Special Issue "Cybersecurity and Privacy Issues in Cyber-Physical Systems and Industrial Control Systems"

A special issue of Electronics (ISSN 2079-9292). This special issue belongs to the section "Systems & Control Engineering".

Deadline for manuscript submissions: closed (25 November 2023) | Viewed by 12086

Special Issue Editors

Department of Information Security and Communication Technology, Norwegian University of Science and Technology, N-2815 Gjøvik, Norway
Interests: cybersecurity; risk management; threat analysis; critical infrastructure protection; cyber physical systems security
Special Issues, Collections and Topics in MDPI journals
1. Department of Computer Science and Biomedical Informatics, University of Thessaly, 382 21 Volos, Greece
2. Department of Information Security and Communication Technology, Norwegian University of Science and Technology, 2815 Gjøvik, Norway
Interests: information and cyber security; intrusion detection; privacy; blockchain
Special Issues, Collections and Topics in MDPI journals
Department of Electronic Systems, Aalborg University, 9220 Aalborg, Denmark
Interests: ICT security and privacy; DNS security

Special Issue Information

Dear Colleagues,

Cyber-physical systems (CPS) are physical and engineered systems that interact with the physical environment. These systems exist everywhere around us, and range in size, complexity and criticality, from embedded systems used in smart vehicles, to SCADA systems in smart grids to control systems in water distribution systems, to smart transportation systems, to plant control systems, engineering workstations, substation equipment, programmable logic controllers (PLCs), and other Industrial Control Systems (ICS). CPSs are elements of the Internet of Things (IoT) and, because they have resulted from the integration of information technology with operational technology, are central to the fourth industrial revolution and to the Industrial Internet of Things (IIoT).

As CPS and ICS proliferate, and increasingly interconnect and interact among them and with us, they present an increased cyber-attack surface. As they also increasingly affect our life, their cybersecurity becomes of paramount importance. Accordingly, research into the cybersecurity and privacy of CPSs is attracting increasing attention from both industry and academia.

In line with these efforts, the main theme of this Special Issue is to investigate novel methodologies, theories, technologies, techniques, processes, and solutions for CPS cybersecurity and privacy. In this Special Issue, original research articles and reviews that present innovative ideas, proof of concepts, use cases, and results from a variety of topics relevant to ICS and CPS are welcome. Topics addressed in the submissions include but are not limited to:

  • Attacks and attack detection for CPS and ICS
  • Authentication and access control for CPS and ICS
  • Blockchain for CPS and ICS cybersecurity
  • Data security and privacy for CPS and ICS
  • Digital twin security for CPS and ICS
  • Embedded systems security
  • Formal methods for CPS and ICS cybersecurity
  • Incident Response and Digital Forensics for CPS and ICS
  • IoT and IIoT cybersecurity and privacy
  • Lightweight crypto technologies applied to CPS and ICS
  • Maritime CPS cybersecurity
  • Methods, tools and techniques for the elicitation, analysis and modeling of security requirements for CPS and ICS
  • Penetration testing for CPS and ICS
  • Recovery of CPS and ICS from cyber attacks
  • Risk management for CPS and ICS
  • Secure communication protocols for CPS and ICS
  • Security architectures for CPS and ICS
  • Security by design for CPS and ICS
  • Security testing methods and tools for CPS and ICS
  • Threat modeling for CPS and ICS
  • Vulnerability analysis for CPS and ICS

We look forward to receiving your contributions.

Dr. Georgios Kavallieratos
Dr. Georgios Spathoulas
Dr. Marios Anagnostopoulos
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Electronics is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2200 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • cybersecurity
  • cyber-physical systems
  • industrial control systems
  • privacy, risk management
  • vulnerability assessment
  • threat modeling
  • intrusion detection
  • incident response
  • cyber security requirements engineering

Published Papers (7 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

Jump to: Other

21 pages, 572 KiB  
Article
Fine-Grained Access Control with User Revocation in Smart Manufacturing
Electronics 2023, 12(13), 2843; https://doi.org/10.3390/electronics12132843 - 27 Jun 2023
Cited by 1 | Viewed by 748
Abstract
Collaborative manufacturing is a key enabler of Industry 4.0 that requires secure data sharing among multiple parties. However, intercompany data-sharing raises important privacy and security concerns, particularly given intellectual property and business-sensitive information collected by many devices. In this paper, we propose a [...] Read more.
Collaborative manufacturing is a key enabler of Industry 4.0 that requires secure data sharing among multiple parties. However, intercompany data-sharing raises important privacy and security concerns, particularly given intellectual property and business-sensitive information collected by many devices. In this paper, we propose a solution that combines four technologies to address these challenges: Attribute-Based Encryption for data access control, blockchain for data integrity and non-repudiation, Hardware Security Modules for authenticity, and the Interplanetary File System for data scalability. We also use OpenID for dynamic client identification and propose a new method for user revocation in Attribute-Based Encryption. Our evaluation shows that the solution can scale up to 2,000,000 clients while maintaining all security guarantees. Full article
Show Figures

