SecIndustry

3rd Workshop on Cybersecurity in Industry 4.0

Jul 30, 2024
SR06
10:30 — 16:30

Workshop Chairs

→ Sandeep Pirbhulal
→ Habtamu Abie
→ Halvor Holtskog
→ Sokratis Katsikas

Accepted Paper

Vulnerability detection tool in source code by building and leveraging semantic code graph.

Sabine Delaitre (Bosonit group, Spain), José Maria Pulgar Gutiérrez (DocExploit, Spain)

Full Paper

DocExploit team creates innovative and high-quality cybersecurity solutions to meet the increasing security needs of the digital transformation process and Industry4.0.

DocExploit activity focuses on developing different tools to ensure the security of software applications and container environment: the first and core tool is DocSpot which detects vulnerabilities in application source code, Docdocker scans for vulnerabilities in containers and SirDocker manages and monitors containers efficiently and securely. In addition, we project to develop DocIoT (part of firmware), DocAPI (secure API) and DocAir (runtime security) to offer a comprehensive cybersecurity suite over the software supply chain and to support developers holding security as a key component over the Software Development life-cycle.

To prevent cybersecurity attacks, DocExploit wants to improve the quality and security of software mainly by leveraging knowledge graph technology. We design reliable tools by building a semantic graph-based abstraction of the code from the compiler state and reach high accuracy by developing different static code analyzers optimizing the detection of software vulnerabilities in the source code and dependencies. Those mechanisms allow for drastically reducing false positives.

In this workshop paper, we will introduce the different tools composing the suite we are developing to foster developers' autonomy and security automation over the software supply chain. The vulnerability detection tool in the source code, by leveraging the knowledge graph technology, will be detailed. The related work comes from BALDER a national R&D project. Finally, we describe the contributions to improving security in software and IoT applications, and expose the expected benefits.

Workshop SecIndustry Workshop SecIndustry

Gateway to the Danger Zone: Secure and Authentic Remote Reset in Machine Safety

Sebastian N. Peters (Technical University of Munich & Fraunhofer AISEC, Germany), Nikolai Puch (Technical University of Munich & Fraunhofer AISEC, Germany), Michael P. Heinl (Technical University of Munich & Fraunhofer AISEC, Germany), Philipp Zieris (Technical University of Munich & Fraunhofer AISEC, Germany), Mykolai Protsenko (Fraunhofer AISEC, Germany), Thorsten Larsen-Vefring (TRUMPF Werkzeugmaschinen SE + Co. KG, Germany), Marcel Ely Gomes (TRUMPF Werkzeugmaschinen SE + Co. KG, Germany), Aliza Maftun (Siemens AG, Germany), Thomas Zeschg (Siemens AG, Germany)

Full Paper

The increasing digitization of modern flexible manufacturing systems has opened up new possibilities for higher levels of automation, paving the way for innovative concepts such as Equipment-as-a-Service. Concurrently, remote access has gained traction, notably accelerated by the COVID-19 pandemic. While some areas of manufacturing have embraced these advancements, safety applications remain localized. This work aims to enable the remote reset of local safety events. To identify necessary requirements, we conducted collaborative expert-workshops and analyzed relevant standards and regulations. These requirements serve as the foundation for a comprehensive security and safety concept, built around a Secure Gateway. It uses secure elements, crypto-agility, PQC, and certificates for secure and authentic communication. To show the applicability, we implemented a prototype, which utilizes a gateway, cameras, and light barriers to monitor the danger zone of a robot and thus enable remote reset via public Internet. The real-world limitations we faced, were used to refine our requirements and concept iteratively. Ultimately, we present a secure and safe solution that enables the remote acknowledgment of safety-critical applications.

Workshop SecIndustry Workshop SecIndustry

A SOAR platform for standardizing, automating operational processes and a monitoring service facilitating auditing procedures among IoT trustworthy environments

Vasiliki Georgia Bilali (Institute of Communication & Computer Systems (ICCS), Greece), Eustratios Magklaris (Institute of Communication & Computer Systems (ICCS), Greece), Dimitrios Kosyvas (Institute of Communication & Computer Systems (ICCS), Greece), Lazaros Karagiannidis (Institute of Communication & Computer Systems (ICCS), Greece), Eleftherios Ouzounoglou (Institute of Communication & Computer Systems (ICCS), Greece), Angelos Amditis (Institute of Communication & Computer Systems (ICCS), Greece)

