The term ‘Industrial Control System’ (ICS) refers to a collection of integrated devices, systems, networks, and controls whose objective is to monitor, operate, and/or automate industrial processes. Nowadays, ICSs can be found in almost every industrial sector, including transportation, manufacturing, distribution, critical infrastructure, etc. Many of these ICSs are also integrated with physical processes that have direct implications on matters of public health and safety, as well as national economics and security. There is a common consensus in the cyber security community that attacks on ICSs have the potential to create considerably higher level of disruption relative to comparable attacks on traditional IT systems. For this very same reason, ICSs have become the ‘target of choice’ for many cyber criminal groups and nation state actors looking for ways to maximize the impact and payoffs of their attack efforts.
Early on in their deployment, most ICS networks ran on proprietary communication protocols and operated entirely in isolation from outside IT systems. Also, historically, ICS networks were expected to support critical system functions, in real-time and over prolonged intervals, and in environments consisting of many diverse devices. As a result, fault-tolerance, reliability, and interoperability were the main objectives in the design of most vendor-specific and open-source ICS communication protocols. This also meant that many ICS protocols were originally released with no inherent provisions for security (e.g., encryption, integrity, authentication), or security was added to them simply as an afterthought. To this day, many specialized ICS protocols remain reliant on security protections of other communication layers and protocols, such as TLS.
Over the past few years, there has been a steady rise in the number of ICSs that have undergone (or are awaiting) seamless integration with the Cloud, external IoT, and/or remote IT systems. And while the meshing of ICS networks with outside systems can brings tremendous business opportunities, it is also known to introduce a significant number of new security challenges. For example, ICS integration with external systems implies an expanded network surface and a need to support a wider range of IP-based protocols. Both of these, in turn, make the respective ICS networks susceptible to an increased number of direct (insider) attacks as well as a whole slew of outside attacks that ICS networks traditionally did not have to deal with.
The goal of this feature topic is to explore the most recent research and developments related to security of networks and communication protocols in industrial control systems. Prospective authors are invited to submit original high-quality contributions dealing with vulnerability analysis and security-driven re-engineering of industry- standard ICS protocols, such as: Profibus, Profinet, DNP3, Serial Modbus, ModbusTCP, OPC, BACnet, CIP, EtherCAT, S7Comm, MQTT, CoAP, etc. Additional topics of interest include, but are not limited to the important role of ICS protocols in the facilitation or prevention of the following types of intrusions, as well as protocol modifications or revisions to address the vulnerabilities:
• active or passive reconnaissance of ICS networks • gaining of unauthorized local or remote access to ICS networks • attacks on CIA of data in-transit and data in-rest in ICSs • attacks on CIA of processes and systems in ICSs • creation of covert data exfiltration tunnels in ICSs • spreading and execution of malicious payloads in ICSs • creation of command & control channels in infected ICSs • disruption of physical operations in target ICSs
Manuscripts should conform to the standard format as indicated in the Information for Authors section of the Manuscript Submission Guidelines. Please, check these guidelines carefully before submitting since submissions not complying with them will be administratively rejected without review.
All manuscripts to be considered for publication must be submitted by the deadline through Manuscript Central. Select the “FT-2215/Security of Communication Protocols” topic from the drop-down menu of Topic/Series titles. Please observe the dates specified here below noting that there will be no extension of submission deadline.
Manuscript Submission Deadline: 1 September 2022 Decision Notification: 15 January 2022 Final Manuscript Due: 1 February 2023 Tentative Publication Date: April 2023
Natalija Vlajic, York University, Canada (firstname.lastname@example.org)
Jelena Mirkovic, USC ISI, USA (email@example.com)
Robert Noce, SAP North America, USA (firstname.lastname@example.org)