Prof Sandeep Shukla, IITK
Title: Vulnerabilities, threat intelligence and Cyber Defense of Critical Infrastructure: A C3I Perspective
Industrial automation hardware and software is used in critical infrastructures such as power generation, transmission and distribution automation, factory automation, smart transportation etc. As Industry 4.0 - the 4th industrial revolution is being predicted to be based on wide usage of robotics, and AI based functional upgrades supervisory control and data acquisition systems (SCADA) are becoming more sophisticated. In the recent years, cyber-attacks have been reported on industrial systems -- including several attacks on power systems in Ukraine, Israel, and elsewhere; steel plants in Germany, and ransomware attacks on transportation logistics automation systems. Thus, cyber security and defense of critical infrastructures have now become a national security issue -- more than just local cyber security concern. At the Interdisciplinary center for cyber security and cyber defense of critical infrastructures (C3I) at IIT Kanpur, we are building various real test-beds for hardware and software in-the-loop testing of cyber vulnerabilities, as well as innovating defensive mechanisms, and experiment with the concept of resilient system design for such infrastructures. In this talk, we first introduce our distribution automation testbed, and the various cyber vulnerabilities in a commercial product we have uncovered through penetration tests. We also discuss the mitigation techniques being experimented with as well as artifacts of defense postures such as malware analysis/classification, honeypot based entrapment of attackers, threat intelligence collection/assessment, and anomaly detection for detecting on-going attacks. We then briefly discuss our under procurement -- large scale test bed that encompasses power generation, transmission, as well as distribution automation, process/discrete control, and industry 4.0 automation, with a heterogeneity of commercially available components.