Figure 1

18 pages, 2260 KiB  
Article
Attacking IEC 61850 Substations by Targeting the PTP Protocol
Electronics 2023, 12(12), 2596; https://doi.org/10.3390/electronics12122596 - 08 Jun 2023
Viewed by 1590
Abstract
Digital substations, also referred to as modern power grid substations, utilize the IEC 61850 station and process bus in conjunction with IP-based communication. This includes communication with switch yard equipment within the substation as well as the dispatch center. IEC 61850 is a [...] Read more.
Digital substations, also referred to as modern power grid substations, utilize the IEC 61850 station and process bus in conjunction with IP-based communication. This includes communication with switch yard equipment within the substation as well as the dispatch center. IEC 61850 is a global standard developed to standardize power grid communications, covering multiple communication needs related to modern power grid substations or digital substations. Unlike the legacy communication standards, IEC 60870-5-104 and DNP3, IEC 61850 is specifically designed for IP-based communication. It comprises several communication models and supports real-time communication by introducing the process bus to replace traditional peer-to-peer communication with standard network communication between substation equipment and the switch yard. The process bus, especially Sampled Measured Values (SMV) communication, in modern power grid substations relies on extremely accurate and synchronized time to prevent equipment damage, maintain power grid system balance, and ensure safety. In IEC 61850, time synchronization is provided by the Precision Time Protocol (PTP). This paper discusses the significance and challenges of time synchronization in IEC 61850 substations, particularly those associated with PTP. It presents the results of a controlled experiment that subjects time synchronization and PTP to cyber-attacks and discusses the potential consequences of such attacks. The paper also provides recommendations for potential mitigation strategies. The contribution of this paper is to provide insights and recommendations for enhancing the security of IEC 61850-based substations against cyber-attacks targeting time synchronization. The paper also explores the potential consequences of cyber-attacks and provides recommendations for potential mitigation strategies. Full article
Show Figures

Figure 1

16 pages, 1999 KiB  
Article
DpGuard: A Lightweight Attack Detection Method for an Industrial Bus Network
Electronics 2023, 12(5), 1121; https://doi.org/10.3390/electronics12051121 - 24 Feb 2023
Cited by 1 | Viewed by 787
Abstract
In industrial control systems (ICSs), the PROFIBUS-DP (decentralized peripherals) protocol is widely used for communication between devices. Because PROFIBUS-DP is an unencrypted and insecure bus protocol, attackers can connect to the PROFIBUS-DP system and arbitrarily manipulate I/O process values, which may interrupt the [...] Read more.
In industrial control systems (ICSs), the PROFIBUS-DP (decentralized peripherals) protocol is widely used for communication between devices. Because PROFIBUS-DP is an unencrypted and insecure bus protocol, attackers can connect to the PROFIBUS-DP system and arbitrarily manipulate I/O process values, which may interrupt the normal operation of industrial equipment, or have more serious consequences. However, due to the complex structures of bus networks and the large number of attack areas, the existing scheme does not monitor all the messages in the industrial head office network and cannot effectively detect semantic attacks. To solve this problem, we propose a novel attack detection system DpGuard. DpGuard automatically builds a finite-state machine model of normal ICS behavior through a large number of historical ICS traffic data. The model includes state events, state transitions, state transition probability, and other normal behavior information. In addition, DpGuard records the execution status of the context data package, uses the real-time captured data package as the input of the model, and judges whether the state event and state transition probability conform to the constraints of the finite-state machine model, so as to identify the legitimate normal behavior of the ICS. Our proposal was evaluated using two Siemens PLCs (programmable logic controllers) deployed on the PROFIBUS-DP system. The experimental results demonstrated that the scheme could accurately detect fault injection and semantic attacks. Compared with other detection models, our scheme presented an improved detection performance, with a detection accuracy of 99.80%. Full article
Show Figures

Figure 1

20 pages, 1534 KiB  
Article
A Zero-Trust Architecture for Remote Access in Industrial IoT Infrastructures
Electronics 2023, 12(3), 566; https://doi.org/10.3390/electronics12030566 - 22 Jan 2023
Cited by 6 | Viewed by 2395
Abstract
This paper considers the domain of Industrial Internet of Things (IIoT) infrastructures and the recurring need for collaboration across teams and stakeholders by means of remote access. The paper describes a secure solution beyond the traditional perimeter-based security approach, which consists of an [...] Read more.
This paper considers the domain of Industrial Internet of Things (IIoT) infrastructures and the recurring need for collaboration across teams and stakeholders by means of remote access. The paper describes a secure solution beyond the traditional perimeter-based security approach, which consists of an architecture that supports multi-level authorization to achieve fine-grained access control, better scalability, and maintainability. An implementation of the proposed solution, using open-source technologies, is also discussed and covers the protection of both the network and edge domains of a complex IIoT infrastructure. Finally, the paper presents a risk-driven and model-based process that is designed to support the migration of existing infrastructures to the solution architecture. The approach is validated, taking as a reference two relevant scenarios for the aerospace industry. Full article
Show Figures

