Ensuring the cybersecurity of industrial production systems

Discover

In collaboration with Naval Group, Atos, Airbus, SPIE and BeijaFlore, IRT SystemX is developing a dedicated cyber-physical platform for cybersecurity research. Named CHESS4Industries (Cybersecurity Hardening Environment for Systems of Systems for Industries), the platform enables the modelling, simulation and emulation of complex infrastructures or industrial systems (energy, water treatment, crane work, production lines, etc.) to evaluate their safety levels and test adapted defence strategies or solutions.

The platform comprises several innovative technological blocks:

  • Cyber-physical equipment representing the material components of the industrial system,
  • Digital twins to simulate complex industrial processes,
  • And a library of attacks to evaluate safety solutions.

The platform comprises several innovative technological blocks:

  • Cyber-physical equipment representing the material components of the industrial system,
  • Digital twins to simulate complex industrial processes,
  • And a library of attacks to evaluate safety solutions.

Focus

IRT SystemX, stakeholder in the H2020 SeCoIIA project, Secure Collaborative Intelligent Industrial Assets
Within the framework of the SeCoIIA project, IRT SystemX has developed and validated a prototype for the decentralised and resilient management of access control to cryptographic resources used within an manufacturing supply chain of electronic components.
The demonstrator is the result of the integration of three technologies:
• An innovative attribute-based encryption protocol that enables revocation of rights in a distributed environment,
• An attribute-based access control model,
• Blockchain to ensure tracing of operations and platform resilience.
The demonstrator has been validated in an automotive use case driven by the Continental Group. The proof of concept demonstrated the benefit of attribute-based encryption to ensure the end-to-end security of the cryptographic elements used for manufacturing electronic control units (ECUs). Attribute-based encryption makes it possible to access the subset of cryptographic elements (metadata) necessary to process them while ensuring the other information (keys, random numbers, etc.) remains secure. Disclosing them would compromise vehicle digital integrity and endanger passengers. Together with Airbus, a study is under way to investigate whether the approach can be applied to an aeronautical use case. The aim is to apply the same technology to data sharing from several factories in order to optimise the manufacturing process without compromising confidential shared data.

Interview

Adrien Becue

Expert industrie 4.0, Head of Innovation,
Airbus Cybersecurity

What is the aim of the SeCoIIA project?

The SeCoIIA project (Secure Collaborative Intelligent Industrial Assets) aims to design the security of the collaborative industrial production systems of tomorrow. It mainly aims to:
• Develop and validate systems for simulation, testing and immersive training based on digital twins of the industrial tool,
• Develop and validate authentication and encryption technologies applicable to distributed industrial clouds (Cloud Manufacturing),
• Create and validate collaborative systems to detect, decide on and respond to industrial security incidents,
• Define methods to develop a robust AI, legal liability principles, and digital evidence collection techniques, applicable to the factory of tomorrow,
• Demonstrate these key capabilities as applied to the security of several industrial sectors such as aerospace, automotive, naval and robotics.

What has IRT SystemX brought to this European project?

IRT SystemX has made a range of contributions with a focus on the technological advances of the project. Firstly, the institute developed digital twins integrated into the Airbus CyberRange tool for testing, training and demonstrating automotive and naval use cases. Secondly, the teams developed attribute-based encryption techniques for use in distributed cloud environments. Finally, SystemX integrated, tested and demonstrated risk scenarios applied to automotive and naval pilot systems.

Naval Group has invested heavily in cybersecurity in recent years. We are now bringing all our expertise. and experience for the benefit of the PFS project. The collaboration will accelerate our cyber innovations on both sides and in particular around CHESS. The project is only just starting and we will study the functionalities that can be possibly reused (catalogue of attacks, knowledge about security probes, etc.). Several other partners have joined the project to develop new use cases, in the SystemX premises in Saclay. This will be an opportunity for us to enrich each other with all our know-how and to capitalise on our different platforms.

How do you assess the innovation potential of the attribute-based encryption solution? How could it affect collaborative manufacturing?

The attribute-based encryption solution developed by IRT SystemX meets the need to share sensitive information with industrial partners along an extended supply chain. This solution offers considerable advantages:

  • Encryption and access control at the data point, refined authorisation management in the context of industrial collaboration between players at different privilege levels,
  • Applicability to distributed cloud environments, no single point of failure, resilience to denial of service attacks and Byzantine fault scenarios,
  • Security apparatus is scaled and reinforced by user community growth, traceability and auditability of transactions, and compatibility with privacy protection measures.

 

 

Naval Group has invested heavily in cybersecurity in recent years. We are now bringing all our expertise. and experience for the benefit of the PFS project. The collaboration will accelerate our cyber innovations on both sides and in particular around CHESS. The project is only just starting and we will study the functionalities that can be possibly reused (catalogue of attacks, knowledge about security probes, etc.). Several other partners have joined the project to develop new use cases, in the SystemX premises in Saclay. This will be an opportunity for us to enrich each other with all our know-how and to capitalise on our different platforms.

Digital security and networks