Graph models for understanding dependencies and interdependencies as well as flows of resources in critical infrastructures have been studied quite extensively and have recently gained new interest in the study of supply chains. However, modern infrastructure networks are rarely static, but rather will experience changes in their topology and, moreover, may not be completely known. This renders insights based on static models largely obsolete or wrong. The ability to obtain dependency insights dynamically also for large networks would allow targeted responses and resilience mechanisms and would be widely applicable.

Objectives:

• Study and develop graph models as well as algorithms on graphs commonly employed for determining dependencies and flows as well as graph metrics and how such models and algorithms can be employed and be made more efficient in graphs with constraints on subgraphs.
• The above models and algorithms are to be investigated for the ability to preseve partial results
  or obtain efficient update mechanisms where graphs are changed locally.

Contact:

Task Leader T2.1, Stephen Wolthussen 

Ph.D, Yana Bilous 

Partners involved:

• NTNU
• SINTEF Digital
• SINTEF Energi
• Elvia (Hafslund)

Cyber-physical systems (CPS), particularly industrial control systems (ICS) at present do not have mature monitoring and intrusion detection systems in place that would provide adequate assurance of the absence of subversion attacks. Attackers may, however, seek to compromise multiple devices and entities in industrial control systems ranging from human machine interface (HMI) workstations to programmable logic controllers (PLCs), and then to co-ordinate attacks consisting of individually difficult to detect steps, or to provide other advantages such as enhanced persistence and ability to compromise anew after configuration changes as well as complex communication architectures for command and control serving to obfuscate

Objective:

• Develop a model for required and desired behaviour of cyber-physical systems and manifestations in state variables or explicit measurements with emphasis on synchronisation primitives in CPS based on process algebraic constructs.
• Develop a model of distributed, co-operating and concurrent adversaries within the framework of the model developed under (1) emphasising the communication and co-operation requirements among the adversary’s activities.
• Validation of models developed in (1) and (2) in the context of at least one case study. Where possible this is to occur in conjunction with T2.3.

Contact:

Task Leader T2.2, Stephen Wolthussen.

Postdoctoral researcher, James Wright.

Partners involved:

• NTNU
• SINTEF Energi
• SINTEF Manufacturing
• Norsk Hydro
• Elvia
• Yara.

Digital twins have evolved from passive monitoring and state estimation systems to integrated sociotechnical mechanisms that are essential for strategic modelling and planning, as well as operational real-time monitoring and control of cyber-physical systems. In order to support these functionalities, the operation of digital twins relies heavily on maintaining fidelity and synchronization with the production systems to which they are targeted. This is particularly important in safety-critical systems, from power station generators to manufacturing systems or production facilities in the oil and gas industry, and healthcare.

Objectives:

In coordination with T2.1 and T2.2, this project aims at developing digital twin demonstrators, and mechanisms that allow the monitoring and protection of such digital twin configurations targeted towards safety-critical cyber-physical systems. The primary objective of this work is to develop digital twin demonstrations of sufficient fidelity and ability to support realistic scenarios within selected sectors, such as manufacturing, energy, and smart cities. Consequently, the project will utilize this capability to study data flows, state synchronization, and broadly binding processes between production systems and the corresponding digital twins. This will allow to assess risks and attack methods towards the selected production systems, the digital twin configurations, and the bindings between the two. This will form the basis not only for the development of detection and mitigation mechanisms for attacks targeted towards the monitoring and control processes, but also for training of incident handling and analysis, particularly as a digital twin system is likely to be used as a key situational awareness mechanism by operators. To study and experiment on innovative models and tools using AI/ML to detect and forecast cyber threats by performing simulation and experimentation of digital twins for different use cases. To simulate the data-driven digital twin model for cybersecurity services in healthcare and build a foundation for use case related to digital twins for healthcare in collaboration with T4.3. Among other, the results of this project will form the basis for T3.3 and T3.14.

Contact:

Task Leader T2.3, Vasileios Gkioulos

Ph.D, Jessica Barbosa Heluany

Ph.D, Gizem Erceylan

Partners involved:

• NTNU
• SINTEF Energi
• NR
• SINTEF Manufacturing
• Norsk Hydro
• NC- Spectrum
• Sykehuset Innlandet
• Elvia
• Oslo Politidistrikt

It is important to look at the human side of security when doing digital transformation. The task will be the foundation for more research later in the SFI. Will try to contribute to the following potential innovation: better understanding of fast learning with the use of laboratories, catapult centers and learning factories to real life problems. Making the Cyber Security activities integrated part of the ordinary value creating activities. Move away from a single focus of human as a liability.

• Cyber Security – a natural part of continuous improvement in value creating activities.

• Cyber Security – support competitive advantages – a new capability.

