DATE is pleased to present a special hybrid format for its 2022 event, as the situation related to COVID-19 is improving but safety measures and restrictions will remain uncertain for the upcoming months across Europe and worldwide. In transition towards a future post-pandemic event again, DATE 2022 will host a two-day live event in presence in the city of Antwerp (just north of Brussels in Belgium), to bring the community together again, followed by other activities carried out entirely online in the subsequent days. This setup combines the in-presence experience with the opportunities of on-line activities, fostering the networking and social interactions around an interesting program of selected talks and panels on emerging topics to complement the traditional DATE high-quality scientific, technical and educational activities.

M01 Industrial Control Systems Security

Monday, 1 February 2021 15:00
Monday, 1 February 2021 19:00
Charalambos Konstantinou, Florida State University, United States
Michail Maniatakos, NYUAD, United Arab Emirates
Fei Miao, University of Connecticut, United States

This tutorial introduces basic and advanced topics on industrial control systems (ICS) security. It starts with operational security, providing guidance on recognizing weaknesses in everyday operations and information which can be valuable to attackers. A comparative analysis between traditional information technology (IT) and operational control system architectures is also presented, along with security vulnerabilities and mitigation strategies unique to the control system domain. Current trends, threats, and vulnerabilities will be discussed, as well as attacking and defending methodologies for ICS. Case studies on cyberattacks and defenses will be presented for two critical infrastructure sectors: the power grid and the chemical sector. The tutorial also discusses the need for an accurate assessment environment, achieved through the inclusion of hardware-in-the-loop (HIL) testbeds.

The participants of the tutorial will learn: (1) known vulnerabilities of ICS, (2) common attacks on ICS and the entry point of those attacks along with impact level, (3) general strategies for secure design of ICS and cyberphysical systems, (4) strategies for attack detection, (5) testing strategies for security objectives, (6) other aspects related to economic aspect of secure design, trade-off between a secure design and usability, maintenance of features.


Part 1: Introduction and Security of ICS

  1. Introduction to ICS security
    - Motivation, Recent Incidents, Terminology, Common practices
  1. Testbeds and Security Studies


Part 2: Requirements for ICS security studies

  1. Threat Modeling and Risk Assessment 
  2. Modeling, Resources, and Metrics for ICS studies
  3. Demos of Denial-of-Service and Time-Delay Attacks in a Co-Simulation Testbed 


Part 3: Defense strategies for ICS

  1. Attack Detection and Secure Control of Cyber-Physical Systems 
  2. Defense Methodologies and Best Practices
  3. Future Challenges and Concluding Remarks