TROPICS - Timely and RObust Patching of Industrial Control Systems

Date: 
01/01/2018 to 31/12/2022

Industrial Control Systems (ICS/SCADA) control the most crucial resources in factories, powerplants, and production facilities. Safety and security for such systems is of the highest priority. Paradoxially, these systems are often among the worst protected against the latest cyber attacks. The problem is that even if an update is available, adminisitrators are reluctant to apply it, as bugs or unexpected side effects in the new code may jeopardize the very safety and stability of mission critical systems. In addition, the updates (or security patches) typically become available weeks or months after the discovery of the vulnerability, extending the window of vulnerability to many months (or even years). The goal of the TROPICS proposal is to close this window as soon as possible. In today's world security updates for ICS are problematic, because almost all the relevant information is lacking: we do not know about vulnerabilities until is too late, and if we do hear about them, we are often not sure about the severity of the vulnerability (" how urgent is this?"). Also, there may be no patch available yet ("how do I fix this?" ), and even if there is a patch, it is typically unclear how risky it is to apply it ("may it crash or destabilize the system?"). Finally, there is no reasonable solution when the problem is serious and there is no patch, or the patch is risky--the only (unacceptable) option is to stay vulnerable. In the TROPICS project, we will address these issues by developing novel techniques to: - Determine the severity of the vulnerability to help adminstrators decide whether an immediate patch is needed. We will do so by finding and analyzing vulnerabilities with an aim of automatic exploit generation. Specifically, we explore how easily the vulnerability can lead to control over the registers, access to data (via read and write primitives), and an end-to-end exploit. - Score the impact of the patch in how it may interfere with the stability or functionality of the software. The analysis consists of p

Week: 
Tuesday, 11 December, 2018

News

POSEIDON: Protection and control of Secured Information by means of a privacy-enhanced Dashboard

Poseidon is one of the General Data Protection Regulation (GDPR) Cluster projects that aims to develop an innovative Privacy Enhancing Dashboard for personal data protection supporting the digital security pillars of the new EU’s GDPR.

Future Events

Cluj Innovation Days
24/05/2019 to 25/05/2019
Image:

Digital transformation is the new buzz concept, threatening the until recently undisputed reign of “Innovation”. Lately, the two have become synonyms or, in many cases, they condition each other in a very fuzzy relationship: you cannot have innovation without at least some degree of digitalization, but digital transformation is a consequence of being innovative.Amidst all this tumult and debate, the process is already transforming our professional and personal environments. Various sectors are on the blink of radical transformation, while others will disappear altogether.

Brussels - Second CW Concertation Meeting, 04/06/2019
04/06/2019
Image:

Join us at the second Cyberwatching.eu Concertation meeting, 04 June 2019!