ICS-CSR 2024

7th International Symposium for

Industrial Control System & SCADA Cyber Security Research

co-organized with the
19th International Conference on Availability, Reliability and Security (ARES 2024)
https://www.ares-conference.eu/
August 1st 2024, University of Vienna, Vienna, Austria

The 7th International Symposium for ICS & SCADA Cyber Security brings together researchers with an interest in the security of industrial control systems in the light of their increasing exposure to cyber-space. The topics of interests are broad, ranging from security for hardware/firmware used in industrial control systems, to system aspects of ICS such as secure architectures and vulnerability screening to the human aspects of cyber security such as behaviour modelling and training. ICS-CSR is a research conference aimed at high quality academic research in any of the specified themes and topics of interest. We welcome original contributions that present innovative ideas, proof of concepts, use cases, and results from a variety of domains with a wish to enhance the security of infrastructure.

Proceedings of the ICS-CSR are hosted by the ACM (ACM ICPS).

ICS-CSR is welcoming contributions that have a direct application or relevance to security aspects of Distributed Control Systems (DCS), Supervisory Control and Data Acquisition Systems (SCADA), Industrial Control Systems (ICS), Operational Technology (OT), Cyber Physical Systems (CPS), Industrial Internet of Things (IIoT), Smart City, or Industry 4.0.

This list of topics is not meant to be exhaustive; ICS-CSR is interested in all aspects of computer security relating to ICS. Papers without a clear application to SCADA, Embedded Systems or Industrial Control, however, will be considered out of scope and may be rejected without full review.

* Hardware Security Solutions

- Encryption, Authentication, Availability Assurance
- Resilient Systems
- Application Security
- Secure Firmware
- Communication Systems
- Timing Vulnerabilities in RT-Control Systems
- Security Implications of Feature Interactions
- Post-quantum cryptography

* System Security

- Security Architectures
- Safety-Security Interactions
- Intrusion Detection
- Security Monitoring
- Malware Analysis
- Cyber Security Engineering
- Vulnerability Assessment/Screening
- Secure Communication Protocols
- Metrics
- Anonymity
- Language-based Security
- Network Security
- Patching and Maintenance

* Digital Forensics and Response
- Hardware Forensics
- Incident Response
- Live Forensics
- Accountability
- Forensic Readiness

* Security Management
- Risk Management
- Security Metrics
- Governance and Policy
- Business Continuity
- Critical Infrastructure Protection

* Human Factors Security
- Awareness and Training
- Behavioural Modelling
- Threat Profiling

Keynote Speaker: Stephen Fisher

Biogaphy: Stephen Fisher Davies is a Cyber Security Researcher working within the Airbus Cyber Innovation team. This team focuses on cybersecurity and resilience of IT and OT equipment with a focus on industrial manufacturing security. After receiving his BSc in Computer forensics awarded by the University of Glamorgan in 2008, Stephen has spent his career working in the innovation space for the Commercial Data Recovery industry and Digital Forensics for Criminal and other legal investigations. In his previous work as the manager and technical lead of an ISO17025 certified forensic lab, Stephen has a great deal of experience testing and validating Digital Forensic tools to see they provide dependable outputs which are fit for purpose and are reliable for use within criminal investigations. In addition to receiving Police commendations for his work in this time he was fortunate enough to assist in a great number of major investigations as an expert witness for Police forces all over the UK, the National Crime Agency and overseas incident investigations.

Speech Title: No single point of failure mentality in OT

Abstract: In this talk, I will discuss the issues posed by externally accessible operational technology (OT) and the interconnectivity of devices which run critical national infrastructures (CNI). OT and CNI systems previously protected through air gaps and obscurity are now connected to the internet and bolted into IT infrastructure, thereby have a more complex and accessible attack surface. Increasingly sophisticated attacks are now being focused at these systems, as such we need to innovate new methods of protecting these systems against attacks. Many systems cannot easily be upgraded to a modern, supported alternative. Here we will discuss the rising issue of attacks focused on programmable logic controllers, Industrial IOT (IIOT) and the infrastructure which depends on their use. Removing existing single points of failure is one way to improve the dependability of ICS and Industry 4.0, working within the operational constraints of these systems.