Figure 1

19 pages, 1973 KiB  
Article
Secure State Estimation of Cyber-Physical System under Cyber Attacks: Q-Learning vs. SARSA
Electronics 2022, 11(19), 3161; https://doi.org/10.3390/electronics11193161 - 01 Oct 2022
Cited by 4 | Viewed by 1310
Abstract
This paper proposes a reinforcement learning (RL) algorithm for the security problem of state estimation of cyber-physical system (CPS) under denial-of-service (DoS) attacks. The security of CPS will inevitably decline when faced with malicious cyber attacks. In order to analyze the impact of [...] Read more.
This paper proposes a reinforcement learning (RL) algorithm for the security problem of state estimation of cyber-physical system (CPS) under denial-of-service (DoS) attacks. The security of CPS will inevitably decline when faced with malicious cyber attacks. In order to analyze the impact of cyber attacks on CPS performance, a Kalman filter, as an adaptive state estimation technology, is combined with an RL method to evaluate the issue of system security, where estimation performance is adopted as an evaluation criterion. Then, the transition of estimation error covariance under a DoS attack is described as a Markov decision process, and the RL algorithm could be applied to resolve the optimal countermeasures. Meanwhile, the interactive combat between defender and attacker could be regarded as a two-player zero-sum game, where the Nash equilibrium policy exists but needs to be solved. Considering the energy constraints, the action selection of both sides will be restricted by setting certain cost functions. The proposed RL approach is designed from three different perspectives, including the defender, the attacker and the interactive game of two opposite sides. In addition, the framework of Q-learning and state–action–reward–state–action (SARSA) methods are investigated separately in this paper to analyze the influence of different RL algorithms. The results show that both algorithms obtain the corresponding optimal policy and the Nash equilibrium policy of the zero-sum interactive game. Through comparative analysis of two algorithms, it is verified that the differences between Q-Learning and SARSA could be applied effectively into the secure state estimation in CPS. Full article
Show Figures

Figure 1

17 pages, 2461 KiB  
Article
An Adaptive Enhanced Technique for Locked Target Detection and Data Transmission over Internet of Healthcare Things
Electronics 2022, 11(17), 2726; https://doi.org/10.3390/electronics11172726 - 30 Aug 2022
Cited by 2 | Viewed by 1570 | Correction
Abstract
The incredible advancements in data transmission technology have opened up more potentials for data security than ever before. Numerous methods for data protection have been developed during the previous decades, including steganography and cryptography. The security and integrity of medical data have emerged [...] Read more.
The incredible advancements in data transmission technology have opened up more potentials for data security than ever before. Numerous methods for data protection have been developed during the previous decades, including steganography and cryptography. The security and integrity of medical data have emerged as major barriers for healthcare service systems as the Internet of Things has evolved dramatically in the healthcare business. Communication between two devices securely is a difficult problem. Numerous cryptographic algorithms are already available, including data encryption standard (DES), Rivest–Shamir–Adleman (RSA), and advanced encryption standard (AES). In this paper, we present a hybrid security model for the protection of diagnostic text data contained in medical photographs. The proposed model is built by combining a proposed hybrid encryption system with either a 2D Discrete Wavelet Transform 1 Level (2D-DWT-1L) or a 2D Discrete Wavelet Transform 2 Level (2D-DWT-2L) steganography technique. The suggested model encrypts secret data and hides them using 2D-DWT-3L. As text covers, color and grayscale images are employed. The suggested system’s performance was tested using PSNR, SSIM, MSE, and Correlation. Associated to state-of-the-art approaches, the proposed model masked personal patient data with high capacity, imperceptibility and minimum deterioration in the received stego-image. We use MATLAB to build the proposed mechanism, and measures such as throughput and execution time are used to assess performance. Full article
Show Figures

Figure 1

Other

Jump to: Research

1 pages, 158 KiB  
Correction
Correction: Khan et al. An Adaptive Enhanced Technique for Locked Target Detection and Data Transmission over Internet of Healthcare Things. Electronics 2022, 11, 2726
Electronics 2022, 11(19), 3112; https://doi.org/10.3390/electronics11193112 - 29 Sep 2022
Viewed by 697
Abstract
There was an error in the original publication [...] Full article
Back to TopTop