{"id":23,"date":"2016-03-21T15:19:05","date_gmt":"2016-03-21T15:19:05","guid":{"rendered":"https:\/\/blogs.imperial.ac.uk\/security-institute\/?p=23"},"modified":"2016-03-21T15:36:00","modified_gmt":"2016-03-21T15:36:00","slug":"security-of-industrial-control-systems","status":"publish","type":"post","link":"https:\/\/blogs.imperial.ac.uk\/security-institute\/2016\/03\/21\/security-of-industrial-control-systems\/","title":{"rendered":"Security of Industrial Control Systems"},"content":{"rendered":"<p><strong><em>A post by <a href=\"http:\/\/www.imperial.ac.uk\/people\/c.hankin\">Professor Chris Hankin<\/a>, Director ISST<\/em><\/strong><\/p>\n<p>Operational Technology (OT), as distinct from Information Technology (IT), refers to the hardware and software that controls an industrial process.\u00a0 Despite increasing similarities between OT and IT architectures and components there are quite fundamental differences in the make-up of cyber attacks on each.\u00a0 In <a href=\"http:\/\/www.langner.com\/en\/wp-content\/uploads\/2013\/11\/To-kill-a-centrifuge.pdf\"><em>To Kill a Centrifuge<\/em><\/a>, an in-depth technical analysis of the Stuxnet attack, Ralph Langner has already identified three distinct layers of a sophisticated cyber-physical attack: the IT, the Industrial Control Systems (ICS) and the physical layers.\u00a0 The SANS Institute in the U.S. has recently published an <a href=\"https:\/\/www.sans.org\/reading-room\/whitepapers\/ICS\/industrial-control-system-cyber-kill-chain-36297#__utma=195150004.1101849023.1458562212.1458562212.1458562212.1&amp;__utmb=195150004.10.9.1458562336091&amp;__utmc=195150004&amp;__utmx=-&amp;__utmz=195150004.1458562212.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided)&amp;__utmv=-&amp;__utmk=17864057\">anatomy of cyber attacks\u00a0 on ICS<\/a>, involving two multi-phase stages: 1) cyber intrusion preparation and execution \u2013 what can be thought of as intelligence gathering; and 2) ICS attack development and execution.<\/p>\n<p>Since it is generally the physical damage that grabs headlines, and there hasn\u2019t been much news about attacks on ICS, one must assume that a significant proportion of the incidents reported to ICS-Cert each year (roughly 250) are intelligence gathering operations.\u00a0 The recent attack on the Ukrainian power grid may have added a third, post-attack stage \u2013 a distributed denial of service (DDoS) attack on the energy company to prevent reporting of outages and slow down the restoration of power.<\/p>\n<p>Against this backdrop, the UK government sponsored <a href=\"https:\/\/www.epsrc.ac.uk\/newsevents\/news\/cyberattackthreatscriticalinfrastructure\/\">Research Institute in Trustworthy ICS<\/a> \u00a0(RITICS) is addressing three key questions:<\/p>\n<ol>\n<li>Can we develop frameworks for assessing the physical harm that might arise from cyber attacks?<\/li>\n<li>Can we better communicate risk that arises from cyber threats?<\/li>\n<li>Can we develop new defensive measures?<\/li>\n<\/ol>\n<p>RITICS is hosted at Imperial College London and is a partnership of 5 universities: Imperial, Queen\u2019s University Belfast, the University of Birmingham, Lancaster University and City University London.<\/p>\n<p>&nbsp;<\/p>\n<p>We are approaching Question 1 with use-cases from transport and energy; Question 2 with use-cases from transport, energy and water; and Question 3 with use-cases from energy.\u00a0 It is still early days in our work, but we hope to offer new insights and techniques to ICS providers, owners and operators \u2013 and we are open to new industrial partners.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"843\" class=\"aligncenter  wp-image-25\" src=\"https:\/\/blogs.imperial.ac.uk\/security-institute\/files\/2016\/03\/RITICS-Generic-Architecture-1024x843.png\" alt=\"RITICS Generic Architecture\" \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A post by Professor Chris Hankin, Director ISST Operational Technology (OT), as distinct from Information Technology (IT), refers to the hardware and software that controls an industrial process.\u00a0 Despite increasing similarities between OT and IT architectures and components there are quite fundamental differences in the make-up of cyber attacks on each.