From manufacturing plants to power grids, industrial control systems are increasingly controlled and networked digitally. While networking these systems together improves their efficiency and convenience to control, it also opens them up to attacks by malicious actors. When these attacks occur, forensic investigators should be able to determine what was compromised and which corrective actions need to be taken.In this paper, we propose a method to investigate attacks on industrial control systems by simulating the logged inputs of the system over time using a model constructed from the control programs. We detect any attacks that will lead to perturbations of the normal operation of the system by comparing the simulated output to the actual output. We also perform dependency tracing between the inputs and outputs of the system, so that attacks can be traced from the anomaly to their sources and vice-versa. Our method can greatly aid investigators in recovering the complete attack graph used by the attacker using only the input and output logs from an industrial control system. To evaluate our method, we constructed a hybrid testbed with a simulated version of the Simplified Tennessee Eastman process, using a hardware-inthe-loop Allen-Bradley Micrologix 1100 PLC. We were able to accurately detect all attack anomalies with a false positive rate of 0.3% or less.
The cybersecurity consortium, which was established by DOE/NNSA’s Minority Serving Institutions Partnerships Program (MSIPP), allows students from any of the partner schools (13 HBCUs, two national laboratories, and a public school district) to have all consortia options available to them, to create career paths and to open doors to DOE sites and facilities to student members of the consortium. As a part of this year consortium activities, Sandia National Laboratories and the University of Virgin Islands conducted a week long cyber workshop that consisted of three courses; Digital Forensics and Malware Analysis, Python Programming, and ThunderBird Cup. These courses are designed to enhance cyber defense skills and promote learning within STEM related fields.
Design of a physical security perimeter fencing system requires that security designers provide effective detection, delay, and response functionalities with minimal nuisance alarms. In addition, the designers must take into considerations the security fence system life cycle cost (equipment and grounds maintenance), complexity of the terrain, safety, and environmental conditions (location of where the security fence will be installed). Often, these factors drive the security designers to design a perimeter intrusion detection and assessment system (PIDAS) that includes: (1) larger than desired footprint, (2) one or more animal control fences to minimize the nuisance alarm rate (NAR), and (3) clear zones and an isolation zone to facilitate intrusion detection and assessment by keeping the fence lines clear of vegetation, trash, and other objects that could impede the security system's performance. This paper presents a two-tier PIDAS design that focuses on effective performance specifically in high probability of detection and low NAR that minimizes cost and the footprint of the system.
Platform-independent Interaction Collaborative Environments (ICE) technologies include support for simultaneous display and control of unmodified X application software by two or more people, at separate locations, using different workstation hardware. Audio and video provide remote collaborators with the ability to discuss what they are all simultaneously seeing on their workstations. Remote pointing and marking capabilities are also provided independent of the application. The authors briefly describe their X application sharing work, and requirements for supporting tools, including multi-media. Finally they review some of the pilot project network applications of their work to robotics and manufacturing environments.