https://www.mdu.se/

Dynamic access control in industrial systems is becoming a concern of greater importance as a consequence of the increasingly flexible manufacturing systems developed within the Industry 4.0 paradigm. With the shift from control system security design based on implicit trust toward a zero-trust approach, fine grained access control is a fundamental requirement. In this article, we look at an access control enforcement architecture and authorization protocol outlined as part of the Open Process Communication Unified Automation (OPC UA) protocol that can allow sufficiently dynamic and fine-grained access control. We present an implementation, and evaluates a set of important quality metrics related to this implementation, as guidelines and considerations for introduction of this protocol in industrial settings. Two approaches for optimization of the authorization protocol are presented and evaluated, which more than halves the average connection establishment time compared to the initial approach.

A small deviation in manufacturing systems can cause huge economic losses, and all components and sensors in the system must be continuously monitored to provide an immediate response. The usual industrial practice is rather simplistic based on brute force checking of limited set of parameters often with pessimistic pre-defined bounds. The usage of appropriate machine learning techniques can be very valuable in this context to narrow down the set of parameters to monitor, define more refined bounds, and forecast impending issues. One of the factors hampering progress in this field is the lack of datasets that can realistically mimic the behaviours of manufacturing systems. In this paper, we propose a new dataset called MIDAS (Modular Ice cream factory Dataset on Anomalies in Sensors) to support machine learning research in analog sensor data. MIDAS is created using a modular manufacturing simulation environment that simulates the ice cream-making process. Using MIDAS, we evaluated four different supervised machine learning algorithms (Logistic Regression, Decision Tree, Random Forest, and Multilayer Perceptron) for two different problems: anomaly detection and anomaly classification. The results showed that multilayer perceptron is the most suitable algorithm with respect to model accuracy and execution time. We have made the data set and the code for the experiments publicly available, to enable interested researchers to enhance the state of the art by conducting further studies.

Industrial control systems are undergoing a trans-formation driven by business requirements as well as technical advances, aiming towards increased connectivity, flexibility and high level of modularity, that implies a need to revise existing cybersecurity measures. Access control, being one of the major security mechanisms in any system, is largely affected by these advances.In this article we investigate access control enforcement architectures, aiming at the principle of least privilege1 in dynamically changing access control scenarios of dynamic manufacturing systems. Several approaches for permission delegation of dynamic access control policy decisions are described. We present an implementation using the most promising combination of architecture and delegation mechanism for which available industrial standards are applicable.

Cybersecurity is of increasing importance in industrial automation systems. The use of fine-grained and intelligent access control is paramount in emerging manufacturing systems as implicit trust is no longer a viable assumption for interactions within industrial systems. An authorization service is a central component of an access control enforcement architecture, to which resource servers may outsource parts of the policy decision functionality. This paper investigates how to create and integrate an authorization service in an industrial manufacturing system, which uses workflow descriptions combined with operational system states for policy decisions. The implementation is demonstrated in the use case of recipe orchestration in a modular automation system, and a few key quality metrics of the authorization service are evaluated.

Industrial automation and control systems are responsible for running our most important infrastructures, providing electricity and clean water, producing medicine and food, along with many other services and products we take for granted. The safe and secure operation of these systems is therefore of great importance.One of the emerging trends in industrial automation systems is the transition from static hierarchical controller-centric systems to flexible network-centric systems. This transition has a great impact on the characteristics of industrial automation systems. In this article we describe the network-centric design strategy for industrial automation systems and describe the impact on dependability and security aspects that this strategy brings, looking at both challenges and possibilities.

Technical advances as well as continuously evolving business demands are reshaping the need for flexible connectivity in industrial control systems. A way to achieve such needs is by using a service-oriented approach, where a connectivity service middleware provides controller as well as protocol-specific interfaces. The Message Queuing Telemetry Transport (MQTT) protocol is a widely used protocol for device-to-device communication in the Internet of Things (IoT). However it is not commonly integrated in industrial control systems. To address this gap, this paper describes the development and implementation of a prototype of a connectivity service middleware for MQTT within an industrial private control network. The prototype implementation is done in the context of an industrial controller, and used in a simulated modular automation system. Furthermore, various deployment scenarios are evaluated with respect to response time and scalability of the connectivity service.

Industrial automation and control systems (IACS) are taking care of our most important infrastructures, providing electricity and clean water, producing medicine and food, along with many other services and products we take for granted. The continuous, safe, and secure operation of such systems are obviously of great importance. Future iterations of IACS will look quite different from the ones we use today. Modular and flexible systems are emerging, powered by technical advances in areas such as artificial intelligence, cloud computing, and motivated by fluctuating market demands and faster innovation cycles. Design strategies for dynamic manufacturing are increasingly being adopted. These advances have a fundamental impact on industrial systems at component as well as architectural level. 

