. We present the implementation of our IDS, SENAMI, for use with Siemens S7 devices. We evaluate the effectiveness of SENAMI in a comprehensive testbed environment, demonstrating validity of the proposed approach through the detection of purely passive attacks at a rate of 99%, and active value tampering attacks at a rate of 81-93%. Crucially, we reach recall values greater than 0.96, indicating few attack scenarios generating false negatives.

A Generic Holonic Control Architecture for Heterogeneous Multiscale and Multiobjective Smart Microgrids

Designing the control infrastructure of future “smart” power grids is a challenging task. Future grids will integrate a wide variety of heterogeneous producers and consumers that are unpredictable and operate at various scales. Information and Communication Technology (ICT) solutions will have to control these in order to attain global objectives at the macrolevel, while also considering private interests at the microlevel. This article proposes a generic holonic architecture to help the development of ICT control systems that meet these requirements. We show how this architecture can integrate heterogeneous control designs, including state-of-the-art smart grid solutions. To illustrate the applicability and utility of this generic architecture, we exemplify its use via a concrete proof-of-concept implementation for a holonic controller, which integrates two types of control solutions and manages a multiscale, multiobjective grid simulator in several scenarios. We believe that the proposed contribution is essential for helping to understand, to reason about, and to develop the “smart” side of future power grids.

Goal-Oriented Holonics for Complex System (Self-)Integration: Concepts and Case Studies

System integration from sub-systems has always been a major engineering problem, which is progressively exacerbated by (1) sub-systems becoming more diverse, self-* and autonomous (2) systems operating in open environments, with third-party sub-systems joining and leaving unpredictably, (3) system (self-)integration being an ongoing process, increasingly needed at runtime. The fact that this problem occurs more and more often, as systems are built increasingly by composing existing sub-systems, requires rigorous, reusable integration solutions to replace ad-hoc approaches. In a complex world of uncertainty and change the new system integration paradigm must feature two main characteristics: support for a system-of-systems approach to manage complexity, and support for a high-level relation between sub-systems to manage diversity, uncertainty and dynamics. We propose a conceptual modelling solution combining holonic principles with goal-based relations. We highlight the key properties of holonic designs that support a systems-of-systems approach. We then specify the high-level relations between holonic sub-systems as goal-oriented requests and replies. Argumentation is grounded via concrete examples from existing complex systems. The proposed paradigm paves the way for future methodologies and tools for designing the next generation of socio-technical and cyber-physical systems.

It Bends But Would It Break? Topological Analysis of BGP Infrastructures in Europe

The Internet is often thought to be a model of resilience, due to a decentralised, organically-grown architecture. This paper puts this perception into perspective through the results of a security analysis of the Border Gateway Protocol (BGP) routing infrastructure. BGP is a fundamental Internet protocol and its intrinsic fragilities have been highlighted extensively in the literature. A seldom studied aspect is how robust the BGP infrastructure actually is as a result of nearly three decades of perpetual growth. Although global black-outs seem unlikely, local security events raise growing concerns on the robustness of the backbone. In order to better protect this critical infrastructure, it is crucial to understand its topology in the context of the weaknesses of BGP and to identify possible security scenarios. Firstly, we establish a comprehensive threat model that classifies main attack vectors, including but non limited to BGP vulnerabilities. We then construct maps of the European BGP backbone based on publicly available routing data. We analyse the topology of the backbone and establish several disruption scenarios that highlight the possible consequences of different types of attacks, for different attack capabilities. We also discuss existing mitigation and recovery strategies, and we propose improvements to enhance the robustness and resilience of the backbone. To our knowledge, this study is the first to combine a comprehensive threat analysis of BGP infrastructures withadvanced network topology considerations. We find that the BGP infrastructure is at higher risk than already understood, due to topologies that remain vulnerable to certain targeted attacks as a result of organic deployment over the years. Significant parts of the system are still uncharted territory, which warrants further investigation in this direction.

On the role of latent design conditions in cyber-physical systems security

As cyber-physical systems (CPS) become prevalent in everyday life, it is critical to understand the factors that may impact the security of such systems. In this paper, we present insights from an initial study of historical security incidents to analyse such factors for a particular class of CPS: industrial control systems (ICS). Our study challenges the usual tendency to blame human fallibility or resort to simple explanations for what are often complex issues that lead to a security incident. We highlight that (i) perception errors are key in such incidents (ii) latent design conditions -- e.g., improper specifications of a systems borders and capabilities -- play a fundamental role in shaping perceptions, leading to security issues. Such design-time considerations are particularly critical for ICS, the life-cycle of which is usually measured in decades. Based on this analysis, we discuss how key characteristics of future smart CPS in such industrial settings can pose further challenges with regards to tackling latent design flaws.

Self-adaptation in Collective Self-aware Computing Systems

The goals of this chapter are to identify the challenges involved in self-adaptation (including learning and knowledge sharing) of multiple self-aware systems (or system collectives). We shall discuss the techniques available for dealing with the challenges identified (e.g., algorithms for conflict resolution, collective learning, and negotiation protocols), and which are appropriate given assumptions regarding the collective system architecture. We refer to notions of knowledge, learning, and adaptation; various self-awareness levels; and reference scenarios introduced in Chap. 4.

Exemplifying Conflict Resolution in Multi-objective Smart Micro-Grids

Distributed autonomic management systems following contradictory objectives raise difficult design challenges. We proposed a generic architecture to address this concern and exemplified it via manager integration solutions for multi-objective micro-grids (low-tension networks of the size of a district). This demo showcases some of these sample implementations via the MisTiGriD simulation platform with the aim of inspiring designers facing similar challenges.