\u00a0 In To Kill a [&hellip;]<\/p>\n","protected":false},"author":961,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29377],"tags":[],"class_list":["post-23","post","type-post","status-publish","format-standard","hentry","category-cyber-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Security of Industrial Control Systems - Institute for Security Science &amp; Technology<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blogs.imperial.ac.uk\/security-institute\/2016\/03\/21\/security-of-industrial-control-systems\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security of Industrial Control Systems - Institute for Security Science &amp; Technology\" \/>\n<meta property=\"og:description\" content=\"A post by Professor Chris Hankin, Director ISST Operational Technology (OT), as distinct from Information Technology (IT), refers to the hardware and software that controls an industrial process.\u00a0 Despite increasing similarities between OT and IT architectures and components there are quite fundamental differences in the make-up of cyber attacks on each.\u00a0 In To Kill a [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blogs.imperial.ac.uk\/security-institute\/2016\/03\/21\/security-of-industrial-control-systems\/\" \/>\n<meta property=\"og:site_name\" content=\"Institute for Security Science &amp; Technology\" \/>\n<meta property=\"article:published_time\" content=\"2016-03-21T15:19:05+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2016-03-21T15:36:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogs.imperial.ac.uk\/security-institute\/files\/2016\/03\/RITICS-Generic-Architecture-1024x843.png\" \/>\n<meta name=\"author\" content=\"Andrew Burton\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Andrew Burton\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/blogs.imperial.ac.uk\\\/security-institute\\\/2016\\\/03\\\/21\\\/security-of-industrial-control-systems\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blogs.imperial.ac.uk\\\/security-institute\\\/2016\\\/03\\\/21\\\/security-of-industrial-control-systems\\\/\"},\"author\":{\"name\":\"Andrew Burton\",\"@id\":\"https:\\\/\\\/blogs.imperial.ac.uk\\\/security-institute\\\/#\\\/schema\\\/person\\\/dfc46904a31df23b1944b7c3a2076379\"},\"headline\":\"Security of Industrial Control Systems\",\"datePublished\":\"2016-03-21T15:19:05+00:00\",\"dateModified\":\"2016-03-21T15:36:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/blogs.imperial.ac.uk\\\/security-institute\\\/2016\\\/03\\\/21\\\/security-of-industrial-control-systems\\\/\"},\"wordCount\":345,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/blogs.imperial.ac.uk\\\/security-institute\\\/2016\\\/03\\\/21\\\/security-of-industrial-control-systems\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/blogs.imperial.ac.uk\\\/security-institute\\\/files\\\/2016\\\/03\\\/RITICS-Generic-Architecture-1024x843.png\",\"articleSection\":[\"Cyber Security\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/blogs.imperial.ac.uk\\\/security-institute\\\/2016\\\/03\\\/21\\\/security-of-industrial-control-systems\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/blogs.imperial.ac.uk\\\/security-institute\\\/2016\\\/03\\\/21\\\/security-of-industrial-control-systems\\\/\",\"url\":\"https:\\\/\\\/blogs.imperial.ac.uk\\\/security-institute\\\/2016\\\/03\\\/21\\\/security-of-industrial-control-systems\\\/\",\"name\":\"Security of Industrial Control Systems - Institute for Security Science &amp; Technology\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blogs.imperial.ac.uk\\\/security-institute\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/blogs.imperial.ac.uk\\\/security-institute\\\/2016\\\/03\\\/21\\\/security-of-industrial-control-systems\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/blogs.imperial.ac.uk\\\/security-institute\\\/2016\\\/03\\\/21\\\/security-of-industrial-control-systems\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/blogs.imperial.ac.uk\\\/security-institute\\\/files\\\/2016\\\/03\\\/RITICS-Generic-Architecture-1024x843.png\",\"datePublished\":\"2016-03-21T15:19:05+00:00\",\"dateModified\":\"2016-03-21T15:36:00+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/blogs.imperial.ac.uk\\\/security-institute\\\/#\\\/schema\\\/person\\\/dfc46904a31df23b1944b7c3a2076379\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/blogs.imperial.ac.uk\\\/security-institute\\\/2016\\\/03\\\/21\\\/security-of-industrial-control-systems\\\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