Vikash Katta

IFE is an independent foundation with several decades of experience in conducting research and development (R&D) on safety of critical infrastructure. IFE has developed unique skills over 70 years of world-leading researchers and outstanding international projects in our reactors and laboratories.

Staying Secure in the Digital Transformation of Critical Infrastructure

– Essentials of Industrial Cybersecurity with experiment results from the Cybersecurity Centre for ICS.

Institute for Energy Technology (IFE) has several decades of experience in conducting research and development (R&D) on safety of critical infrastructure. IFE through its R&D in areas such as human system interaction, human reliability, safety assessment and demonstration, control room design, and visualization technologies, has addressed safety concerns for critical industries including oil and gas, transportation and nuclear. In addition, IFE itself owns and operates research reactors (critical infrastructure) making it unique in the Norwegian R&D community. IFE is currently focusing on applying its operational and safety knowledge and skills in addressing the cybersecurity challenges in critical infrastructure, teaming up with the Norwegian Industrial Cybersecurity specialist company, Secure-NOK. Towards this end, IFE is establishing a Cybersecurity Centre for Industrial Control Systems (ICS). The Centre features, among others, hardware-in-the-loop simulation of a power plant, designed and implemented by a team of researchers and engineers. The system has real and simulated components including industrial scale equipment such as PLC, switches, servers, and actuators, and has deployed Secure-NOK cybersecurity monitoring solutions.

This talk will present the essentials of Industrial Cybersecurity - threat picture, example attacks, the vulnerabilities and the crucial steps in protecting cyber assets of industrial installations. Results and experiences from a practical exercise conducted at the Cybersecurity Centre for ICS will be presented. The aim of the exercise was to investigate attack vectors to ICS; human preparedness during cybersecurity incidents; usability of Virtual Reality (VR) and Augmented Reality (AR) for incident response.  The exercise was carried out by experts from several disciplines – ICS security, safety, human factors, automation, VR/AR – from IFE and Secure-NOK to study cybersecurity holistically. The team injected attacks compromising the pressure control system to manipulate the pressure to unsafe levels with the potential to break down the turbine of a power plant.