Stephen Fisher Davies is a Cyber Security Researcher working within the Airbus Cyber Innovation team. This team focuses on cybersecurity and resilience of IT and OT equipment with a focus on industrial manufacturing security. After receiving his BSc in Computer forensics awarded by the University of Glamorgan in 2008, Stephen has spent his career working in the innovation space for the Commercial Data Recovery industry and Digital Forensics for Criminal and other legal investigations. In his previous work as the manager and technical lead of an ISO17025 certified forensic lab, Stephen has a great deal of experience testing and validating Digital Forensic tools to see they provide dependable outputs which are fit for purpose and are reliable for use within criminal investigations. In addition to receiving Police commendations for his work in this time he was fortunate enough to assist in a great number of major investigations as an expert witness for Police forces all over the UK, the National Crime Agency and overseas incident investigations.
No single point of failure mentality in OT
In this talk, I will discuss the issues posed by externally accessible operational technology (OT) and the interconnectivity of devices which run critical national infrastructures (CNI). OT and CNI systems previously protected through air gaps and obscurity are now connected to the internet and bolted into IT infrastructure, thereby have a more complex and accessible attack surface. Increasingly sophisticated attacks are now being focused at these systems, as such we need to innovate new methods of protecting these systems against attacks. Many systems cannot easily be upgraded to a modern, supported alternative. Here we will discuss the rising issue of attacks focused on programmable logic controllers, Industrial IOT (IIOT) and the infrastructure which depends on their use. Removing existing single points of failure is one way to improve the dependability of ICS and Industry 4.0, working within the operational constraints of these systems.
ICS-CSR 2024
7th International Symposium forIndustrial Control System & SCADA Cyber Security Research