Ph.D. started in: 2019
Expected year of graduation: 2022
COINS consortium member: Norwegian University of Science and Technology
Supervised by: Mary Ann Lundteigen, Bjørn Axel Gran, Sokratis Katsikas
Research area: Network Security
Project title: ICT Security in Safety Instrumented Systems as applied in critical infrastructures
Project description: It is evident from the increasing interconnection of information technology (IT) and operational technology (OT) that the security threat for logical access, also called cyber threat, will increase in likelihood. As the digital space is becoming accessible to everyone, so is the segmentation of this new land progressing in an increasingly standardized way  according to society’s needs . Our approach focuses on a part of industrial control systems (ICS) used in critical infrastructures called safety instrumented systems (SIS). Malware aimed at OT like Stuxnet  and Triton  have shown the potential of cyber attacks to be used as weapons. Stuxnet was a high-precision ICS malware that was developed based on extensive intelligence on the target facility’s ICS. Four previously unknown exploits gave Stuxnet extensive autonomy and stealth in navigating networks, including the ability to spread and update itself through air gaps. SIS were compromised by the Triton malware that masqueraded as a legitimate application supplied by the original SIS equipment manufacturer. The significance of physical security is put in perspective by cyber security. Why would anyone need to smuggle a bomb anywhere if they can use the destructive power inherent in tons of natural gas, nuclear fuel, kerosene or uranium hexafluoride already on site? This Ph.D. will contribute to improving SIS to maintain functional safety in the face of cyber threats. It will develop new methods to integrate new knowledge on how safety and security can be ensured in SIS design and operation into organizations without formal ICS security defenses in the offshore and nuclear industries. Opportunities will be harnessed in a triangular collaboration between NTNU engineering cybernetics, NTNU information technology and security (Gjøvik), and with the Institute for Energy Technology (IFE).