Topic Details In collaboration with Contact
Technical and operational/human vulnerabilities in the Data Engineering system Configuration & uploading of data to operational units including verification processes Statkraft Prof. Sokratis Katsikas: sokratis.katsikas@ntnu.no
Technical vulnerabilities in control system gateways / bridges Can we provide adequate technical barriers and procedures to secure that an intruder cannot access process networks from adjacent infrastructure? Statkraft Prof. Sokratis Katsikas: sokratis.katsikas@ntnu.no
Secure file transfer to air-gapped networks Theoretically, one can implement all sorts of checks and balances to ensure that only legitimate files are carried across from ³the outside² to process control systems, but there are limits to how complex these procedures can be. Do existing systems provide adequate measures to do this, without requiring large amounts of manual effort, or heavy investments? Statkraft Prof. Sokratis Katsikas: sokratis.katsikas@ntnu.no
Control room authentication solutions Personnel in control rooms have to access multiple systems across disciplines and security levels. Usually this involves several account/password pairs, and different password security policies. At the same time, systems need mechanisms to ensure that only the right user is allowed in, and that systems are not left open to anyone, should operators leave their terminals, while at the same time the systems are instantly available when needed. Statkraft would like to explore solutions that can enforce strict access security requirements for computer terminals, while at the same time maximising availability and ease-of use for the operators. This may include biometric solutions, physical proximity beacons or other mechanisms that do not necessarily include typing a password at random intervals. Statkraft Prof. Sokratis Katsikas: sokratis.katsikas@ntnu.no
Intrusion detection technology for process networks

Current host and network intrusion detection is based on a wide range of standard and proprietary techniques and methods. They also have limitations in their effectiveness outside of standard, widespread operating systems, network protocols and application suites. Possible research into IDS improvementsincludes:

- which methods and technologies are most effective in process control settings;

- which new / not widespread / experimental technologies might promise improved effectiveness.

Statkraft Prof. Sokratis Katsikas: sokratis.katsikas@ntnu.no
Penetration testing methodology for process control systems Several penetration testing methodologies / frameworks exist that aim to help penetration testers perform structured and controlled tests. Control systems often have particular properties in terms of sensitivity to unfamiliar inputs and risks of dangerous failures of they malfunction. As such, special care must be taken when designing penetration tests for control system environments.
- How do existing frameworks lend themselves to is?
- are there frameworks more suitable for control systems environments?
- what improvements could be made to existing frameworks?
Statkraft Prof. Sokratis Katsikas: sokratis.katsikas@ntnu.no