{"title":"Cybersecurity for industrial automation and control systems","authors":"Christian Haas, Georg Bretthauer, Jürgen Beyerer","doi":"10.1515/auto-2023-0141","DOIUrl":"https://doi.org/10.1515/auto-2023-0141","url":null,"abstract":"","PeriodicalId":55437,"journal":{"name":"At-Automatisierungstechnik","volume":"71 1","pages":"723 - 725"},"PeriodicalIF":1.0,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"43443317","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Abstract The digitalization of industry and the convergence of IT and OT bring about the next generation of industrial automation systems which are expected to work with an orchestration of physical and virtualized components using a single converged network. The increase of complexity in such systems must be managed by an increase in automation for orchestration and management. However, bootstrapping such a complex system from out-of-the-box components is still a manual and error-prone process. We present a bootstrapping concept that brings up a system from out-of-the-box components to an operational solution with physical and virtualized components. The concept combines incremental network discovery with secure incremental bootstrapping of discovered physical components. The gained trust in the physical components of the network is then used to translate this trust into virtualized components. By attesting the trustworthiness of hosting infrastructure, the concept allows for virtualized components to be securely assigned a cryptographically secure identity that can be used in further application onboarding. Such securely bootstrapped systems are then capable to deliver the required adaptable, modular, and secure automation solutions of the future.
{"title":"Secure bootstrapping for next-gen industrial automation systems","authors":"Sören Finster, Abdallah Dawoud, Florian Kohnhäuser, Abdulkadir Karaagac","doi":"10.1515/auto-2023-0074","DOIUrl":"https://doi.org/10.1515/auto-2023-0074","url":null,"abstract":"Abstract The digitalization of industry and the convergence of IT and OT bring about the next generation of industrial automation systems which are expected to work with an orchestration of physical and virtualized components using a single converged network. The increase of complexity in such systems must be managed by an increase in automation for orchestration and management. However, bootstrapping such a complex system from out-of-the-box components is still a manual and error-prone process. We present a bootstrapping concept that brings up a system from out-of-the-box components to an operational solution with physical and virtualized components. The concept combines incremental network discovery with secure incremental bootstrapping of discovered physical components. The gained trust in the physical components of the network is then used to translate this trust into virtualized components. By attesting the trustworthiness of hosting infrastructure, the concept allows for virtualized components to be securely assigned a cryptographically secure identity that can be used in further application onboarding. Such securely bootstrapped systems are then capable to deliver the required adaptable, modular, and secure automation solutions of the future.","PeriodicalId":55437,"journal":{"name":"At-Automatisierungstechnik","volume":"71 1","pages":"748 - 758"},"PeriodicalIF":1.0,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44090674","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Dennis Rösch, Thomas Bauer, André Kummerow, Marcel Kühne, S. Nicolai, P. Bretschneider
Abstract The digitalization of substations leads to a high degree of automation, which is referred to as Digital Substations with the use of the IEC 61850. An increase in cybersecurity is necessary, and technically enabled by detection and incident response systems – security-by-design is currently often secondary. The next transformation step of substations is introduced and outlined in this paper as a cyber-resilient digital substation. Based on a state-of-the-art description, this paper presents a definition of cyber resilience for digital substations as a basis for the introduced cyber resilience monitor. The monitor acts as a central instance for recording, assessing and responding to security threats and incidents. Furthermore, the requirements for the system structure of the cyber-resilient digital substation are shown and underpinned with current research approaches.
