Back to Conference View
Login

9th Control System Cyber-Security Workshop (CS)2/HEP

US/Central
Stefan Lueders (CERN)
Description

Attacks against industrial control systems, including Ransomware and politically motivated attacks, are now regularly reported in the media; new vulnerabilities are regularly published and exploited; and politicians become more and more concerned about the resilience of the control systems controlling a nations critical infrastructure...

Modern accelerator and detector control systems do not differ significantly from the control systems used in industry or devices being part of the "Internet-of-Things" (IoT). Modern Information Technologies (IT) are commonly used, control systems are based more and more on common-of-the-shelf hardware/software (VME, PLCs, VxWorks, network switches, networked controls hardware, SCADA, commercial middleware, etc.) or Windows/Linux PCs, and commonly employ standard IT-techniques (Git & built frameworks, virtualisation & containerisation, Machine Learning, etc.). Furthermore, due to the academic freedom in the High Energy Physics community, control systems are produced in a wide, decentralized community, which leads to heterogeneous systems and often necessitates remote access. However, with this adoption of modern IT standards, control systems are also exposed to the inherent vulnerabilities of the corresponding hardware and software. The consequences of a security breach in an accelerator or detector control system might be severe, and attackers won't ignore HEP systems just because it's HEP.

Presentations by several HEP institutes worldwide on the application of Cyber-Security in Control Systems were given at the 8th workshop attached to the ICALEPCS conference series, this next (CS)2/HEP workshop is intended to continue sharing and discussing counter-measures, to review configuration and development procedures for secure control systems, and to review the progress since the last (CS)2/HEP workshop.

Potential Keywords and topics are:

  • Security, vulnerabilities and protective measures of front end devices (e.g. SoC, PLCs, power supplies, networked controls hardware);
  • Control network security, network architectures, network isolation/segregation, firewalling and intrusion detection, but also data centre connectivities;
  • SCADA security, PC installation and management schemes, including secure ("Kiosk") operation in multi-user environments (e.g. at light-sources, where users change quite frequently);
  • Authentication & Authorization on control systems, incl. remote operations and expert interventions;
  • Software development, software curation, and system built & configuration management, including containerization;
  • Security policies, best practices, security events and lessons learned.
Support
    • 09:00 09:15
      Intro into the 9th CS2/HEP 15m
      Speaker: Stefan Lueders (CERN)
      Intro @ CS2HEP (2025).pdf
      Intro @ CS2HEP (2025).pptx
    • 09:15 09:45
      Control Systems, Cyber Security and Conflicting Priorities 30m

      Control systems for scientific user facilities and cybersecurity initiatives share important goals but do not always share common paths and priorities. This talk will explore priority drivers, conflicts and compromises.

      Speaker: Karen White (Oak Ridge National Laboratory)
      Cyber Workshop 2025.pdf
      Cyber Workshop 2025.pptx
    • 09:45 10:15
      A Wish or Hope for better OT cybersecurity 30m

      We have implemented a commercial security appliance which processes a full network feed from our control system to passively identify threats and anomalies. We will discuss the successes and failures so far using this tool

      Speakers: Chandler Lawrence (Fermilab), Timothy Zingelman
      Nozomi Presentation.pdf
      Nozomi Presentation.pptx
    • 10:15 10:45
      Morning Coffee 30m
    • 10:45 11:15
      The Extremely Large Telescope (ELT) Primary Mirror Control System 30m

      The Control System of the Extremely Large Telescope (ELT) Primary Mirror will be presented in terms of network layout, control system stack, possibility for remote access and data transfer, SW development and maintainability processes, interaction with other systems and the Internet.

      Speaker: Luigi Andolfato
      M1 Cyber Security Workshop Presentation.pdf
      M1 Cyber Security Workshop Presentation.pptx
    • 11:15 12:15
      18 months into the CERN cyber-security audit 1h

      With thorough 2023 cyber-security audit at CERN, the IT department and the CERN Computer Security Office as well as the Organization as a whole has been tasked with 95 different work packages to improve their computer security posture. This presentation will go to their implementation and deployment, the successes and the areas creating additional problems

      Speaker: Stefan Lueders (CERN)
    • 12:15 14:00
      Lunch 1h 45m
    • 14:00 15:00
      Lessons Learned from the HZB security incident 1h

      A ransomware attack disrupted HZB and BESSY II operations, prompting a
      complete network infrastructure rebuild. The recovery task force
      utilized standardized Ansible playbooks for rapid deployment, resulting
      in a modernized science data acquisition network with improved
      configurations managed through version-controlled GitLab repositories
      for enhanced tracking and maintenance.

      Speaker: Thomas Birke
    • 15:00 15:30
      Cyber Secure Experimental Physics and Industrial Control System 30m

      Secure PVAccess (SPVA) brings production-grade cybersecurity to the Experimental Physics and Industrial Control System (EPICS) framework by encapsulating the PVAccess protocol within Transport Layer Security (TLS). It integrates X.509 certificate-based authentication with common laboratory-wide services such as Kerberos and LDAP, and delivers a full certificate authority, management, and distribution solution. Leveraging this robust authentication layer, Secure PVAccess extends the existing EPICS Security model to enforce true Process Variable (PV) access control based on verified peer identities, attributes, and connection modes. We describe the overall architecture, key design decisions, software components, current status, envisioned future capabilities, and the collaborative effort driving this initiative.

      Speaker: George McIntyre (SLAC National Accelerator Laboratory)
      ICALEPCS presentation
    • 15:30 16:00
      Afternoon Tea 30m
    • 16:00 16:30
      (Too?) Many of ways into CERN 30m

      Remote access to labs for users and experts, in particular, control systems, is essential for the efficient running of control systems of accelerators and experiments. However, such an Internet-connectivity exposes sensitive and poorly protection systems to the risks of direct attacks. This presentation shall discuss the remote access model into the CERN Campus network as well as into its technical infrastructure.

      Speaker: Stefan Lueders (CERN)
    • 16:30 17:00
      Discussions 30m
      • What are your general policies for controls? Have you been audited? What are lessons learnt and best practises?
      • How do you allow remote monitoring / control?
      • How did you design your control network and interact with your data centre(s) and campus networks?
      • How to you address cloud usage like OracleDB, Git, but also ML/AI/LLM?
      • What about remote software development and CI/CD pipelines? Do you run SBOM? Some other verifications?
      • How to secure IoT and SoC ("system on a chip") components?
      • What about "zero-trust" in an OT environment?
      • [Anything you want to know/talk about/discuss/have input on/wonder]
      • [Your favorite security subject HERE]
      Speaker: Stefan Lueders (CERN)
Powered by Indico v3.3.8-pre