Cybersecurity Centre

The Cybersecurity Centre, established in 2019, is the IFE’s newest facility offering research, innovation and consultancy services in cybersecurity. It is based on IFE’s R&D expertise over several decades in operational safety and security of critical infrastructures. The Centre brings together researchers and engineers from multiple disciplines – security engineering, safety risk management, human factors, process engineering and simulation, IoT, etc –  to develop holistic solutions for cybersecurity.

Facilities

The Cybersecurity Centre provides a realistic environment, that could be used by the industry, businesses and public services to investigate scenarios such as: How can a cyber-attack compromise a system and its environment? What is the consequence of the attack on the system and how can it propagate to other systems? What are the most effective strategies to respond to an attack? How well is the organisation processes and humans prepared to respond to the attack? How to design a system to reduce its vulnerabilities? The Cybersecurity Centre can equally be used by the academia for education and training of future cybersecurity professionals.

Together with IFE’s simulator-based research facility for studying human behaviour and performance in complex operating environments (HAMMLAB), IFE Cybersecurity Centre provides an unique environment to study how security teams and control room staff can collaborate to safeguard the plant or organisation from cybersecurity threats or attacks.

The Centre provides hardware-in-the-loop (HIL) simulators. That is techniques for  development and testing of complex systems. The complexity of the facility or business being investigated is mapped to the HIL test platform. This allows for incorporation, testing and development of all related dynamic systems and doing completely realistic simulations without the risk of disruption to the actual plant. IFE can with the use of HIL do simulations with:

  • Highly configurable testbed with real, simulated and emulated components of real-world critical infrastructure
  • Tools for vulnerability assessment, RAMS (reliability, availability, maintainability, safety) assessment, attack injection, incident monitoring, detection and response
  • High-fidelity simulation technologies for cybersecurity and RAMS events prediction
  • Tools for evaluation of human preparedness and decision-making during incident response process and for operational safety

Focus areas

Security risk management

  • Assess the vulnerabilities and threats to the system and identify best practices to mitigate the threats.
  • Evaluate security management processes and procedures for handling cybersecurity incidents

Incident response using simulation technologies and tools

  • Simulate process, equipment, control room and security in operational environments
  • Simulate attack scenarios to investigate the impact on the systems and its environment
  • Evaluate effective response strategies to handle an attack
  • Evaluate human, e.g. operators and security teams, preparedness to handle attacks
  • Simulation platforms are useful when it is impossible to perform cybersecurity testing/exercises on operational systems (unacceptable risks)

Cybersecurity monitoring and detecting solutions

  • Evaluate suitability of cybersecurity solutions (e.g. IDS, firewall) to an operational environment
  • Risk communication and visualization providing a meaningful real-time risk picture

Security Culture

  • Situational awareness
  • Training