STPA-SafeSec: Safety and Security Analysis for Cyber-Physical Systems

Cyber-physical systems tightly integrate physical processes and information and communication technologies. As today’s critical infrastructures, e.g., the power grid or water distribution networks, are complex cyber-physical systems, ensuring their safety and security becomes of paramount importance. Traditional safety analysis methods, such as HAZOP, are ill-suited to assess these systems. Furthermore, cybersecurity vulnerabilities are often not considered critical, because their effects on the physical processes are not fully understood. In this work, we present STPA-SafeSec, a novel analysis methodology for both safety and security. Its results show the dependencies between cybersecurity vulnerabilities and system safety. Using this information, the most effective mitigation strategies to ensure safety and security of the system can be readily identified. We apply STPA-SafeSec to a use case in the power grid domain, and highlight its benefits.

Rehydroxylation Dating: Assessment for Archaeological Application

Investigations are carried out into the mass gain behaviour of fired clay ceramics following drying (130°C) and reheating (500°C), and the application of these mass gain properties to the dating of archaeological ceramics using a modified rehydroxylation dating (RHX) methodology, a component based approach. Gravimetric analysis is conducted using a temperature and humidity controlled glove box arrangement (featuring a top-loading balance) on eighteen samples of varied known ages and contexts; this occurs following transfer from environmentally controlled chambers where subsamples of these samples are aged at three temperatures (25°C, 35°C, 45°C) following drying and reheating. The sample set consists principally of post-medieval bricks, but also includes some post-medieval pottery as well as both Etruscan and Roman ceramics. A suite of techniques are applied to characterise these ceramics, including XRD, FTIR, p-XRF, thin-section petrography, BET analysis, TG-MS and permeametry.

Early warning systems for cyber defence

Cybercriminals ramp up their efforts with sophisticated techniques while defenders gradually update their typical security measures. Attackers often have a long-term interest in their targets. Due to a number of factors such as scale, architecture and nonproductive traffic however it makes difficult to detect them using typical intrusion detection techniques. Cyber early warning systems (CEWS) aim at alerting such attempts in their nascent stages using preliminary indicators. Design and implementation of such systems involves numerous research challenges such as generic set of indicators, intelligence gathering, uncertainty reasoning and information fusion. This paper discusses such challenges and presents the reader with compelling motivation. A carefully deployed empirical analysis using a real world attack scenario and a real network traffic capture is also presented.

Towards a Resilience Metric Framework for Cyber-Physical Systems

Resilience is widely accepted as a desirable system property for cyber-physical systems. However, there are no metrics that can be used to measure the resilience of cyber-physical systems (CPS) while the multi-dimensional nature of performance in these systems is considered. In this work, we present first results towards a resilience metric framework. The key contributions of this framework are threefold: First, it allows to evaluate resilience with respect to different performance indicators that are of interest. Second, complexities that are relevant to the performance indicators of interest, can be intentionally abstracted. Third and final, it supports the identification of reasons for good or bad resilience to improve system design.