The 2nd International Symposium for ICS & SCADA Cyber Security brings together researchers with an interest in the security of industrial control systems in the light of their increasing exposure to cyber-space. The topics of interests are broad, ranging from security for hardware/firmware used in industrial control systems, to system aspects of ICS such as secure architectures and vulnerability screening to the human aspects of cyber security such as behaviour modelling and training. ICS-CSR is a research conference aimed at high quality academic research in any of the specified themes and topics of interest. We welcome original contributions that present innovative ideas, proof of concepts, use cases, and results from a variety of domains with a wish to enhance the security of infrastructure.

Live Stream available online for our Keynote Talks by Eric Byres and Stephan Lüders. See Keynote Talks.

This year's conference will take place at the University of Applied Sciences St. Poelten, Austria.

• Last year's ICS-CSR was held at De Montfort University, Leicester UK. Please look at our archive for ICS-CSR 2013 here and check on the proceedings here.

Click to download the Conference Programme (PDF)

This topic list is not meant to be exhaustive; ICS-CSR is interested in all aspects of computer security relating to ICS. Papers without a clear application to SCADA, Embedded Systems or Industrial Control, however, will be considered out of scope and may be rejected without full review.

Submitted papers must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. Papers must be clearly presented in English, must not exceed 10 pages, including tables, figures, references and appendixes and follow the EWIC formatting guidelines: http://ewic.bcs.org/category/15364. Accepted papers will be published in conference proceedings and indexed in the ACM digital library.

All papers will be peer reviewed by members of the Programme Committee. Papers will be selected based on their originality, timeliness, significance, relevance, and clarity of presentation. Distinguished papers, after further revisions, will be considered for publication in a special issue. The program committee will select a Best Paper Award winner for this conference. Submission of a paper should be regarded as a commitment that, should the paper be accepted, at least one of the authors will register and attend the conference to present the work.

Submit your paper via EasyChair: https://www.easychair.org/conferences/?conf=icscsr2014

Instructions for Short Positional Paper Submission:

We welcome the submission of short positional papers for poster presentation during the conference. Positional papers must be clearly presented in English, must not exceed 4 pages, including tables, figures, references and appendixes and follow the EWIC formatting guidelines: http://ewic.bcs.org/category/15364. Accepted papers will be eligible for inclusion for presentation as a poster during the conference and selected papers will be included as an annex in the published conference proceedings. Submit your short positional paper via EasyChair: https://www.easychair.org/conferences/?conf=icscsr2014 and use the prefix “POSITIONAL:” in the registration title.

Keynotes available as live-streaming event

We are please to announce that both keynote addresses will be available as a web live-stream here. For IOS devices here and for Android based systems here. For Microsoft Smooth click here.

Eric Byres

Eric Byres is recognized as one of the world's leading experts in the field of SCADA and industrial control system security. Eric’s background as a process controls engineer allows him to bring a unique combination of deep technical knowledge and practical field experience to his role as Chief Technology Officer at Tofino Security, a Belden brand. Eric has provided security guidance to government agencies, major oil companies and power utilities on security protection for critical infrastructures. He has been responsible for numerous standards and best practices for data communications and controls systems security in industrial environments. This was formally recognized in October 2009 when the International Society of Automation (ISA) awarded him the very rare honor of ISA Fellow for his outstanding achievements in science and engineering.

Alternatives to Patching for more Secure and Reliable Control Systems
Since the discovery of the Stuxnet worm in 2010, there has been exponential growth in government security alerts regarding Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) products. It is now clear that these systems were never designed with security in mind - many contain numerous security related “bugs”. How to address these flaws is an important question, especially for the many legacy control systems in use today. In the IT world, one solution to security vulnerabilities has been an onslaught of product patches. Can the IT world’s strategy of continuous patching work for the ICS world? This talk explores the challenges of designing and deploying patches for security flaws on control system products like DCS, PLCs and RTUs. We look at vendor data on patch deployment rates in ICS products, the patch rates likely required from end-users in the future and what can be realistically achieved. We close with an exploration of alternative compensating control based solutions for security vulnerabilities in the world of automation and control.

Stephan Lüders

Stefan Lüders, PhD, graduated from the Swiss Federal Institute of Technology in Zurich and joined CERN in 2002. Since 2009, he is heading the CERN Computer Security Incident Response Team as CERN’s Computer Security Officer with the mandate to coordinate all aspects of CERN’s computer security --- office computing security, computer centre security, GRID computing security and control system security --- whilst taking into account CERN’s operational needs. Dr. Lüders has presented on computer security and control system cyber-security topics at many different occasions to international bodies, governments, and companies, and published several articles.

