The problem of cybersecurity in industrial control environments is becoming more and more important, these systems have gone from being isolated to becoming Internet-connected systems, so they are exposed to the dangers and threats that affect networks. In addition, the digitalization of the industry and the rapid growth of paradigms such as Industry 4.0 (I4.0) and the Industrial Internet of Things (IoT), in which physical objects and other processes are perfectly integrated into the information network, create new and potential vulnerabilities and vectors of attack, making industrial environments even more exposed than before. Given that one of the principles of these paradigms is the creation of a virtual copy of the real world, one of the strategies that can be used to protect them is to provide services that are able to monitor the behavior of that virtual world at all times.
To achieve this objective, it is essential to understand the risks associated with the technological pillars of I4.0 and IIoT, such as the Internet of Things (IoT) and Cyber-Physical Systems (CPS). In theory, these technologies allow the creation of an interoperable and modular environment, where all actors connect and communicate with each other, making decisions for themselves. In practice, there are many obstacles to be overcome, such as the combination of heterogeneous technologies and standards with multiple protocols and access policies. In parallel, we must also consider that possible attacks in industrial environments have become even more complex, and Advanced Persistent Threats (APTs) are becoming more common.
Consequently, the main objective of the SADCIP project is the development of an advanced detection system capable of dealing with APTs and other threats in the context of modern industrial control systems, taking into account the specific characteristics of Industry 4.0 and the paradigms related to it, in addition to its integration with IoT and CPS technologies. For this purpose, NICS (UNIVERSIDAD DE MÁLAGA) will develop a modular and extensible architecture where multiple cooperative detection systems can be integrated. This architecture will be instantiated and deployed in real-world scenarios in collaboration with the cybersecurity company S2 GRUPO DE INNOVACIÓN EN PROCESOS ORGANIZATIVOS.