The third day of the conference began with a presentation of a research work carried out by Dr. Jeffrey Hunker of the Carnegie Mellon University, and Mr. Robert Hutchinson of Sandia National Labs. This research investigates approaches to attribution of attacks on process control systems, namely characterization of attacks, identification of attacking machines, identification of controlling machines, identification of humans behind the attacks, identification of the organizations sponsoring the attacks, and forensic issues in general as applied to process control networks and systems.

Dr. Paul V. Craven of the Simpson College held a presentation on modeling train control system networks. As railroads have been increasing their dependence on computer-based systems, cyber attacks represent a potential way of disrupting them. Dr. Craven described models of features and functions of the nodes in train control system networks, including a description of how vehicles are tracked, their interconnectivity, the communication protocols used in them, and aspects of security in such control infrastructure.

Modbus was the subject of two presentations. Dr. Ryan Shayto of the University of Tulsa talked about assessment of the integrity of Modbus-based systems used to control pipelines, while Julian Rrushi of the University of Illinois at Urbana-Champaign and the Università degli Studi di Milano talked about the construction of a logical memory boundary based on a stream cipher to protect byte-oriented protocols such as Modbus from memory corruption attacks.

The research work carried out by Baina et al. of the University of Toulouse regards the invention and implementation of a collaborative access control framework for specifying and maintaining policies that regulate group interactions among a variety of collaborating critical infrastructure owners and operators.

The conference was concluded by a presentation held by Zahid Anwar of the University of Illinois at Urbana-Champaign. Anwar talked about SCADA Guardian, i.e. an approach devised to automatically assess and validate security conditions of control systems deployed in the electrical power grid. SCADA Guardian compares common information models (CIM) and workflow definitions, expressed in first order logic predicates, against power system cyber security requirements.

I conclude the description of this conference by mentioning an interesting keynote lecture given by Victor Sheymov, CEO of Invicta Networks, during the dinner on the first day of the conference. Mr. Sheymov, a former KGB officer and defector, talked about the nuts-and-bolts of the process of “knowing your enemy”.