Intrusion and Anomaly Detection in Industrial Automation and Control Systems.

In the domain of Industrial Automation and Control Systems (IACS), security was traditionally downplayed to a certain extent, as it was originally deemed an exclusive concern of Information and Communications Technology (ICT) systems. The myth of the air-gap, as well as other preconceived notions about implicit IACS security, constituted dangerous fallacies that were debunked once successful attacks become known. Ultimately, the industry started shifting away from this dangerous mindset, discussing how to properly secure those systems. In many ways, IACS security should not be treated differently from modern ICT security. For sure, IACS have distinct characteristics, assets, protocols and even priorities that should be considered – but security should never be an optional concern.In this publication, we present the main results of a PhD dissertation that proposes a holistic and data-driven framework capable of leveraging distinct techniques to increase situational awareness and provide continuous and near real-time monitoring of IACS. For such purposes, it proposes an evolution of the Security Information and Event Management (SIEM) concept, geared towards providing a unified security data monitoring solution by leveraging recent advances in the field of real-time Big Data analytics. In the same way, the most recent machine-learning-based anomaly-detection techniques (which are becoming increasingly prominent in the cybersecurity field) are also analyzed and studied to understand their benefits for developing and advancing IACS cyber-intrusion detection processes.