• Cyber Security – as tool for the workforce and teams. • Put Cyber Security into the successful Nordic Collaborative Model

Objectives:

• Investigate methodologies for conducting high quality research in modern laboratories.
• Enhance double loop learning and reflection processes when using labs through action research.
• Investigate how to organize for better cyber-security when totally new skills and processes dominate the work.
• Show how cyber-security can help accelerating innovation processes.
• Find possible correlations between cognitive reflection levels and security awareness levels at individuals, that is, weaknesses and vulnerabilities of employees when attacks occur.
• Learn from other ongoing projects, like Serious games – FAbL project for effective usage of VR/AR in learning organization; SFI Manufacturing – digital tools enhance productivity, quality and sustainability; Hydro – Incredible productivity.

Contact:

Task Leader T2.4, Halvor Holtskog

Ph.D, Julie Langedahl Leirmo

Partners involved:

• NTNU
• Hydro Primary Metal
• SINTEF Manufacturing
• Sykehuset Innlandet
• Kongsberg Group

Every year all employees using ICT in their job at Hydro take part in learning programs that include security training, in most cases e-learning programs. All employees, and not only security personnel have to respond to incidents and make decisions related to safety and security. A high level of awareness and a very good understanding of threats and incidents that can happen, is vital for the company. Education and training are necessary, but it is not easy to motive all employees to take e-learning courses seriously. Hydro has started to use e-learning programs with gamified simulation training. There is a need for research that can document and study the effects of the training, when to use different training modules etc.

In this task, we will use an interactive assessment approach that includes experiments and tests and evaluations in iterations. The e-learning software tool is provided by Attensi, the content provided by Hydro, and NR with the test-methods, measurements, and data-analysis.

Objective:

• To study the security awareness of employees that take part in the e-learning training.
• To contribute to the educational program, how it can be improved, and study the effects based on real cases/scenarios.
• The overall research question concerns weaknesses and vulnerabilities of employees, and how to develop better skills and maintain these skills.

Contact:

Task Leader T2.6, Ingvar Tjøstheim (ingvar@nr.no)

  Sigurd Eskeland (sigurd@nr.no).

Partners involved:

• NR
• Hydro

Digital twins have evolved from passive monitoring and state estimation systems to integrated sociotechnical mechanisms that are essential for strategic modeling and planning, as well as operational real-time monitoring and control of cyber-physical systems. For these functionalities to be supported, it is important for the digital twins to retain fidelity and synchronization with the production systems they are linked to. Furthermore, digital twins have the potential to support functions related to incident detection, response and recovery. To make this feasible, the integration of necessary capabilities into the system development lifecycle is essential.

Objectives: 

This activity will closely coordinate with T2.2 (Modeling distributed subversion attacks in cyber physical systems), T2.3 (Digital Twin Security Models and Mechanisms), and T3.3 (Cyber Physical Range). The task will contribute to:

• Modeling static and dynamic semantics of cyber physical systems in digital twins to support cyber-attack diagnostics.
• Recognizing and qualifying cyber-attacks to understand their potential consequences for a Cyber Physical System (CPS).
• Conducting efficient and targeted incident management decision support.

Contact:

Task Leader T2.7, Vasileios Gkioulos

Partners involved:

• NTNU
• NR
• EQUINOR
• HYDRO
• KONGSBERG

Modern control systems rely on being at least partially predictive while digital twins also must maintain a state model of the targeted cyber-physical system. In addition to other threats, any adversary able to interfere with communication channels may disrupt or break processes in a number of ways, not least of which through simple and difficult-to-defend denial of service type attacks also from within an OT environment. In many industrial environments, even a relatively short disruption of a process can result in severe quality degradation, time-consuming re-start and re-calibration requirements, or other damage and financial impact, making it highly interesting to determine whether direct denial of service or the triggering of a safety system will actually result in harm and thereby meet an adversary’s objectives. The proposed project will, based on work undertaken in Task 2.2 and drawing also on results from Task 2.3, develop algebraic methods to determine whether and to what extent protocol-mediated interactions in cyber-physical systems are susceptible to breaches of security, safety, and liveness guarantees. To this end the project will develop a mapping of selected semantics found in manufacturing automation protocols as well as the semantics of composition for sequences and event-based composition. This will allow the investigation of (partial) automation of the identification of possible vulnerabilities as well as efficient means of mitigating these. This will enable a more evidence-based approach to determining risk as required by IEC 62443-3-2 and aspects of the Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS2 Directive)

Objectives: 

• Define formal and operational semantics for security, safety, and liveness (SSL) properties in a - calculus variant based on results of Task 2.2.
• Develop a mapping of the semantic elements onto selected field bus protocols (PROFINET, IEC 61158 with real-time and security extensions specified in IEC 61874 and functional safety properties specified in IEC 61508) as well as general process automation in IEC 61850 with security extensions as specified in IEC 62351.
• Investigate selected attacks originating from within OT components or communication channels on OT systems to determine whether such attacks may breach one or more of the SSL properties.
• Investigate mechanisms to (partially) automate mechanisms for proof of SSL property maintenance or their breach in a given configuration.

Contact:

Task Leader T2.8, Stephen Wolthusen

Partners involved:

• NTNU
• Norsk Hydro
• Yara