Research

RESEARCH

Industrial Control System cybersecurity: a top priority for research!

The Cyber CNI Chair studies cyber security vulnerabilities and threats to critical infrastructure. This research covers the themes of security analytics, security metrics, remediation and secure data management

Analytics

Identifying security risks and vulnerabilities by analysing and correlating large numbers of events.

Metrics

Measuring risk impact and counter-measure effectiveness and more generally, finding the correct balance between operational requirements and system security.

Remediation

Responding to security events, particularly to cyber-threats involving multiple, coordinated intrusion scenarios.

Data Management

Securely collecting and managing large numbers of security events occurring in heterogeneous, distributed systems.

Generally, when a cyber-risk is detected, security procedures and protocols, whether in a company or organisation, follow similar resolution processes: first assessing the impact of the attack, then determining possible counter-measures, and finally selecting the appropriate security controls. This ultimately leads to the adoption and deployment of a modified security system configuration. This approach is costly, time-consuming and prone to further errors, but why is this? Mainly because those organisations and businesses that fall victims to these attacks are simply patching up their defence systems instead of making them truly secure. The counter-measures are often carried out manually or semi-automatically, which is inadequate given the complexity of these systems and the fact that these measures are widely used elsewhere and therefore well-know to the cyber-criminals. Moreover, with a few rare exceptions, critical infrastructure systems cannot be put on hold while the counter-measures are implemented. The need to ensure service continuity, albeit in degraded mode, makes it all the more difficult to implement the necessary solutions. The only truly viable and sustainable solution that remains is to enhance the level of automation needed to meet the security requirements and critical infrastructure availability requirements. This is even more critical when dealing with officially designated “Essential service operators”, i.e. those providing vital or hazardous services for the public, as defined by the French Defence Code (Article R. 1332-2).

Confronting the challenges of present-day IT security

The Cyber CNI Chair’s research focuses in particular on Industrial Control Systems (ICS), especially those that combine infrastructure supervision and control. These are very sensitive or even critical ICSs, especially when they control water treatment plants, energy networks or certain industrial processes. Today, more and more ICSs are connected to the Internet and communicate with the company’s management systems, while still being developed with standard computer programming languages. Furthermore, the technical components that make up these industrial control systems are more often than not unsuitable for the challenges of present-day IT security, and use all kinds of obsolete and badly protected hardware and software technologies. As well as being intrinsically vulnerable, these ICSs are subject to specific availability and operational constraints that further complicate security system updates.