Panel Discussion OT Security

Prof. Thomas Brandstetter
Limes Security/ FHSTP, Austria
Chair

Prof. Leandros Maglaras
Edinburgh Napier University
Panelist

Prof. Helmut Kaufmann
Airbus
Panelist

Stephen Fisher
Airbus
Panelist

List of Accepted Papers (in order of appearance)

Oliver Eigner, Hubert Schölnast and Paul Tavolato, "How to Find out What’s Going on in Encrypted Smart Meter Networks – without Decrypting Anything"
Vijay Jayadev, Naghmeh Moradpoor and Andrei Petrovski, "Assessing the Performance of Ethereum and Hyperledger Fabric Under DDoS Attacks for Cyber-Physical Systems"
Vassilis Papaspirou, Ioanna Kantzavelou, Yagmur Yigit, Leandros Maglaras and Sokratis Katsikas, "A Blockchain-based Multi-Factor Honeytoken Dynamic Authentication Mechanism"
Pushparaj Bhosale, Wolfgang Kastner and Thilo Sauter, "Modeling Human Error Factors with Security Incidents in Industrial Control Systems: A Bayesian Belief Network Approach"
Konstantina Milousi, Prodromos Kiriakidis, Notis Mengidis, Georgios Rizos, Mariana S. Mazi, Antonis Voulgaridis, Konstantinos Votis and Dimitrios Tzovaras, "Evaluating Cybersecurity Risk: A Comprehensive Comparison of Vulnerability Scoring Methodologies"
Hanning Zhao and Bilhanan Silverajan, "Evaluating Cyber Security Dashboards for Smart Cities and Buildings: Enhancing User Modeling with LLMs"
Matthew Reaney, Kieran McLaughlin and James Grant, "Network Intrusion Response using Deep Reinforcement Learning in an Aircraft IT-OT Scenario"
Pouria Rad, Gokila Dorai and Mohsen Jozani, "From Seaweed to Security: Harnessing Alginate to Challenge IoT Fingerprint Authentication"

Workshop Chairs

Angela Smith, Airbus

Helge Janicke. Edith Cowan University

Thomas Brandstetter, Limes Security/ FHSTP, Austria

Richard Smith, De Montfort University

Leandros Maglaras, Edinburgh Napier University

TPC Chairs
Michael Robinson, Airbus, UK
Naghmeh Moradpoor, Edinburgh Napier University, UK

Publicity Chairs

Kitty Kioskli, trustulio, NL
Yagmur Yigit, Edinburgh Napier University, UK

Technical Program Committee

Nestoras Chouliaras, University of West Attica, Greece

Christos Chrysoulas, Edinburgh Napier University, UK

Tiago Cruz, University of Coimbra, Portugal

Kubra Duran, Edinburgh Napier University, UK

Vasileios Gkioulos, Norwegian University of Science and Technology, NO

Kitty Kioskli, trustulio, NL

Dimitrios Kosmanos, University of Thessaly, Greece

Simon Parkinson, University of Huddersfield, UK

Panagiotis Sarigiannidis, Universtity of Western Macedonia, Greece

Iqbal H. Sarker, Edith Cowan University, AUS

Yagmur Yigit, Edinburgh Napier University, UK

Important Dates (All deadlines are 23:59 CET)
Paper Submission Due: May 18, 2024
Acceptance Notification: June 03, 2024
Proceedings version: June 18, 2024

Previous Keynote Speakers

Previous Keynote Speakers include Joanna Burkey (Siemens), Sokratis K. Katsikas (NTNU), John S. Baras (University of Maryland), John Matherly (Shodan), Stephan Luders (CERN), Eric Byres (Tofino, Belden), Thomas Brandstetter (Limes), Sally Levesley (New Risk), and Eeiran Leverett (Cambridge University).

Submission Guidelines

The submission guidelines valid for the workshop are the same as for the ARES conference. They can be found at https://www.ares-conference.eu/conference/submission/.

SUBMISSION LINK: https://easychair.org/conferences/?conf=ares2024