Critical infrastructure networks, including supply chains are increasingly characterised by dynamic changes. Dependencies need to be identified and understood so that these can be mitigated and responded to.

In this work we will study algorithms and tools for:

• Graph models and combinatorial algorithms on graphs with dynamic constraints representing dependencies in critical infrastructures and supply chains
• Derivation of optimal algorithms for preserving partial results after modifications to source graphs
• Development of tools and algorithms to maintain dependency information even in the presence of incomplete information on structures
• Integration of research on understanding risk propagation in supply chains

Contact:

Task Leader T2.1, Stephen Wolthussen 

Ph.D, Yana Bilous 

Objective: Develop new security primitives for the verification and detection.

• Symbolically define safe state machine behaviour in the face of disruptive attackers
• Create a weakened symbolic adversary
• Model how communication channel semantics and partial information affect the state machine
• Develop security primitives for synchronization of state and availability
• Identify attacks in real world ICS/CPS standards

Contact:

Task Leader T2.2, Stephen Wolthussen.

Postdoctoral researcher, James Wright.

What?

• Development of detection and mitigation mechanisms for attacks targeted towards the monitoring and control processes
• Training for incident handling and analysis
• Development of key situational awareness training mechanisms
• Assess risks and attack methods towards the selected production systems, the digital twin configurations, and the bindings between the two

Why?

• Digital twins have evolved from passive monitoring and state estimation systems to integrated sociotechnical mechanisms that are essential for strategic modelling and planning, as well as operational real-time monitoring and control of cyber-physical systems.

How?

• Developing digital twin demonstrators, and mechanisms that allow the monitoring and protection of such digital twin configurations targeted towards safety-critical cyber-physical systems.
• Develop digital twin demonstrations of sufficient fidelty and ability to support realistic scenarios within selected sectors, such as manufacturing, energy, and smart cities.
• Study data flows, state synchronisation, and broadly binding processes between production systems and the corresponding digital twins.

In order to support these functionalities, the operation of digital twins relies heavily on maintaining fidelty and synchronisation with the production systems to which they are targeted. This is particularly important in safety-critical systems. 

Contact:

Task Leader T2.3, Vasileios Gkioulos

Ph.D, Jessica Barbosa Heluany

Objective: Demonstrate how cybersecurity interact with work and innovation processes.

• Create double-loop learning with the help of laboratories, catapult centers and learning factories etc.
• Integrate cybersecurity as a natural part of value creating activities and continuous improvement
• Shift the view away from human as a liability in cybersecurity
• Introduce cybersecurity to the successful Nordic Collaborative Model
• Better understand how to organize for cybersecurity when new skills and processes dominates the work

Contact:

Task Leader T2.4, Halvor Holtskog

Ph.D, Julie Langedahl Leirmo

Every year all employees using ICT in their job at Hydro take part in learning programs that include security training, in most cases e-learning programs. All employees, and not only security personnel have to respond to incidents and make decisions related to safety and security. A high level of awareness and a very good understanding of threats and incidents that can happen, is vital for the company. Education and training are necessary, but it is not easy to motive all employees to take e-learning courses seriously. Hydro has started to use e-learning programs with gamified simulation training. There is a need for research that can document and study the effects of the training, when to use different training modules etc.

In this task, we will use an interactive assessment approach that includes experiments and tests and evaluations in iterations. The e-learning software tool is provided by Attensi, the content provided by Hydro, and NR with the test-methods, measurements, and data-analysis.

Objective:

• To study the security awareness of employees that take part in the e-learning training.
• To contribute to the educational program, how it can be improved, and study the effects based on real cases/scenarios.
• The overall research question concerns weaknesses and vulnerabilities of employees, and how to develop better skills and maintain these skills.

Contact:

Task Leader T2.5, Ingvar Tjøstheim (ingvar@nr.no)

  Sigurd Eskeland (sigurd@nr.no).