The manufacturing domain includes two major providers of critical infrastructure elements of Factories of future (FoF), ABB as a provider of Industrial Control Systems at the forefront of manufacturing technology for FoF, and Westermo as a provider of industrial grade communication infrastructure solutions. This is expected to result in “practically usable solutions which guarantee significantly increased cyber-security levels in daily operations for manufacturing facilities.
Guaranteeing significantly increased cybersecurity levels
Manufacturing use case partners recognise the continuous and ongoing evolution in the nature of cyber-attacks, involving increasingly sophisticated and complex attack methodologies. Malware is becoming more vicious and harder to combat, from network-based ransomware worms to wiper malware. At the same time, the adversaries are getting more adept at creating malware that can evade traditional sandboxing. Another issue concerns the malicious utilisation of the concept that was created to increase security in the first place: traffic encryption. With 50% of all Internet traffic being now encrypted, it provides malicious actors with a powerful tool to conceal command-and-control activity, and thus time to inflict damage.
Against that evolving and increasingly difficult to detect environment, we seek to make use of the emerging, powerful tool of artificial intelligence, by means of machine learning algorithms deployed to dynamically detect and mitigate, both statically and dynamically, attacks in heterogeneous and large-scale contexts and environments, and with low latency.
The proposed methods involving utilisation of deep recurrent neural networks to capture the normal traffic as well as extended Kalman filtering for more efficient adaptation of the neural network parameters are scalable and can capture complex behaviors effectively and rapidly.
Importantly, we plan to develop and builds an integration environment supporting combinations of real attacks and real target systems. It takes the current state-of-the-art/state-of-practice then evolves and iterates it, creating a new level of flexibility, realism and accuracy to better tackle complex cyber-attacks and inform the technology developers of the improved impact reduction approaches. Emulation is key, with simulators being connected to real target systems to overcome the drawbacks of many existing systems. The simulation is further improved to mirror the complexity of real cyber-attacks through the application of real state-of-the-art penetration testing / ethical hacking tools normally found in specialized OS distributions like Kali Linux and software frameworks like the Metasploit project. This concern with realism is vital in terms of the overall project impact, as it informs the development of the interfaces and mitigation methods. The integration environment is enabling the next generation of ‘state-of-the-art’/’state-of-practice’ services to cope with complex cyber-attacks and diminish their effects.
Usable solutions in daily operation of manufacturing facilities
Our focus is on autonomic or semi-autonomic solutions which are amenable to be deployed in synergy with the existing IT+OT infrastructures prevalent in typical manufacturing facilities. We will also describe a process for deployment of our framework in manufacturing contexts to enhance the security of their digital infrastructure.
We also will demonstrate, through dedicated work package activities, implementation of its novel solutions usable in daily operations in many relevant industrial contexts, taking care of the partner priorities with respect to:
- The ABB perspectives on control systems and edge to cloud services interactions
- The Westermo perspective on communication and networks
- The manufacturing context, showcasing the future benefits for a specific industry (we are exploring the possibilities to use realistic data and context from a partner industry such as Södra, which is a major paper and pulp industry in Sweden).
Take-up by industry and other actors in the value chain
Meeting and balancing the requirements from all involved stakeholders across the value chain is a key business concern for ABB.
Our plan multiple angles for exploitation from our industrial partners as mentioned above, which covers major set of essential stakeholders in a manufacturing context. Additionally, we plan to approach few more players (especially representing suppliers, cloud providers, maintenance firms and governmental agencies) as part of our dissemination and exploitation activities to present our approach and discuss its pros and cons and well as to refine the framework to incorporate their relevant suggestions/requirements.
Generic societal benefits
A history of attacks on cyber physical systems, one notable early example being Stuxnet, show that these systems are vulnerable to attacks, perhaps more so than IT systems, which have been networked and exposed to attacks for many decades and hence are better prepared to meet such challenges. Bringing security/safety assurance of OT domain of cyber physical systems to at least to such levels of IT Security is itself going to be extremely challenging. However, OT domains being safety critical, warrant even higher levels of assurances w.r.t safety and security.