DATE 2021 became a virtual conference due to the worldwide COVID-19 pandemic (click here for more details)

Taking into consideration the continued erratic development of the worldwide COVID-19 pandemic and the accompanying restrictions of worldwide travelling as well as the safety and health of the DATE community, the Organizing Committees decided to host DATE 2021 as a virtual conference in early February 2021. Unfortunately, the current situation does not allow a face-to-face conference in Grenoble, France.

The Organizing Committees are working intensively to create a virtual conference that gives as much of a real conference atmosphere as possible.

 
 
 
 

M01 Industrial Control Systems Security

Start
Monday, 1 February 2021 15:00
End
Monday, 1 February 2021 19:00
Organizer
Charalambos Konstantinou, Florida State University, United States
Organizer
Michail Maniatakos, NYUAD, United Arab Emirates
Organizer
Fei Miao, University of Connecticut, United States

This tutorial introduces basic and advanced topics on industrial control systems (ICS) security. It starts with operational security, providing guidance on recognizing weaknesses in everyday operations and information which can be valuable to attackers. A comparative analysis between traditional information technology (IT) and operational control system architectures is also presented, along with security vulnerabilities and mitigation strategies unique to the control system domain. Current trends, threats, and vulnerabilities will be discussed, as well as attacking and defending methodologies for ICS. Case studies on cyberattacks and defenses will be presented for two critical infrastructure sectors: the power grid and the chemical sector. The tutorial also discusses the need for an accurate assessment environment, achieved through the inclusion of hardware-in-the-loop (HIL) testbeds.

The participants of the tutorial will learn: (1) known vulnerabilities of ICS, (2) common attacks on ICS and the entry point of those attacks along with impact level, (3) general strategies for secure design of ICS and cyberphysical systems, (4) strategies for attack detection, (5) testing strategies for security objectives, (6) other aspects related to economic aspect of secure design, trade-off between a secure design and usability, maintenance of features.

Agenda:

Part 1: Introduction and Security of ICS

  1. Introduction to ICS security
    - Motivation, Recent Incidents, Terminology, Common practices
  1. Testbeds and Security Studies
     

Break

Part 2: Requirements for ICS security studies

  1. Threat Modeling and Risk Assessment 
  2. Modeling, Resources, and Metrics for ICS studies
  3. Demos of Denial-of-Service and Time-Delay Attacks in a Co-Simulation Testbed 
     

Break

Part 3: Defense strategies for ICS

  1. Attack Detection and Secure Control of Cyber-Physical Systems 
  2. Defense Methodologies and Best Practices
  3. Future Challenges and Concluding Remarks