Advanced System for the Detection of Persistent Cyberattacks in Industry 4.0
The problem of cybersecurity in industrial control environments is becoming increasingly more important. These type of systems have gone from being isolated to become Internet-connected systems, thus they are exposed to the dangers and threats that affect more open networks. However, the digitization of the industry and the rapid growth of paradigms such as Industry 4.0 (I4.0) and the Industrial Internet of Things (IioT), in which physical objects and other processes are seamlessly integrated into the information network, creates new potential vulnerabilities and attack vectors, making industrial environments even more exposed than before. As one of the tenets of these paradigms is the creation of a virtual copy of the real world, one of the strategies that can be used to protect them is to provide services that are able to monitor the behavior of such virtual world at all times.
In order to achieve such goal, it is essential to understand what are the risks associated to the technological pillars of I4.0 and IIoT, such as the Internet of Things (IoT) and Cyber-Physical Systems (CPS). In theory, these technologies allow the creation of an interoperable and modular environment, where all actors connect and communicate with each other, making decisions on their own. In practice, there are many hurdles to overcome, such as the combination of heterogeneous technologies and standards with multiple protocols and access policies. In parallel, we have also to consider that the possible attacks in industrial environments have become even more complex, and Advanced Persistent Threats (APTs) are increasingly common.
Consequently, the main objective of the SADCIP project is the development of an advanced detection system capable of dealing with APTs and other threats in the context of modern industrial control systems, taking into account the specific characteristics of Industry 4.0 and related paradigms, plus its integration with IoT and CPS technologies. For this purpose, NICS will develop a modular and extensible architecture where multiple cooperative detections systems can be integrated. Such architecture will be instantiated and deployed in real world scenarios in collaboration with the cybersecurity company S2Grupo.
Research Project Funded by: