Security and Protection of Systems, Networks and Infrastructures
Cybersecurity is a significant requirement in current society, considering the penetration of computing systems in everyday life. Computing systems are embedded in a wide range of devices, from toys to cars, from industrial equipment to air condition systems. Advances at several technological fronts, including sensors, processors and networking, have led to an exponentially increasing number of embedded computing systems that interact with each other, with humans and the environment.
Embedded systems, cyberphysical systems (CPS) and industrial systems are vital components of our critical infrastructure. The safety provided to the society in large heavily depends on the degree of security they incorporate. Industrial systems and CPS are increasingly interconnected via the Internet, increasing their exposure and attack surface to malicious persons and organizations. Reports on gaining unauthorized access to industrial control systems, like those relating to water treatment; trains and transportation; and nuclear reactors appear in the news. Such events may result in physical disasters and loss of human lives. Clearly, security and dependability are an underlying requirement for engineering systems that provide safety and privacy.
I.S.I .has been conducting R&D in cybersecurity within the context of its prioritized application areas, since its foundation. Acknowledging the challenge of cybersecurity, in 2009, I.S.I. established a Department for Security and Protection of Systems, Networks, and Infrastructures as a long-term commitment concentrating efforts and resources for R&D in this area.
I.S.I.’s efforts are focused on 3 main directions: embedded systems security, industrial systems security, and infrastructure protection.
In embedded systems security I.S.I. has been involved in projects like CHIRON (ARTEMIS, e-health security and privacy); pSHIELD, nSHIELD, and WSN-DPCM (ARTEMIS, design techniques and tools for secure, privacy-preserving, and dependable embedded systems); SysSec (FP7-NoE, system security research; accepted as associate member); and WELCOM (National funds, security of wireless sensor networks).
In industrial systems security, I.S.I. has worked in projects like DISCOS (ESA, security in delay-tolerant networks), INTERMEDIA (FP6, secure multimedia service provision and DRM in personal devices), and TRUDEVICE (FP7-COST, trustworthy manufacturing and secure devices).
In infrastructure protection, with emphasis on critical infrastructures, I.S.I. has participated in projects like ASPIS (FP7, protection of public transport infrastructures), DIFFIS (FP6, sea protection from oil spillages), MOCA (service contract, early warning for landslides in the Corinth Canal), and PROMPT (Interreg IVC, confrontation of forest fire outbreaks).
Current research and development at I.S.I. focus on several security issues of the Industrial Internet of Things (IIoT), including
- Runtime monitors for industrial control systems
- False data attack detection and mitigation
- Vulnerability analysis of critical infrastructures
- Fuzzing and testing of industrial control systems and networks
- Malware analysis
I.S.I. has provided consulting services for cybersecurity to several organizations, including the Technical Chamber of Greece, the Patras Medical Association and the University of Patras. I.S.I is a supporter, participant and a security incident designer for industrial control systems for the National Cyberdefence Exercise “PANOPTIS”.