/blogs.imperial.ac.uk\\\/security-institute\\\/2016\\\/03\\\/21\\\/security-of-industrial-control-systems\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/blogs.imperial.ac.uk\\\/security-institute\\\/2016\\\/03\\\/21\\\/security-of-industrial-control-systems\\\/#primaryimage\",\"url\":\"https:\\\/\\\/blogs.imperial.ac.uk\\\/security-institute\\\/files\\\/2016\\\/03\\\/RITICS-Generic-Architecture.png\",\"contentUrl\":\"https:\\\/\\\/blogs.imperial.ac.uk\\\/security-institute\\\/files\\\/2016\\\/03\\\/RITICS-Generic-Architecture.png\",\"width\":1180,\"height\":972},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/blogs.imperial.ac.uk\\\/security-institute\\\/2016\\\/03\\\/21\\\/security-of-industrial-control-systems\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/blogs.imperial.ac.uk\\\/security-institute\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security of Industrial Control Systems\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/blogs.imperial.ac.uk\\\/security-institute\\\/#website\",\"url\":\"https:\\\/\\\/blogs.imperial.ac.uk\\\/security-institute\\\/\",\"name\":\"Institute for Security Science &amp; Technology\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/blogs.imperial.ac.uk\\\/security-institute\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/blogs.imperial.ac.uk\\\/security-institute\\\/#\\\/schema\\\/person\\\/dfc46904a31df23b1944b7c3a2076379\",\"name\":\"Andrew Burton\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/26eaa990dd2489f68811d47c930b5b79bbba4241f857d8fa5fea8f3626e3a30a?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/26eaa990dd2489f68811d47c930b5b79bbba4241f857d8fa5fea8f3626e3a30a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/26eaa990dd2489f68811d47c930b5b79bbba4241f857d8fa5fea8f3626e3a30a?s=96&d=mm&r=g\",\"caption\":\"Andrew Burton\"},\"url\":\"https:\\\/\\\/blogs.imperial.ac.uk\\\/security-institute\\\/author\\\/aburton\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Security of Industrial Control Systems - Institute for Security Science &amp; Technology","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blogs.imperial.ac.uk\/security-institute\/2016\/03\/21\/security-of-industrial-control-systems\/","og_locale":"en_GB","og_type":"article","og_title":"Security of Industrial Control Systems - Institute for Security Science &amp; Technology","og_description":"A post by Professor Chris Hankin, Director ISST Operational Technology (OT), as distinct from Information Technology (IT), refers to the hardware and software that controls an industrial process.\u00a0 Despite increasing similarities between OT and IT architectures and components there are quite fundamental differences in the make-up of cyber attacks on each.\u00a0 In To Kill a [&hellip;]","og_url":"https:\/\/blogs.imperial.ac.uk\/security-institute\/2016\/03\/21\/security-of-industrial-control-systems\/","og_site_name":"Institute for Security Science &amp; Technology","article_published_time":"2016-03-21T15:19:05+00:00","article_modified_time":"2016-03-21T15:36:00+00:00","og_image":[{"url":"https:\/\/blogs.imperial.ac.uk\/security-institute\/files\/2016\/03\/RITICS-Generic-Architecture-1024x843.png","type":"","width":"","height":""}],"author":"Andrew Burton","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Andrew Burton","Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blogs.imperial.ac.uk\/security-institute\/2016\/03\/21\/security-of-industrial-control-systems\/#article","isPartOf":{"@id":"https:\/\/blogs.imperial.ac.uk\/security-institute\/2016\/03\/21\/security-of-industrial-control-systems\/"},"author":{"name":"Andrew Burton","@id":"https:\/\/blogs.imperial.ac.uk\/security-institute\/#\/schema\/person\/dfc46904a31df23b1944b7c3a2076379"},"headline":"Security of Industrial Control Systems","datePublished":"2016-03-21T15:19:05+00:00","dateModified":"2016-03-21T15:36:00+00:00","mainEntityOfPage":{"@id":"https:\/\/blogs.imperial.ac.uk\/security-institute\/2016\/03\/21\/security-of-industrial-control-systems\/"},"wordCount":345,"commentCount":0,"image":{"@id":"https:\/\/blogs.imperial.ac.uk\/security-institute\/2016\/03\/21\/security-of-industrial-control-systems\/#primaryimage"},"thumbnailUrl":"https:\/\/blogs.imperial.ac.uk\/security-institute\/files\/2016\/03\/RITICS-Generic-Architecture-1024x843.png","articleSection":["Cyber