Speaker: Dr. Raziq Yaqub, Associate Professor, Department of Electrical Engineering and Computer Science, Alabama A&M University, USA
Title of Talk: Security Challenges in Convergence of the “Industrial Internet of Things”, “SCADA”, and “M2M Communication”, and bringing 5G security architecture to address them
Biography: Dr. Yaqub is an Associate Professor in Department of Electrical Engineering and Computer Science, Alabama A&M University, Huntsville. Dr. Yaqub earned a Ph.D. in Wireless Communication from Keio University, Tokyo, Japan, and MBA in Marketing from Fairleigh Dickenson University, New Jersey, USA. He is an inventor of numerous technologies, and received “Inventor of the Year Award” from the Governor of the State of New Jersey, USA, and his name is in Inventors Hall of Fame.
Dr. Yaqub, in parallel to his academic assignments, is an Inventor with Wells Fargo, where he filed 15 new patents in Cybersecurity/Financial Technologies in last 6 months. He remained an Executive Director of Toshiba America Research, New Jersey, to lead research work in 4th Generation Wireless Communication and filed 35 patents, Department Head of NIKSUN University, New Jersey, to lead educational efforts on Cybersecurity and Big Data Analytics, Sr. Consultant to the State of New Jersey to secure $87 Million grant for the State, a spokesperson in 3GPP on behalf of Department of Homeland Security, where he led Government Multimedia Priority Services, and an Associate Professor at University of Tennessee, where he developed Smart Grid courses and established the Smart Grid Lab.
Dr. Yaqub is skilled in teaching, conducting research, inventing technologies, developing solutions, and building industry-academia collaboration. His academic efforts include developing from scratch, the new courses on “Smart Grid”, “4G Networks”, and “Advanced Metering Infrastructure and Cyber Security”. His research interest is in Big Data Analytics, 5G/4G/LTE, Smart Grid technologies (including Electric Vehicles, Renewable Energies, Smart Home Energy Management, etc.), Cyber Security, and Financial Technologies. He filed 50 patents, submitted 150+ contributions in technical standards organizations and published numerous papers in international conferences. He remained a working group chairman in Mobile Wireless Internet Forum, Senior member IEEE, Chairman IEEE Membership Development, Chairman, IEEE for Award Committee, Rapporteur in 3GPP, keynote speaker, panelist, and guest speaker in numerous International conferences.
For decades, Supervisory Control and Data Acquisition (SCADA) systems have played a significant role in industrial operations to collect data and automate processes. With the emergence of wireless machine-to-machine (M2M) technologies, networks have helped operators improve operational decisions, save manpower and, in many instances, keep employees safe by avoiding dangerous environments. Today, industries are increasingly implementing end-to-end Internet Protocol (IP) connectivity or the Industrial Internet of Things (IIoT), enabling more capabilities at the edge of these networks. This does not make SCADA systems obsolete by any means; it opens the door to greater possibilities of enabling new applications and analytics. But at the same time this convergence brings a load of cybersecurity challenges too. Cybersecurity, therefore, will ultimately be the limiting factor on how much IIoT is deployed.
This talk will touch upon three important areas: (a) Architectural Differences between SCADA, Wireless M2M Communications and IIOT, and their Convergence, (b) Security Challenges in the Technological Convergence, and (c) Role of 5G Security Architecture in addressing the challenges. From security perspective, the agenda of the talk would include insight into Cyber Security landscape, how security evolved into cybersecurity, why security is such a big concern for SCADA, M2M, and IIOT, and how the future 5G communications security architecture will help remediate security attacks, threats, and vulnerabilities. Finally the talk will provide key recommendations.
The talk will proceed to explain the security challenges of the traditional SCADA systems that were neither designed, nor implemented with security in mind. The most common SCADA protocols like MODBUS, and DNP3 are inherently insecure; and the standard security procedures are often not implemented. Further, since the SCADA is likely to consist of embedded devices with long lifespans, conducting massive patches and updates would not be possible (as some embedded technologies don’t allow any updates). Thus SCADA presents an “Egg Shell” security model; where one breach at any point of the network may wreck the whole infrastructure. On the other hand IIoT has challenges of its own. Such as the integration of Operations Technology (OT) and Information Technology (IT) will combine the vulnerabilities of both. Thousands of IP devices connected on the OT side, going out to the edge in the field, if not secured properly, may become compromised and, a hacker can push malicious data, cause denial of service (DoS), or introduce malware or viruses to the entire (IT and OT) network. On the IT side, the space has a much different attack surface than OT, and typically sees attacks such as SQL Injection, DDOS, and Man-in-the-Middle.
Thus IIOT would require state of the art tools and technologies for advanced authentication mechanisms, monitoring Advanced Persistent Threats (APT), Intrusion Detection and Prevention (IDP), Deep Packet Inspection (DPI), anemology detection, log monitoring, network behavior monitoring, network inspections, application reconstruction, whitelisting, firewalls, and more. Further, through the use of standards like TLS/SSL and basic AES-128 data encryption, secure connections can be established in IIoT environment.
Next, the presenter will explain how the future 5G wireless communications technologies and 5G security architecture will provide hooks to address security concerns. The 5G wireless will represent a purpose-built technology, designed and engineered to facilitate connected devices as well as automation systems. In many ways, 5G will be a facilitator and an accelerator of the next industrial revolution, often referred to as Industry 4.0. The 5G radio access network will add mitigation measures to radio protocol design. To that end the attack resistance of radio access networks would be a more clearly outspoken design consideration in 5G, analyzing threats such as Denial of Service from potentially misbehaving devices.
The talk will provide food for thought on how to explore innovative techniques and conduct Cyber Security related research. As such, it will be beneficial for the government policy makers, industry leaders, decision makers, corporate and academic researchers, professors, and students.