WP 2: Foundations
This work package seeks to identify and address gaps in the state-of-the-art in securing cyber-physical systems and systems in critical sectors through the modeling of services and dependencies, enhanced understanding of advanced attacks, and both challenges as well as opportunities presented by dynamic cyber-physical environments from industrial systems and critical sectors relying not only on technological aspects but also ensuring that human aspects are given due consideration.
Tasks for the first 48 months of the center have been planned; these are listed below. These may be extended in time and/or new tasks will be established according to the input received from WP1, WP3, and WP4.
Tasks within Work Package 2
Tasks within Work Package 2
Critical infrastructure networks, including supply chains are increasingly characterised by dynamic changes. Dependencies need to be identified and understood so that these can be mitigated and responded to.
In this work we will study algorithms and tools for:
- Graph models and combinatorial algorithms on graphs with dynamic constraints representing dependencies in critical infrastructures and supply chains
- Derivation of optimal algorithms for preserving partial results after modifications to source graphs
- Development of tools and algorithms to maintain dependency information even in the presence of incomplete information on structures
- Integration of research on understanding risk propagation in supply chains
Task Leader T2.1, Stephen Wolthussen
Ph.D, Yana Bilous
Objective: Develop new security primitives for the verification and detection.
- Symbolically define safe state machine behaviour in the face of disruptive attackers
- Create a weakened symbolic adversary
- Model how communication channel semantics and partial information affect the state machine
- Develop security primitives for synchronization of state and availability
- Identify attacks in real world ICS/CPS standards
Task Leader T2.2, Stephen Wolthussen.
Postdoctoral researcher, James Wright.
- Development of detection and mitigation mechanisms for attacks targeted towards the monitoring and control processes
- Training for incident handling and analysis
- Development of key situational awareness training mechanisms
- Assess risks and attack methods towards the selected production systems, the digital twin configurations, and the bindings between the two
- Digital twins have evolved from passive monitoring and state estimation systems to integrated sociotechnical mechanisms that are essential for strategic modelling and planning, as well as operational real-time monitoring and control of cyber-physical systems.
- Developing digital twin demonstrators, and mechanisms that allow the monitoring and protection of such digital twin configurations targeted towards safety-critical cyber-physical systems.
- Develop digital twin demonstrations of sufficient fidelty and ability to support realistic scenarios within selected sectors, such as manufacturing, energy, and smart cities.
- Study data flows, state synchronisation, and broadly binding processes between production systems and the corresponding digital twins.
In order to support these functionalities, the operation of digital twins relies heavily on maintaining fidelty and synchronisation with the production systems to which they are targeted. This is particularly important in safety-critical systems.
Task Leader T2.3, Vasileios Gkioulos
Ph.D, Jessica Barbosa Heluany
Objective: Demonstrate how cybersecurity interact with work and innovation processes.
- Create double-loop learning with the help of laboratories, catapult centers and learning factories etc.
- Integrate cybersecurity as a natural part of value creating activities and continuous improvement
- Shift the view away from human as a liability in cybersecurity
- Introduce cybersecurity to the successful Nordic Collaborative Model
- Better understand how to organize for cybersecurity when new skills and processes dominates the work
Task Leader T2.4, Halvor Holtskog
Ph.D, Julie Langedahl Leirmo
Every year all employees using ICT in their job at Hydro take part in learning programs that include security training, in most cases e-learning programs. All employees, and not only security personnel have to respond to incidents and make decisions related to safety and security. A high level of awareness and a very good understanding of threats and incidents that can happen, is vital for the company. Education and training are necessary, but it is not easy to motive all employees to take e-learning courses seriously. Hydro has started to use e-learning programs with gamified simulation training. There is a need for research that can document and study the effects of the training, when to use different training modules etc.
In this task, we will use an interactive assessment approach that includes experiments and tests and evaluations in iterations. The e-learning software tool is provided by Attensi, the content provided by Hydro, and NR with the test-methods, measurements, and data-analysis.
- To study the security awareness of employees that take part in the e-learning training.
- To contribute to the educational program, how it can be improved, and study the effects based on real cases/scenarios.
- The overall research question concerns weaknesses and vulnerabilities of employees, and how to develop better skills and maintain these skills.
Task Leader T2.5, Ingvar Tjøstheim (email@example.com)
Sigurd Eskeland (firstname.lastname@example.org).