{"title":"Transformation in substation automation: Cyber-Resilient Digital Substations (CyReDS) in power grids","authors":"Dennis Rösch, Thomas Bauer, André Kummerow, Marcel Kühne, S. Nicolai, P. Bretschneider","doi":"10.1515/auto-2023-0075","DOIUrl":"https://doi.org/10.1515/auto-2023-0075","url":null,"abstract":"Abstract The digitalization of substations leads to a high degree of automation, which is referred to as Digital Substations with the use of the IEC 61850. An increase in cybersecurity is necessary, and technically enabled by detection and incident response systems – security-by-design is currently often secondary. The next transformation step of substations is introduced and outlined in this paper as a cyber-resilient digital substation. Based on a state-of-the-art description, this paper presents a definition of cyber resilience for digital substations as a basis for the introduced cyber resilience monitor. The monitor acts as a central instance for recording, assessing and responding to security threats and incidents. Furthermore, the requirements for the system structure of the cyber-resilient digital substation are shown and underpinned with current research approaches.","PeriodicalId":55437,"journal":{"name":"At-Automatisierungstechnik","volume":"71 1","pages":"789 - 801"},"PeriodicalIF":1.0,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"67478338","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
P. Binfet, Janis Adamek, Nils Schlüter, M. S. Darup
Abstract Cooperative control is crucial for the effective operation of dynamical multi-agent systems. Especially for distributed control schemes, it is essential to exchange data between the agents. This becomes a privacy threat if the data are sensitive. Encrypted control has shown the potential to address this risk and ensure confidentiality. However, existing approaches mainly focus on cloud-based control and distributed schemes are restrictive. In this paper, we present a novel privacy-preserving cooperative control scheme based on encrypted distributed optimization. More precisely, we focus on a secure distributed solution of a general consensus problem, which has manifold applications in cooperative control, by means of the alternating direction method of multipliers (ADMM). As a unique feature of our approach, we explicitly take into account the common situation that local decision variables contain copies of quantities associated with neighboring agents and ensure the neighbor’s privacy. We show the effectiveness of our method based on a numerical case study dealing with the formation of mobile robots.
{"title":"Towards privacy-preserving cooperative control via encrypted distributed optimization","authors":"P. Binfet, Janis Adamek, Nils Schlüter, M. S. Darup","doi":"10.1515/auto-2023-0082","DOIUrl":"https://doi.org/10.1515/auto-2023-0082","url":null,"abstract":"Abstract Cooperative control is crucial for the effective operation of dynamical multi-agent systems. Especially for distributed control schemes, it is essential to exchange data between the agents. This becomes a privacy threat if the data are sensitive. Encrypted control has shown the potential to address this risk and ensure confidentiality. However, existing approaches mainly focus on cloud-based control and distributed schemes are restrictive. In this paper, we present a novel privacy-preserving cooperative control scheme based on encrypted distributed optimization. More precisely, we focus on a secure distributed solution of a general consensus problem, which has manifold applications in cooperative control, by means of the alternating direction method of multipliers (ADMM). As a unique feature of our approach, we explicitly take into account the common situation that local decision variables contain copies of quantities associated with neighboring agents and ensure the neighbor’s privacy. We show the effectiveness of our method based on a numerical case study dealing with the formation of mobile robots.","PeriodicalId":55437,"journal":{"name":"At-Automatisierungstechnik","volume":"71 1","pages":"736 - 747"},"PeriodicalIF":1.0,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"43659046","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Abstract With the increasing frequency of cyberattacks on Industrial Control Systems (ICS), the subject of cybersecurity is becoming increasingly important. Cyber Threat Intelligence (CTI) provides information about cyber adversaries, including their intentions and attack techniques. This paper analyzes the availability of open-source CTI for ICS, with a particular focus on technical indicators that can aid in detecting cyberattacks. Furthermore, this paper examines the automated integration of CTI data into SIEM systems and introduces CTIExchange as a tool that facilitates this integration by connecting Threat Intelligence Platforms with detection tools.
{"title":"Integration of Cyber Threat Intelligence into Security Onion and Malcolm for the use case of industrial networks","authors":"Tim Ackermann, Markus Karch, Jörg Kippe","doi":"10.1515/auto-2023-0057","DOIUrl":"https://doi.org/10.1515/auto-2023-0057","url":null,"abstract":"Abstract With the increasing frequency of cyberattacks on Industrial Control Systems (ICS), the subject of cybersecurity is becoming increasingly important. Cyber Threat Intelligence (CTI) provides information about cyber adversaries, including their intentions and attack techniques. This paper analyzes the availability of open-source CTI for ICS, with a particular focus on technical indicators that can aid in detecting cyberattacks. Furthermore, this paper examines the automated integration of CTI data into SIEM systems and introduces CTIExchange as a tool that facilitates this integration by connecting Threat Intelligence Platforms with detection tools.","PeriodicalId":55437,"journal":{"name":"At-Automatisierungstechnik","volume":"71 1","pages":"802 - 815"},"PeriodicalIF":1.0,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44462407","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Abstract The Act on Federal Office for Information Security (BSI Act) explicitly mandates the use of attack detection systems. The BSI works together with operators of process plants as well as discrete manufacturing facilities in order to test sensors, which may be part of such systems, in their networks. This gives the BSI the opportunity to record a collection of network traffic from those plants. One goal is to improve the detection and characterization of devices in industrial networks by implementing new or enhanced features for the open source network monitoring tool suite Malcolm. In this context, the recording of the network traffic represents the starting point for further investigations. This paper highlights what needs to be considered in these recordings to serve as a basis for device identification and characterization.