SCADA Security in the Academic Environment of CERN
In a swift revolution, control systems have inherited (embraced!) in the last decade all the advantages of standard IT: the Windows operating system, web servers, TCP/IP protocol, mailing, tablets… However, this revolution missed the aspects of security completely. While functionality, availability, usability, safety and maintainability are a must, security has been widely ignored. Only recent security events targeting control systems raised again attention to this subject. At CERN, main focus in preventing abuse has been put on people. Security is a sociological problem and is addressed as such. Technological means come second.

Conference Registration is now open. Please follow the link to the registration page Early bird Registration closes on 18th July 2014

For a convenient hotel we recommend the City Hotel. Alternative hotels would be: Austria-tred or the Hotel Graf

Click to download the Conference Programme (PDF)

The Airbus Group is a global leader in aerospace, defence and related services, employing around 133,000 people at more than 170 sites worldwide. Developing sustainable aircraft, connecting people, observing and understanding Earth, and making the world a safer place: Airbus does things that matter. Ever since its inception in 2000, Airbus has constantly drawn from the strength that comes from integration. The Group brings together businesses that are market leaders in their own right, forming a collective driven by a single vision. Airbus Group includes Airbus as the leading global manufacturer of the most innovative commercial and military aircraft, with Airbus Military covering tanker, transport and mission aircraft. Airbus Defence and Space, the European leader in space programmes and the third biggest space provider worldwide, is active in all space activities, from large-scale space systems to satellite services. Airbus — its people and its innovations — plays a role in creating some of the world’s biggest success stories, helping to make tomorrow’s technology a reality.

De Montfort University is a public research and teaching university situated in the city of Leicester, England, adjacent to the River Soar and the Leicester Castle Gardens. In 2008, 70% of the university's research was deemed 'world leading' (40%), or 'internationally excellent' (30%) in the United Kingdom Research Assessment Exercise. The university’s pioneering research, driven by over 1,000 research students and supported by 500 staff, is internationally renowned and addresses some of the most critical issues affecting our world. Demonstrating the significance of this work, three key pieces of research are listed among the UK’s top 100 projects that will have a profound impact on the future.

The St. Pölten University of Applied Sciences (German: Fachhochschule St. Pölten) was founded in 1993 and has approximately 1,800 students enrolled. It currently offers 14 degree programmes. Study opportunities comprise degree programmes and continuing education courses in the fields of Health and Social Sciences, Business, and Technology. UAS St Pölten also hosts the Institute of IT Security Research, unique in Austria, conducting research in the fields of ICT Resilience/Continuity, Biometrics, Malware, Network Computing and Privacy, Digital Forensics, Chip cards/HW tokens, Steganography/Anti-Forensics and Industrial Security.

• Airbus Group
• De Montfort University
• St. Pölten University of Applied Sciences

St. Pölten University of Applied Sciences

Student life takes place in a new, architecturally interesting and well lit campus, offering everything a student could possibly hope to find. Glass and steel predominate and the appearance of the building’s smooth service changes according to the weather. Everything is light and creates an ideal atmosphere for learning. An airy refectory enables students to work in the open. Generous lounge areas, a canteen, a cafeteria, a courtyard and a number of balconies create the appropriate atmosphere and surroundings for simply “chilling out”.

St Pölten to-do

Be it just for a day or a whole week, a stay in St. Pölten is always rewarding. Not many cities are so rich in contrast. Whether you are exploring the beautiful old town and its Baroque and Jugendstil buildings or the hypermodern Government Quarter and Culture District: you’ll have the feeling of taking part in a treasure hunt!

Just a few convincing facts why the newest regional capital city of Austria won’t let you down:

• a gorgeous, fully intact, historically preserved old city
• a slew of architecturally significant buildings from Contemporary Austrian Architecture
• a diverse, year round art and performance program within its own Cultural District
• St.Pölten, a popular shopping destination features Austria´s second oldest pedestrian zone
• Unspoiled nature area within the city limits sporting - top sports and recreational facilities
• a broad selection of eating choices and accommodations
• St.Pölten´s central location in Lower Austria makes it an ideal starting point for daytrips

Contact:
Tourist Information St. Pölten
Rathausplatz 1
3100 St. Pölten
Tel.: +43 2742 353354
Fax: +43 2742 333-2819
E-Mail: tourismus@st-poelten.gv.at

Travel to St Pölten

St. Pölten, the capital city of the province of Lower Austria is situated in the center of Lower Austria and can be easily reached by various modes of transportation.

