Unit information: Security of Industrial Control Systems in 2022/23

Unit name	Security of Industrial Control Systems
Unit code	COMSM0120
Credit points	30
Level of study	M/7
Teaching block(s)	Teaching Block 2 (weeks 13 - 24)
Unit director	Dr. Adepu
Open unit status	Not open
Units you must take before you take this one (pre-requisite units)	Units in TB1 for the MSc in Cyber Security: Foundations; Network Security.
Units you must take alongside this one (co-requisite units)	None
Units you may not take alongside this one	None
School/department	School of Computer Science
Faculty	Faculty of Engineering

Unit Information

Why is this unit important?

Industrial control systems (ICS) play a central role in critical infrastructures that serve society at large and bring critical services to citizens, e.g., water, power, oil and gas, high value manufacturing. Cyber security of ICS is, therefore, a topic of high priority for governments worldwide as well as operators of key infrastructures.

Students will learn about approaches to secure large infrastructures based on industrial control systems. This will include learning about a range of attack and defence methods as well as vulnerabilities of networking protocols and architectures in such infrastructures. Students will also learn about human and organisational aspects and how these intersect with technical aspects of software, hardware, sensors and actuators leading to risks and how to mitigate the impact of such risks. They will also learn about incident response and post-incident forensics.

How does this unit fit into your programme of study?

The unit builds on the learnings specifically in TB1 units Foundations and Network Security to impart an in-depth understanding of how the security needs of ICS differ from typical IT systems, the challenges they pose and how to overcome such challenges within the bounds of other constraints, such as safety and the need to maintain continued operation and hence mitigate against large-scale disruptions to society.

Your learning on this unit

An overview of content

Topics will include:

• Fundamentals of industrial control systems
• Infrastructure reconnaissance
• Open source intelligence (OSINT)
• Industrial protocols and their vulnerabilities
• Attacks against ICS
• Defences
• Human and organisational factors
• Incident response and forensics

How will students, personally, be different as a result of the unit

Students will develop knowledge and understanding of the topics above. They will also gain hands-on understanding of attacks and defences for ICS through lab work as well as undertaking a security analysis of an infrastructure system – working with others to identify issues and suitable countermeasures. Students will also develop their individual analytical and problem solving skills by applying their knowledge to a substantial case study.

Learning Outcomes

1. Have knowledge of techniques and methods for detecting when large-scale infrastructures are under attack.
2. Be able to analyse the underlying causes of the compromise and develop strategies to keep the infrastructure operational while limiting the attackers’ movement through to other parts of the infrastructure.
3. Have knowledge of techniques to recover the infrastructure to a fully operational, secure and safe state.
4. Ability to analyse the problems from different disciplinary perspectives and devise solutions that synthesise different disciplinary perspectives – leverage human, organisational and technical factors in such infrastructures.
5. Hands-on knowledge and experience of working on security in real-world ICS contexts

How you will learn

The unit will be delivered through lectures, labs and office hours.

In the event of a return to fully remote teaching due to COVID-19 then the ICS teaching boxes will be hosted centrally on campus. The boxes will be held within the Bristol Cyber Security Group lab VPN, which is an isolated VPN network that sits alongside that of the main university. Students will be able to connect to this VPN, and then connect to their individual teaching box.

We have experience of this setup during the 2020-21 Academic Year within the equivalent unit of the TIPS-at-scale CDT, in which we hosted a number of ICS teaching boxes within the lab to provide further experience on top of the boxes that students had at home. This VPN can be used across any units that require specific services that cannot be replicated at home.

How you will be assessed

Tasks which help you learn and prepare you for summative tasks (formative):

Weekly lab sessions and workbook; Extension exercises. This will include both group work and individual work.

Tasks which count towards your unit mark (summative):

Coursework (100%), comprising Group work (40%) & Individual work (60%)

Analysis of security (including attacks and defences) in a realistic infrastructure in the BCSG testbed (group work: 40%)

• Submission will include the artefacts and results from the analysis and a discussion of the analysis conducted. The discussion will be maximum 3000 words (this excludes the artefacts and any bibliography).

Security analysis of a case study of emerging architecture in ICS (Individual work: 60%)

• Submission will include the artefacts and results from the analysis and a discussion of the analysis conducted. The discussion will be maximum 3000 words (this excludes the artefacts and any bibliography).

For group work, each student will be required to submit a reflective log (max. 500 words) reflecting on their learning, their contributions and that of other group members. These reflective logs will be used by markers to evaluate group dynamics and contributions.

When assessment does not go to plan

If students do not pass an individual assessment, an equivalent (different) assessment will be set by the unit director.

For group work, if the reflective logs highlight an unequal contribution by the students and therefore it would be unfair to award all students within the group the same mark, the marker will hold a meeting with relevant students to assess their understanding of the topic. Where extenuating circumstances mean that a student cannot participate in this summative group work, an equivalent piece of work will be set which would require an in-depth study of two contrasting approaches from literature through their application to a suitably sized case study and a report.

As the formative assessments in each of the units involve group work the students will still be able to gain relevant group work skills and meet the programme level ILOs even if they cannot complete a summative group work assessment in group work mode due to extenuating circumstances

Resources

If this unit has a Resource List, you will normally find a link to it in the Blackboard area for the unit. Sometimes there will be a separate link for each weekly topic.

If you are unable to access a list through Blackboard, you can also find it via the Resource Lists homepage. Search for the list by the unit name or code (e.g. COMSM0120).

How much time the unit requires
Each credit equates to 10 hours of total student input. For example a 20 credit unit will take you 200 hours of study to complete. Your total learning time is made up of contact time, directed learning tasks, independent learning and assessment activity.

See the Faculty workload statement relating to this unit for more information.

Assessment
The Board of Examiners will consider all cases where students have failed or not completed the assessments required for credit. The Board considers each student's outcomes across all the units which contribute to each year's programme of study. If you have self-certificated your absence from an assessment, you will normally be required to complete it the next time it runs (this is usually in the next assessment period).
The Board of Examiners will take into account any extenuating circumstances and operates within the Regulations and Code of Practice for Taught Programmes.