As a consequence of the changing operational requirements, the methods used for protection of industrial systems must be revisited and strengthened. This for example includes access control, which is one of the fundamental cyber­security mechanisms that is hugely affected by current developments within IACS. The methods currently used are static and coarse-grained and therefore not well suited for dynamic and flexible industrial systems. A transition in security model is required, from implicit trust towards zero-trust, supporting dynamic and fine-grained access control. 

This PhD thesis discusses access control for IACS in the age of Industry 4.0, focusing on dynamic and flexible manufacturing systems. The solutions pre­sented are applicable at machine-to-machine as well as human-to-machine in­teractions, using a zero-trust strategy. An investigation of the current state of practice for industrial access control is provided as a starting point for the work. Dynamic systems require equally dynamic access control policies, why several approaches on how dynamic access control can be achieved in indus­trial systems are developed and evaluated, covering strategies for policy for­mulations as well as mechanisms for authorization enforcement. 

Vi tar för givet att det alltid ska finnas el, rent dricksvatten, mat och läkemedel. Många av våra grundläggande behov tillgodoses tack vare produkter som är beroende av industriella styrsystem. Att skyddas dessa system ifrån störningar är följaktligen ytterst viktigt. 

Vi är mitt i ett teknikskifte som brukar kallas "Industri 4.0" och som innebär att framtidens industriella system kommer skilja sig avsevärt ifrån dagens. Förän­dringen drivs bland annat av nya krav och förväntningar, exempelvis på ko­rtare tid mellan ide och produktion, möjlighet att anpassa produktionen till snabba marknadsförändringar och tillverkning av individuellt anpassade pro­dukter. Flexibla och skalbara lösningar krävs för att kunna uppfylla dessa krav, till skillnad från dagens system som i allmänhet är utvecklade för massproduk­tion av en specifik produkt. 

Detta påverkar såväl hur produktionssystemen konstrueras som designen av varje ingående komponent. En konsekvens är att metoderna som används för att skydda dagens system måste anpassas och stärkas för att möta framtidens utmaningar. En grundläggande sådan säkerhetsfunktion är behörighetshanter­ing. Nuvarande behörighetshantering är inte tillräckligt flexibel och därmed dåligt anpassad till morgondagens dynamiska system. 

I denna doktorsavhandling undersöks behörighetshantering för framtidens industriella system, med fokus på de dynamiska produktionssystem som behövs för att uppfylla kraven kopplade till Industri 4.0. Med utgångspunkt från en enkätundersökning analyseras dagsläget. Förslag på flera olika tillvägagångssätt för dynamisk behörighetshantering presenteras och utvärderas, såväl med avseende på hur sådana regler kan formuleras som på hur de ska kunna upprätthållas. 

Modular automation provides a challenge for traditional physics simulators, especially if they are used as a simulator in the loop of a development or research project looking at behavior from a systems level. In this paper, we present extensions of a previously developed simulation environment that is tailored to provide these characteristics. The extensions include simulation engine level improvements, such as including better modeling of the material flow, and sensor anomaly injections to model sensor faults or tampering, as well as system-level enhancements and functionality including certificate handling and anomaly detection methods using machine learning. This simulation environment has proven useful for education as well as research and engineering work, and with the provided extensions several new directions of use can be envisioned. The system is demonstrated in the use case of a modular ice-cream factory, including all the new and enhanced functionalities.

The use of wireless devices in industrial sectors has increased due to its various advantages related to cost and flexibility. However, legitimate wireless communication systems are vulnerable to cybersecurity attacks, due to its inherent open nature. Detection of rogue devices therefore plays a crucial role in critical wireless applications. In this paper we design a deep convolutional neural network (DCNN) to classify legitimate and rogue devices using raw IQ samples as input data. An algorithm is presented to find the optimal number of convolutional layers and number of filters for each layer under an accuracy constraint, in order to enable fast prediction time. Furthermore, we investigate how wireless channel models affect the accuracy and prediction time of the designed DCNN model. Our obtained results are benchmarked against previous DCNN models. Moreover, we discuss how the systems should react to a detected rogue device, considering the IEC 62443 standard.

When developing products or performing experimental research studies, the simulation of physical or logical systems is of great importance for evaluation and verification purposes. For research-, and development-related distributed control systems, there is a need to simulate common physical environments with separate interconnected modules independently controlled, and orchestrated using standardized network communication protocols.The simulation environment presented in this paper is a bespoke solution precisely for these conditions, based on the Modular Automation design strategy. It allows easy configuration and combination of simple modules into complex production processes, with support for individual low-level control of modules, as well as recipe-orchestration for high-level coordination. The use of the environment is exemplified in a configuration of a modular ice-cream factory, used for cybersecurity-related research.