S-CI 2017

International Workshop on Securing Critical Infrastructures

to be held in conjunction with the ARES EU Projects Symposium 2017, held at ARES 2017
(ARES 2017 – http://www.ares-conference.eu)

August 29 – September 1, 2017, Reggio Calabria, Italy
ARES EU Projects Symposium: August 29, 2017

Project:

CIPSEC (H2020)

Enhancing Critical Infrastructure Protection with innovative SECurity framework (CIPSEC)

CIPSEC Logo

In recent years, the majority of the world’s CCIPSEC Logoritical Infrastructures CIs evolved to become more flexible, cost efficient and able to offer better services and conditions for business opportunities. Towards this evolution, CIs and companies offering CI services had to adopt many of the recent advances of the Information and Communication Technologies (ICT) field. (…) As part of this framework CIPSEC will offer a complete security ecosystem of additional services that can support the proposed technical solutions to work reliably and at professional quality. These services include vulnerability tests and recommendations, key personnel training courses, public-private partnerships (PPPs) forensics analysis, standardization and protection against cascading effects. All solutions and services will be validated in three pilots performed in three different CI environments (transportation, health, environment). CIPSEC will also develop a marketing strategy for optimal positioning of its solutions in the CI security market.

Workshop:

Critical Infrastructures (Communication, Transportation, Banking, e-Commerce, Utilities etc) increasingly and inextricably depend on IT-technologies to provide for both functionality and efficiency. However, the cost of the IT-reliance is the consequent exposure of the Critical Infrastructure (CI) to IT-based security vulnerabilities. The state of the practice often has different CI’s developing customized security solutions to meet their specific needs. While this is judicious, the CI’s can benefit from sharing approaches to intrusion detection, threat classification, diagnostics, mitigation schema, security architectures and many others. The workshop aims to bring together viewpoints from diverse CI’s to explore the commonalities of security problems and solutions for advancing the collective science and practice of CI security protection.

The workshop encourages both CI research and practitioner contributions covering design, assessment, testing and deployment experiences.

Topics of interest comprise but are not limited to:
Security requirements

Threat models for critical infrastructures and communication networks

Threat detection, classification and profiling

Incident management

Security architectures and frameworks for critical infrastructures
Risk assessment – co-mingling of safety and security

Security validation

Experience reports and best practices from different infrastructure domains

Data sharing
Important dates:
Submission Deadline May 8, 2017
Author Notification May 24, 2017
Proceedings Version June 20, 2017
ARES EU Symposium August 29, 2017
Conference August 29 – September 1, 2017
Workshop Chair

Stefan Katzenbeisser
TU Darmstadt, Germany

Apostolos Fournaris
University of Patras, Greece

Program Committee

Jorge Cuellar, Siemens, Germany
Daniel Germanus, DB Systel, Germany
Klaus Kursawe, The Netherlands
Kostas Lampropoulos, University of Patras, Greece
Eva Marín, Universitat Politècnica de Catalunya, Spain
Xavi Masip, Universitat Politècnica de Catalunya, Spain
Michael Paulitsch, Thales, Austria
Andreas Peter, University of Twente, The Netherlands
Luigi Romano, University of Naples, Italy
Wilfried Steiner, TTTech, Austria
Neeraj Suri, TU Darmstadt, Germany

Submission

The submission guidelines valid for the S-CI workshop are the same as for the ARES conference. They can be found >>here<<.

invited speakers

Aljosa Pasic, Technology Transfer Director of ATOS R&I (ARI)

Known Unknowns in Cybersecurity research and transfer of results to the market

AbstractKnown unknowns refers to risks and challenges we are mainly aware of, or follow predictable patterns. Although cybersecurity hype is rather new, the most of market trends and research challenges have been either reported before or follow patterns that have existed in information or IT security before. Based on the observation of past strategic research agendas or roadmaps in security and privacy, the keynote will address dynamics of changes and challenges including possible scenarios and tradeoffs: core versus edge, abstraction versus focused, open versus closed etc. The associated trends and challenges will be presented, with focus on the emerging concept of trust as service. Cybersecurity is also a topic on which a broad plethora of research activities are being carried out at national and international level and some of them will be presented during the session. These activities are also linked to market opportunities, but transferring the project results to the market has not been satisfactory in many cases. Related to this issue, Aljosa will talk about R&D cybersecurity technology transfer strategy, tactics and operations, with presentation of several examples.

ALJOSA PASIC current position is Technology Transfer Director in Atos Research & Innovation (ARI), based in Madrid, Spain. He graduated Information Technology at Electro technical Faculty of Technical University Eindhoven, The Netherlands, and has been working for Cap Gemini (Utrecht, The Netherlands) until the end of 1998. In 1999 he moved to Sema Group (now part of Atos) where he occupied different managerial positions. During this period he was participating in more than 50 international research, innovation or consulting projects, mainly related to the areas of information security or e-government. He is member of EOS (European Organisation for Security) Board of Directors, and collaborates regularly with organisations such as ENISA, IFIP, IARIA, FI-PPP and others.

 

Christian Schlehuber, Deutsche Bahn (DB) IT-Security expert

Challenges in securing critical infrastructures of the railway domain

AbstractThe railway domain is a complex critical infrastructure(CI) linking communication and control elements, and susceptible to multiple security threats similar to those encountered by industrial control systems. However, protecting modern railway signalling systems is a challenging task given the rigorous human safety standards that must be adhered to while augmenting the systems with security mechanisms. As railway CIs are subject to strong regulation and also cannot be adequately protected by physical security given that they are distributed over large areas, the strong interplay of security and safety requirements results in both unique problems and solutions. In this presentation the current state of railway signalling, the obstacles to consider when protecting signalling using state of the art information security will be shown, and also contemporary approaches to address such obstacles will be shown. For this a shell concept as an approach to decouple safety and security and an integrated approach will be discussed. The railway domain is a complex critical infrastructure(CI) linking communication and control elements, and susceptible to multiple security threats similar to those encountered by industrial control systems. However, protecting modern railway signalling systems is a challenging task given the rigorous human safety standards that must be adhered to while augmenting the systems with security mechanisms. As railway CIs are subject to strong regulation and also cannot be adequately protected by physical security given that they are distributed over large areas, the strong interplay of security and safety requirements results in both unique problems and solutions. In this presentation the current state of railway signalling, the obstacles to consider when protecting signalling using state of the art information security will be shown, and also contemporary approaches to address such obstacles will be shown. For this a shell concept as an approach to decouple safety and security and an integrated approach will be discussed. 

Christian Schlehuber studied informatics and IT-Security at the TU Darmstadt with a specialization in critical infrastructures. After receiving his master degree he started to research at the Security Engineering Group of TU Darmstadt on the topic Critical Infrastructure Protection in 2013. In 2015 he got the opportunity to apply his researches in the interlocking technologies of DB Netz AG and switched to DB Netz AG. He currently is responsible for the IT-Security of the operational technologies of DB Netz AG. Besides this he is active in the European research projects Shift2Rail and CIPSEC, which aim at improving the IT-Security of Critical Infrastructures. He is also member of the CENELEC SG 24 and currently working on a European standard on IT-Security for Railways.