Full Paper

Advanced Threat Intelligence Orchestrator (ATIO) is a sophisticated middleware solution designed to enhance unified threat management (UTM) monitoring processes by adhering Security Orchestration Automation Response (SOAR) capabilities. This paper provides a detailed overview of ATIO, highlighting its multitasking capabilities towards coordinating information from different types of tools, usually bringing with them different types of data. Also, it gives some details on the system implementation and some indicative operational workflows. Central to ATIO's functionality is its ability to concurrently or sequentially automate the execution and processing steps of multiple workflows, while adhering to cyber security standards, organization policies and regulations. The design of ATIO is flexible, accommodating various interconnected services and tools to meet specific requirements, as well as diverse infrastructure interfaces, accommodating different specifications seamlessly adhering standardized formats and Cyber Threat Information (CTI) languages, such as STIX2.1. This integration enhances interoperability and expands the scope of cyber-threat intelligence operations by enabling connectivity with various systems and diversified data types. Moreover, ATIO automation nature, boosting detection and acknowledge efficiency and responsiveness in threat intelligence operations. It enables users to alter and filter workflow steps, preparing information for correlation and tracking cyber threat information (CTI) effectively. Additionally, ATIO includes robust mechanisms for monitoring user actions within the system, ensuring accountability and providing valuable insights into operational activities.

Workshop SecIndustry Workshop SecIndustry

An IEC 62443-security oriented domain specific modelling language

Jolahn Vaudey (Inria, France), Stéphane Mocanu (Grenoble INP, France), Gwenaël Delaval (Université Grenoble alpes, France), Eric Rutten (Inria, France)

Full Paper

As the historically isolated industrial control systems become increasingly connected, the threat posed by cyberattacks soars. To remedy this issue, industrial standards dedicated to the cybersecurity of ICS have been developed in the last twenty years, namely the IEC 62443 series. These standards provides guidelines to the creation and maintenance of a secure ICS, from the concept phase to its eventual disposal. This standard notably assume a specific Zone/Conduit model for systems, as a basis for building the security program. This model currently lacks computer-aided design tools, which are essential to the adoption of a standard. In this paper, we will present a domain specific modeling language, able to describe IEC 62443 compliant systems. Our main contributions are the DSL's syntax, which tries to formalize the informal model found in the standard, and the validation rules applied to it that ensure the described installations are secure by design, according to a set of hypotheses.

Workshop SecIndustry Workshop SecIndustry

EmuFlex: A Flexible OT Testbed for Security Experiments with OPC UA

Alexander Giehl (Fraunhofer, Germany), Michael P. Heinl (Fraunhofer AISEC, Germany), Victor Embacher (Fraunhofer AISEC, Germany)

Full Paper

Things (IIoT) like the Open Platform Communications Unified Architecture (OPC UA) were developed with security in mind. However, their correct implementation in operational technology (OT)
environments is often neglected due to a lack of appropriate monetary and human resources, especially among small and mediumsized enterprises. We present a flexible, inexpensive, and easy to use testbed enabling OT operators to experiment with different security scenarios. Our testbed is purely virtual so that procurement and construction of physical or hybrid test environments is not required. It can be operated as a web-hosted service and leverages Docker as well as OPC UA. The testbed therefore combines usability and support for modern technologies enabling future-oriented security studies as well as flexible usage across verticals and company boundaries.

Workshop SecIndustry Workshop SecIndustry

Using Artificial Intelligence in Cyber Security Risk Management for Telecom Industry 4.0

Ijeoma Ebere-Uneze (Royal Holloway, University of London, United Kingdom), Syed Naqvi (Liverpool John Moores University, United Kingdom)

Full Paper

The intensity and sophistication of cyberattacks have informed the need for artificial intelligence (AI) solutions for cyber security risk management (CSRM). We have studied the impact of using AI for CSRM in Telecommunication Industry 4.0 (TI4.0). This case study is used to develop an AI-enabled approach for enhanced protection of TI4.0. The services and the infrastructure provided by the TI4.0 are characterized by complexities due to the rapid evolution of associated technologies. This has continued to increase the attack surface and expose the industry to more cyber security risks. This article shows how the use of AI impacts CSRM in the TI4.0. Our work provides insights into the application of AI in mitigating cyber security risks. We have found that AI can enhance CSRM and, its effectiveness is determined by the quality of data that it was trained with; the training it received as well as the security of the AI solution.

Workshop SecIndustry Workshop SecIndustry

Detail SecIndustry 02/05

3rd Workshop on Cybersecurity in Industry 4.0 to be held in conjunction with the 19th International Conference on Availability, Reliability and Security

The fourth industrial (Industry 4.0) revolution represents a shift in technology and thinking about value-adding processes. It includes several critical infrastructures, which are needed to make the different technologies come together to create better products, more effective and efficient production processes. It is therefore important to improve the understanding of formal models for adversary placement and interaction in distributed cyber-physical systems. It is also important to look at the human side of security and privacy when doing digital transformation. Innovation to better understanding of fast learning with the use of laboratories, catapult centers and learning factories to real life problems is essential. Using the mini-production lines of Manufacturing Technology Catapult Center (MTNC) and the production lines, called learning factory for simulation and testing and setting up these laboratory production lines as equals to real production lines will give unprecedented insights into the various testing mechanisms and a better understanding of the threats and vulnerabilities of Industry 4.0 production lines.

The key technologies that boost Industry 4.0 are the Internet of Things (IoT), Industrial Internet of Things (IIoT), Artificial Intelligence (AI), Cloud computing, Machine Learning, Security, Big Data, Blockchain, Deep learning, Digitalization, Digital Twins, Cyber-physical system (CPS), Advanced Analytics, Robotics, and Cognitive Computing. These technologies can expand the attack surface of industry 4.0. Furthermore, information technology (IT) and operational technology (OT) are being integrated, a new range of security issues can also arise which require the defence of both IT and OT.

The workshop on cybersecurity in Industry 4.0 will provide a discussion platform for researchers in the field and an opportunity to share novel research on the topic.

Supported by the Center for Research-based Innovation (SFI) Norwegian Center for Cybersecurity in Critical Sectors (NORCICS) and the International Alliance for Strengthening Cybersecurity and Privacy in Healthcare (CybAlliance) project and the European Knowledge Hub and Policy Testbed for Critical Infrastructure Protection (EUCIP) project.

Keynote 1: Engaging SMEs in the twin transition.
Most manufacturing SMEs do not have the time and/or resources to do the research, translate the results to “better business” and at the same time avoid risk connected to implementation of new technology. The times we live in is just overwhelming in so many ways, that some stick their head in the sand, hope for the best and go on with their traditional business. In Norway, as in other places in Europe, many of these companies are corner stones of their local village. If they do not make it through the current industrial revolution, the crisis is much bigger for Norway than for the company itself. Norwegian Catapult is designed to provide competence and test infrastructure so SMEs can evolve, continue their business, or start new ones, and continue to contribute to a more resilient and sustainable society. In this keynote the CEO of Manufacturing Technology Norwegian Catapult will talk about the experience of finding the key to how to help SMEs finding ways to start or improve manufacturing business in one of the most expensive countries in the world.

About the speaker:
Emma Østerbø has been participating in and/or managing projects in manufacturing industry for almost two decades. Educated in Sweden, custom made for a job at Volvo, she ended up in the Norwegian countryside, at Raufoss. The Raufoss industry is the most robot-populated in Norway and 60 companies in the region are all globally competitive in automotive, defense, energy and more. Now as the CEO of the industrial cluster NCE Manufacturing (Norwegian Centre of Expertise), certified with the ECEI Gold Label and CEO of Manufacturing Technology Norwegian Catapult center she has taken on the role to share the competence of the cluster to the rest of Norway, with focus on SMEs. “Industryfluencer” on Instagram is her effort to de-mystify manufacturing industry to the public.

Keynote 2: Dynamic Risk Assessment for Industry 4.0
In the age of Industry 4.0, the integration of cyber-physical systems within industrial control environments presents significant opportunities alongside critical challenges, particularly in ensuring resilience. This talk, "Dynamic Risk Assessment for Industry 4.0," explores advanced methodologies for dynamic and adaptive risk assessment to address risks arising from both intentional and accidental root causes. By providing an overview of dynamic and adaptive risk assessment methods, we delve into the synergy of probabilistic techniques and expert insights to construct comprehensive risk models. These models are illustrated through realistic examples, demonstrating their suitability in various scenarios. Drawing on comprehensive research and advanced frameworks, this talk highlights the importance of adaptive, integrated approaches to risk assessment, ensuring the resilience of critical industrial systems in an increasingly interconnected world.

About the speaker:
Dr. Sabarathinam Chockalingam is a Research Scientist I at the Institute for Energy Technology (IFE), Norway. Saba has a PhD within Artificial Intelligence and Cyber Security from the Delft University of Technology and Master of Science in Cyber Security and Management from the University of Warwick. He has managed and worked in national and international research projects related to Cyber Security like CPSEC, RECYCIN, and SecuRoPS. Currently, he is leading the activity on Distinguishing Attacks and Faults to Support Effective Response in the international OECD Halden Human Technology Organisation (HTO) project. Finally, he also served as an Organization and Program Committee member in various international conferences and workshops in addition to being a reviewer and (guest) editor for high-quality journals in the field of his expertise like the International Journal of Information Security, and Computer Standards and Interfaces.

Topics of interest include, but are not limited to 03/05

Cybersecurity in Industry 4.0
Cybersecurity for 5G-enbaled industrial IoT
Digital twins for enhancing cybersecurity in Industry 4.0
Data analytics security
Security assurance in Industry 4.0
Cybersecurity for information technology (IT) and operational technology (OT)
Combining actual simulation and testing with continuing education
Demonstrating the possibilities in 5G and the results in an industrial setting with multiple threats and multi-actor operations.
5G Sim Card security for IoT based Industry 4.0
Tests of different mechanisms to monitor and protect digital twin configurations of cyber-physical systems
Resilience in Industry 4.0
Resilience in critical Assets
Improving the understanding of how organizations and high-performance teams in times of crisis and how to standardize work processes to minimize risk.
Modules for continuing education and training based on master’s in industrial innovation and secure digitalization (MINDS)
Use cases for a collaborative effort involving stakeholders and for testing functionality
Demonstration cases through a collaborative effort involving stakeholders
Demonstration cases describe how and where the use cases are to be tested in practice
Domain specific knowledge and set ups for the laboratory production lines equal to real production lines
5G Beyond Security in Industry 4.0
Dynamic Risk Assessment for Industry 4.0
Improving supply chain resilience in industry 4.0

Workshop Chairs 04/05

Workshop Chairs

Sandeep Pirbhulal

Norwegian Computing Center, Norway

sandeep@nr.no

Habtamu Abie

Norwegian Computing Center, Norway

abie@nr.no

Halvor Holtskog

Norwegian University of Science and Technology, Norway

halvor.holtskog@ntnu.no

Sokratis Katsikas

Norwegian University of Science and Technology, Norway

sokratis.katsikas@ntnu.no

Program Committee

Cristina Alcaraz | University of Malaga, Spain

Shaukat Ali | Simula Research Laboratory, Norway

Manos Athanatos | Foundation for Research and Technology Hellas, Crete

Sabarathinam Chockalingam | Institute for Energy Technology, Norway

Mauro Conti | University of Padua, Italy

Hervé Debar | Télécom SudParis, France

Sabine Delaitre | BOSONIT – Sevilla – Spain

Joaquin Garcia-Alfaro | IMT (Institut Mines-Telecom), France

Martin Gilje Jaatun | University of Stavanger, Norway

Vasileios Gkioulos | Norwegian University of Science and Technology, Norway

Ilias Gkotsis | Satways Ltd, Greece

Dieter Gollmann | Hamburg University of Technology, Germany

Bjørn Axel Gran | Institute for Energy Technology, Norway

Siv Hilde Houmb | Norwegian University of Science and Technology, Norway

Nesrine Kaaniche | Télécom SudParis, France

Stamatis Karnouskos | SAP Research, Germany

Basel Katt | Norwegian University of Science and Technology, Norway

Maryline Laurent | Télécom SudParis, France

Wolfgang Leister | Norwegian Computing Center, Norway

Fabio Martinelli | IIT-CNR, Italy

Vasileios Mavroeidis | University of Oslo, Norway

Aida Omerovic | SINTEF, Norway

Kai Rannenberg | Goethe University Frankfurt, Germany

Reijo Savola | University of Jyväskylä, Finland

Ankur Shukla | Institute for Energy Technology, Norway

Ali Hassan Sodhro | Kristianstad University, Sweden

Mohsen Toorani | University of South-Eastern Norway, Norway

Rita Ugarelli | SINTEF, Norway

Stephen Wolthusen | Norwegian University of Science and Technology, Norway

Christos Xenakis | University of Piraeus, Greece

Shouhuai Xu | University of Colorado Colorado Springs, USA

Submission 05/05

Submission Guidelines

The submission guidelines valid for the workshop are the same as for the ARES conference.

More Information

Important Dates

Submission Deadline May 17, 2024

Author Notification May 29, 2024

Proceedings Version Jun 18, 2024

Conference Jul 30 — Aug 02, 2024