{"title":"Device discovery and identification in industrial networks","authors":"Klaus Biß, Jörg Kippe, Markus Karch","doi":"10.1515/auto-2023-0135","DOIUrl":"https://doi.org/10.1515/auto-2023-0135","url":null,"abstract":"Abstract The Act on Federal Office for Information Security (BSI Act) explicitly mandates the use of attack detection systems. The BSI works together with operators of process plants as well as discrete manufacturing facilities in order to test sensors, which may be part of such systems, in their networks. This gives the BSI the opportunity to record a collection of network traffic from those plants. One goal is to improve the detection and characterization of devices in industrial networks by implementing new or enhanced features for the open source network monitoring tool suite Malcolm. In this context, the recording of the network traffic represents the starting point for further investigations. This paper highlights what needs to be considered in these recordings to serve as a basis for device identification and characterization.","PeriodicalId":55437,"journal":{"name":"At-Automatisierungstechnik","volume":"71 1","pages":"726 - 735"},"PeriodicalIF":1.0,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49442257","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Abstract IT vulnerabilities, cyber threats, and resulting risks significantly impact the stability of current and future power grids. The results of a Risk Assessment process contribute to a better understanding of the causes and nature of the associated risks. The risks assessed by experts are available in both numerical and linguistic representations – this makes it beneficial to include a combination of linguistic and numerical analyses. In this paper, we propose a new Hybrid Risk Assessment method based on fuzzy logic, leading to more precise results. The presented approach specifies the variables and membership functions of fuzzy logic with reference to Smart Grids. For this propose, a case study with five risk events in a small-scale Smart Grid is carried out as an example. The results can then support decision-makers in ensuring grid stability.
{"title":"A new hybrid risk assessment process for cyber security design of smart grids using fuzzy analytic hierarchy processes","authors":"Sine Canbolat, Ghada Elbez, V. Hagenmeyer","doi":"10.1515/auto-2023-0089","DOIUrl":"https://doi.org/10.1515/auto-2023-0089","url":null,"abstract":"Abstract IT vulnerabilities, cyber threats, and resulting risks significantly impact the stability of current and future power grids. The results of a Risk Assessment process contribute to a better understanding of the causes and nature of the associated risks. The risks assessed by experts are available in both numerical and linguistic representations – this makes it beneficial to include a combination of linguistic and numerical analyses. In this paper, we propose a new Hybrid Risk Assessment method based on fuzzy logic, leading to more precise results. The presented approach specifies the variables and membership functions of fuzzy logic with reference to Smart Grids. For this propose, a case study with five risk events in a small-scale Smart Grid is carried out as an example. The results can then support decision-makers in ensuring grid stability.","PeriodicalId":55437,"journal":{"name":"At-Automatisierungstechnik","volume":"71 1","pages":"779 - 788"},"PeriodicalIF":1.0,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49051770","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
M. Baumann, Andreas Steinboeck, Wolfgang Kemmetmüller, A. Kugi
Zusammenfassung Zur Vermeidung von Schäden in Permanentmagnet-Synchronmaschinen, die an ihren (thermischen) Leistungsgrenzen betrieben werden, wird eine Online-Überwachung der Temperatur der Permanentmagnete benötigt. Da eine direkte Messung dieser Temperatur in der Regel nicht möglich ist, wird in diesem Beitrag eine indirekte Schätzmethode vorgestellt. Aufbauend auf einem elektrischen Modell der Maschine wird ein Erweitertes Kalman-Filter für den verketteten Fluss und damit die Temperatur der Permanentmagnete entwickelt. Zur Reduktion der Sensitivität gegenüber Abweichungen vom Nominalwert des verketteten Permanentmagnetflusses wird eine Online-Kalibriermethode vorgeschlagen. Die Eignung der vorgeschlagenen Methode und die Verbesserung im Vergleich zum Stand der Technik werden anhand von Simulationsstudien und Messungen gezeigt.
