New research co-funded by the Engineering and Physical Sciences Research Council (EPSRC) will focus on the cyber-security of the UK’s industrial control systems. They’re the systems that run, for example, factories, power stations, the electricity grid, and the railways.
The research will help understand and mitigate threats from hackers or malware infiltrating the systems behind our critical national infrastructure (CNI).
The Research Institute in Trustworthy Industrial Control Systems (RITICS) (GOW: EP/L021013/1), based at Imperial College London, is co-ordinating the research with £2.5m on new projects at Queen’s University of Belfast, the University of Birmingham, City University London and Lancaster University.
The research money comes from the EPSRC and the UK’s National Cyber Security Programme. The official Centre for the Protection of National Infrastructure (CPNI) and the Government intelligence agency GCHQ are supporting the research.
The researchers will work with industry partners on the risks from cyber-attack, examine how risk is communicated to business and provide interventions to counter the risk. Metrics and software tools will be produced so that non-technical decision makers can assess cyber-security in the context of their business.
Historically, as the EPSRC points out, industrial control systems were kept isolated to keep them secure. However these systems are now connected into complex and inter-connected networks via the internet. There are business advantages from such interconnections but there are also greater risks to recognise and manage, the EPSRC adds.
Professor Chris Hankin, from the RITICS at Imperial College London, says: “Where control systems are linked to the internet we need to understand how failures could cascade across the system. We will be looking at new ways of repairing damage to systems if an attack happens. We need to address how to approach network maintenance for industrial control systems, particularly as most systems operate on a 24/7 basis. So we will be looking at how we can ensure better protection without compromising performance.”
In details: Birmingham
The University of Birmingham team will carry out a security analysis of the National Grid and The Rail Safety and Standards Board to see possible failures. Industry partners are TRL and Parsons Brinckerhoff. The challenges are to understand the vulnerabilities, says Prof Clive Roberts at Birmingham. He said: “A cyber-attack on the railways wouldn’t affect safety as the trains are designed to be fail-safe but it would cause major disruption as trains would stop all over the network.”
City University London
City University London will look at how to do cyber risk assessment of critical infrastructure. Project partners are Adelard LLP and Alstom Group. Prof Robin Bloomfield at City said: “The risk communication is an important component of the project and will consider the needs of different stakeholders, not just highly technical people. Some of the modelling work will be published as case studies and made publicly available.”
Lancaster
Lancaster are working with from industry Airbus, Thales, Atkins-Global and Raytheon. The aim, to look at the cyber-security risks where people and technology meet, for instance at industrial control systems. Prof Awais Rashid at Lancaster said: “If you give people lots of technical metrics that they don’t understand you get poor decision making. Risk decisions are made not only at board and management level but also by those working with industrial control systems on a day-to-day basis.”
Queen’s, Belfast
Queen’s University Belfast with Scottish and Southern Energy, Statnett and Thales Ltd are looking at the national grid; where the grid operates over the telecoms network it could be vulnerable.
Prof Sakir Sezer, of Queen’s University Belfast, said: “Presently, Ireland frequently operates with over 50 per cent of electricity supplied by wind generation. Operating the system with such high levels of renewable generation is a challenge, and requires complex wide area monitoring and control. Should the telecoms systems that support the control system be compromised, the impact of the resultant loss of electricity supply would have far-reaching consequences for society. This would involve loss of consumer supply, supply to hospitals, industry, and would even affect the gas, water and sewage networks.” Visit http://www.epsrc.ac.uk.
Meanwhile an honorary professorship at Lancaster University has gone to Nick Coleman, the Global Head of Cyber Security Intelligence Services at IBM.
Coleman advises governments and businesses around the world on risk management and security. He was commissioned by the Cabinet Office to advise the Government on information assurance and to conduct the first independent review to assess whether the Government’s information and infrastructure was adequately protected against deliberate attack, disruption to services or loss of critical data.
His report, ‘The Coleman Report’, was published in the Houses of Parliament. An alumnus of Lancaster University, he also holds an MBA from Manchester Business School.