By Car

• Traveling east from Salzburg or west from Vienna: A1 Westautobahn to St. Pölten
• From Vienna International Airport (Wien/Schwechat): A4 Ost Autobahn -> S1 Wiener Außenring Schnellstraße and A21 Außenringautobahn to A1
• Coming from the direction of Passau, Regensburg: A8 Innkreisautobahn -> A1
• From Italy, Slovenia: A2 Süd Autobahn (via Villach and Graz to Vienna) ->A1 (or A2-> A21-> Außenringautobahn -> A1).
• Option 2: over the Brenner pass to Innsbruck->A12 Inntalautobahn->Innsbruck, Salzburg->A1
• From Switzerland: Arlberg Tunnel->A12 Inntalautobahn-Innsbruck-Salzburg->A1

Arriving by car: On the A1 motorway, take the 'St. Pölten' exit. There is a visitors' car park at Heinrich Schneidmadl-Straße, just around the corner from the Fachhochschule.

By Train

Westbahnstrecke (Western Rail Corridor) from Salzburg (eastbound) or Vienna (westbound) to St. Pölten. The rail journey from Wien Westbahnhof to St. Pölten Hauptbahnhof takes appr. 30 minutes and you can choose between 2 railway services: Book your journey to St. Pölten Hauptbahnhof. A taxi from the station to the Fachhochschule costs appr. €5.

• ÖBB (Österreichische Bundesbahnen):
  From Westbahnhof station, ÖBB operates at least 2 fast trains to St. Pölten per hour. The fast trains are called IC...., ICE..., OEC..., OIC... and RJ... and they head in the direction of Linz, Salzburg, Innsbruck, Bregenz, Zurich, or Germany. You can buy your ticket from the ticket office or from the ticket machines in the hall. A one-way trip costs €12 (cheaper for groups of at least 6 people). Consult the train timetable at www.oebb.at
• Westbahn:
  Westbahn is a private company providing a commuter service to St. Pölten once every hour. The trains head to Salzburg/Freilassing. The ticket costs €6 and you can buy it on the train or in advance at www.westbahn.at. Consult the website for the timetable.

Note: ÖBB and Westbahn are two different rail services and they do not accept each other’s tickets!

By Aeroplane

Via Wien/Schwechat - Vienna International Airport: about 80 km/49 miles to St. Pölten

For Vienna International Airport (Wien/Schwechat) flight schedules go to: www.viennaairport.com From Vienna International Airport, take the Vienna Airport Lines coach to the 'Westbahnhof' railway station. The journey takes 45 min. and costs €8. There is a bus every 30 min. and 'Westbahnhof' is the final stop.

Via Linz/Hörsching: about 125 km/ 78 miles to St. Pölten. For flight schedules from Linz/Hörsching Airport go to: www.linz-airport.at

Conference Chairs

• Kevin Jones, Airbus Group Innovations, UK kevin.jones@ics-csr.com
• Helge Janicke, De Montfort University, UK helge.janicke@ics-csr.com

Organising Chair and Committee

• Thomas Brandstetter, Limes Security and University of Applied Sciences St Pölten, Austria thomas.brandstetter@ics-csr.com
• Simon Tjoa, University of Applied Sciences St Pölten, Austria simon.tjoa@fhstp.ac.at

Technical Programme Committee (tbc)

• Adriano Valenzano, CNR-IEIIT, National Research Council of Italy
• Alvaro Cárdenas, University of Texas at Dallas, USA
• Andrew Nicholson, De Montfort University UK
• Antonio Cau, De Montfort University UK
• Chris Hankin, Imperial College UK
• David Hutchison, Lancaster University UK
• Dina Hadziosmanovic, Delft University of Technology, Netherlands
• Erol Gelenbe, Imperial College UK
• Giampaolo Bella, Università di Catania Italy
• Helmut Kaufmann, Airbus Group Innovations Germany
• Johann Haag, Fachhochschule St. Pölten University of Applied Sciences Austria
• Jose Fernandez, Ecole Polytechnique de Montreal Canada
• Jules Ferdinand Pagna Disso, QA UK
• Kieran McLaughlin, Queen's University Belfast NI
• Luca Durante, CNR-IEIIT Italy
• Mark Carolan, Deep-Secure, UK
• Mathias Fischer, Technische Universität Darmstadt/ CASED Germany
• Michael Kasper, Fraunhofer Institute SIT Germany
• Michael Roßberg, Technische Universität Ilmenau Germany
• Nancy Leveson, Massachusetts Institute of Technology USA
• Oscar Garcea-Morchon, Philips Research Netherlands
• Paddy Francis, Airbus Defence and Space UK
• Panayotis Kikiras, AGT International, Germany
• Paul Smith, AIT Austrian Institute of Technology GmbH Austria
• Paulo Simões, University of Coimbra Portugal
• Phillip L. Nico, California Polytechnic State University USA
• Rob Rowlingson, BT Security UK
• Robert Oates, Rolls-Royce PLC UK
• Sally Leivesely, Newrisk UK
• Sebastian Obermeier, ABB Corporate Research, Switzerland
• Thomas H. (Tommy) Morris, Mississippi State University USA
• Ulrik Franke, FOI – Swedish Defence Research Agency