{"title":"Indirekte Schätzung der Magnettemperatur einer Permanentmagnet-Synchronmaschine","authors":"M. Baumann, Andreas Steinboeck, Wolfgang Kemmetmüller, A. Kugi","doi":"10.1515/auto-2023-0037","DOIUrl":"https://doi.org/10.1515/auto-2023-0037","url":null,"abstract":"Zusammenfassung Zur Vermeidung von Schäden in Permanentmagnet-Synchronmaschinen, die an ihren (thermischen) Leistungsgrenzen betrieben werden, wird eine Online-Überwachung der Temperatur der Permanentmagnete benötigt. Da eine direkte Messung dieser Temperatur in der Regel nicht möglich ist, wird in diesem Beitrag eine indirekte Schätzmethode vorgestellt. Aufbauend auf einem elektrischen Modell der Maschine wird ein Erweitertes Kalman-Filter für den verketteten Fluss und damit die Temperatur der Permanentmagnete entwickelt. Zur Reduktion der Sensitivität gegenüber Abweichungen vom Nominalwert des verketteten Permanentmagnetflusses wird eine Online-Kalibriermethode vorgeschlagen. Die Eignung der vorgeschlagenen Methode und die Verbesserung im Vergleich zum Stand der Technik werden anhand von Simulationsstudien und Messungen gezeigt.","PeriodicalId":55437,"journal":{"name":"At-Automatisierungstechnik","volume":"71 1","pages":"599 - 611"},"PeriodicalIF":1.0,"publicationDate":"2023-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"46564811","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Abstract Algebraic differentiators have attracted much interest in recent years. Their simple implementation as classical finite impulse response digital filters and systematic tuning guidelines may help to solve challenging problems, including, but not limited to, nonlinear feedback control, model-free control, and fault diagnosis. This contribution introduces the open source toolbox AlgDiff for the design, analysis and discretisation of algebraic differentiators.
{"title":"AlgDiff: an open source toolbox for the design, analysis and discretisation of algebraic differentiators","authors":"A. Othmane, J. Rudolph","doi":"10.1515/auto-2023-0035","DOIUrl":"https://doi.org/10.1515/auto-2023-0035","url":null,"abstract":"Abstract Algebraic differentiators have attracted much interest in recent years. Their simple implementation as classical finite impulse response digital filters and systematic tuning guidelines may help to solve challenging problems, including, but not limited to, nonlinear feedback control, model-free control, and fault diagnosis. This contribution introduces the open source toolbox AlgDiff for the design, analysis and discretisation of algebraic differentiators.","PeriodicalId":55437,"journal":{"name":"At-Automatisierungstechnik","volume":"71 1","pages":"612 - 623"},"PeriodicalIF":1.0,"publicationDate":"2023-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44975339","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Abstract Over the lifecycle of a production plant digitalization leads to a large data footprint along different software (SW) components. A digital data exchange is the fundament to support data integrity, prevent data loss and avoid duplicate work. AutomationML (AML) is a commonly accepted tool-independent format to exchange data of different domains along the lifecycle of a production plant. This contribution provides an easy-to-use workflow that empowers SW components to transform AML into a strongly typed class hierarchy which is the basis for an efficient and maintainable SW solution.
{"title":"A workflow towards a strongly typed AutomationML API","authors":"Tina Mersch, M. Schleipen","doi":"10.1515/auto-2023-0038","DOIUrl":"https://doi.org/10.1515/auto-2023-0038","url":null,"abstract":"Abstract Over the lifecycle of a production plant digitalization leads to a large data footprint along different software (SW) components. A digital data exchange is the fundament to support data integrity, prevent data loss and avoid duplicate work. AutomationML (AML) is a commonly accepted tool-independent format to exchange data of different domains along the lifecycle of a production plant. This contribution provides an easy-to-use workflow that empowers SW components to transform AML into a strongly typed class hierarchy which is the basis for an efficient and maintainable SW solution.","PeriodicalId":55437,"journal":{"name":"At-Automatisierungstechnik","volume":"71 1","pages":"709 - 719"},"PeriodicalIF":1.0,"publicationDate":"2023-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"41786067","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: