Architectural requirements and innovative monitoring tools for cybersecurity of industrial process networks

Industrial organisations are facing significant challenges in the area of cyber security. From one perspective, there has been an alarming increase in cyberattacks against the industrial sector in recent years. Concurrently, a growing number of regulatory frameworks require critical infrastructure providers to adhere to a set of minimum requirements based on the main industrial cyber security standards, which have reached a sufficient level of maturity. The proposed research is focused on two clearly delineated aspects of industrial cybersecurity. The initial contribution examines network architecture, with the Purdue model as a point of reference. The contribution presents a network architecture reference scheme to ensure an adequate cybersecurity posture through the application of the defence-in-depth strategy. Additionally, the research investigates the deployment of industrial monitoring tools and technologies within industrial networks, with a particular focus on the adherence to industrial cybersecurity standards. The second part of this research is concerned with the development of industrial network monitoring solutions for anomaly detection. The research on this innovative topic presents the development of various industrial testbeds and simulation environments (General ACS and DERs use cases) for the purpose of demonstrating the impact of cyberattacks on industrial domains. In this regard, an innovative monitoring solution is proposed to detect the occurrence of anomalies by analysing fieldbus network traffic. The final part of the contribution focuses on a particularly promising avenue of research for anomaly detection in IACSs, which employs ML algorithms. In this regard, the integration of physical equations into the loss function of autoencoder appears to be an effective approach for IACS anomaly detection applications.