Cybersecurity solution for critical infrastructure

Troci (Towards Resilient Operation of Critical Infrastructure) will focus on protecting the monitoring and control systems which make or inform operational decisions about infrastructure based on data from many sensors.

With increasingly complex and autonomous control systems, cyber attacks on the sensors can have serious consequences. At the least, operators can lose data on the state of the system – at worst, decisions are made on false data, with potentially disastrous consequences.

According to the researchers, infrastructure systems can be attacked deliberately, or by autonomous software which seeks out vulnerabilities. One of the first major cyberweapons, Stuxnet, was designed to attack control systems in Iranian nuclear enrichment facilities but went on to infect other industrial and energy systems.

In a statement, Dr Hafiz Ahmed, head of controls and instrumentation at the Nuclear AMRC, said: “Cybersecurity infringements which target instrumentation and control systems of critical infrastructure can severely disrupt our modern way of life, which relies on direct and continuous access to water and energy systems around the clock.

“The nuclear sector is undergoing a digital transformation, introducing additional cybersecurity challenges alongside existing physical security concerns.”

Troci researchers will take a multi-disciplinary approach to combining software and hardware solutions to enhance the resilience of these critical systems.

According to the research team, a hybrid solution can minimise the number of sensors and amount of information while maintaining sufficient coverage, protecting data from interference, and reducing the risk of hardware failure. A combination of innovative sensor technologies with machine-learning and AI will help increase software resilience, and rapidly identify anomalies which could signal an attack.

The researchers said they will work closely with industry users in the water and power sectors to understand their specific requirements and challenges, and ensure the proposed solutions provide genuine value.

“This solution should address real-time mitigation, by developing new sensing systems to detect anomalies, employing machine learning and AI for software resilience, and optimising overall system performance without compromising security and privacy,” said Ahmed.

“We will bring our nuclear control and instrumentation system cybersecurity expertise to tackle these challenges together with our esteemed European partners.”

The project consortium includes experts from the University of Vienna, University College Dublin and Holisun, a Romanian software company specialising in machine learning and cybersecurity.

The three year project, which will begin on March 1, 2024, has also received funding from the international Chist-Era programme of IT-related research.