Security"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/blogs.imperial.ac.uk\/security-institute\/2016\/03\/21\/security-of-industrial-control-systems\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/blogs.imperial.ac.uk\/security-institute\/2016\/03\/21\/security-of-industrial-control-systems\/","url":"https:\/\/blogs.imperial.ac.uk\/security-institute\/2016\/03\/21\/security-of-industrial-control-systems\/","name":"Security of Industrial Control Systems - Institute for Security Science &amp; Technology","isPartOf":{"@id":"https:\/\/blogs.imperial.ac.uk\/security-institute\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blogs.imperial.ac.uk\/security-institute\/2016\/03\/21\/security-of-industrial-control-systems\/#primaryimage"},"image":{"@id":"https:\/\/blogs.imperial.ac.uk\/security-institute\/2016\/03\/21\/security-of-industrial-control-systems\/#primaryimage"},"thumbnailUrl":"https:\/\/blogs.imperial.ac.uk\/security-institute\/files\/2016\/03\/RITICS-Generic-Architecture-1024x843.png","datePublished":"2016-03-21T15:19:05+00:00","dateModified":"2016-03-21T15:36:00+00:00","author":{"@id":"https:\/\/blogs.imperial.ac.uk\/security-institute\/#\/schema\/person\/dfc46904a31df23b1944b7c3a2076379"},"breadcrumb":{"@id":"https:\/\/blogs.imperial.ac.uk\/security-institute\/2016\/03\/21\/security-of-industrial-control-systems\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blogs.imperial.ac.uk\/security-institute\/2016\/03\/21\/security-of-industrial-control-systems\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/blogs.imperial.ac.uk\/security-institute\/2016\/03\/21\/security-of-industrial-control-systems\/#primaryimage","url":"https:\/\/blogs.imperial.ac.uk\/security-institute\/files\/2016\/03\/RITICS-Generic-Architecture.png","contentUrl":"https:\/\/blogs.imperial.ac.uk\/security-institute\/files\/2016\/03\/RITICS-Generic-Architecture.png","width":1180,"height":972},{"@type":"BreadcrumbList","@id":"https:\/\/blogs.imperial.ac.uk\/security-institute\/2016\/03\/21\/security-of-industrial-control-systems\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blogs.imperial.ac.uk\/security-institute\/"},{"@type":"ListItem","position":2,"name":"Security of Industrial Control Systems"}]},{"@type":"WebSite","@id":"https:\/\/blogs.imperial.ac.uk\/security-institute\/#website","url":"https:\/\/blogs.imperial.ac.uk\/security-institute\/","name":"Institute for Security Science &amp; Technology","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blogs.imperial.ac.uk\/security-institute\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/blogs.imperial.ac.uk\/security-institute\/#\/schema\/person\/dfc46904a31df23b1944b7c3a2076379","name":"Andrew Burton","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/secure.gravatar.com\/avatar\/26eaa990dd2489f68811d47c930b5b79bbba4241f857d8fa5fea8f3626e3a30a?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/26eaa990dd2489f68811d47c930b5b79bbba4241f857d8fa5fea8f3626e3a30a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/26eaa990dd2489f68811d47c930b5b79bbba4241f857d8fa5fea8f3626e3a30a?s=96&d=mm&r=g","caption":"Andrew Burton"},"url":"https:\/\/blogs.imperial.ac.uk\/security-institute\/author\/aburton\/"}]}},"_links":{"self":[{"href":"https:\/\/blogs.imperial.ac.uk\/security-institute\/wp-json\/wp\/v2\/posts\/23","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.imperial.ac.uk\/security-institute\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.imperial.ac.uk\/security-institute\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.imperial.ac.uk\/security-institute\/wp-json\/wp\/v2\/users\/961"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.imperial.ac.uk\/security-institute\/wp-json\/wp\/v2\/comments?post=23"}],"version-history":[{"count":14,"href":"https:\/\/blogs.imperial.ac.uk\/security-institute\/wp-json\/wp\/v2\/posts\/23\/revisions"}],"predecessor-version":[{"id":36,"href":"https:\/\/blogs.imperial.ac.uk\/security-institute\/wp-json\/wp\/v2\/posts\/23\/revisions\/36"}],"wp:attachment":[{"href":"https:\/\/blogs.imperial.ac.uk\/security-institute\/wp-json\/wp\/v2\/media?parent=23"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.imperial.ac.uk\/security-institute\/wp-json\/wp\/v2\/categories?post=23"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.imperial.ac.uk\/security-institute\/wp-json\/wp\/v2\/tags?post=23"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}