Diarmuid O'Briain

Industrial Control Systems (ICS) are responsible for the control of several processes in various critical infrastructure deployments ranging from energy, power and water utilities, to manufacturing sectors such as pharmaceutical precision engineering. They ensure the smooth, safe running and High Availability of these critical infrastructure and manufacturing processes. ICS cybersecurity is of increasing concern and this is evidenced by the mounting examples of cyber threats and attacks on ICS infrastructure that are referenced both within the technical community and the public media. The barriers of entry to ICS cybersecurity are still high given the limited skills base, expensive and proprietary hardware and software, as well as the inherent dangers of manipulating real physical processes. This greatly inhibits the practical application of cybersecurity tools in ICS environments and therefore the opportunity for practitioners to gain valuable experience. Furthermore, historical ICS testbeds have not delivered a practical application of accessing and improving ICS security posture as poisited in known ICS industry standards. This project seeks to build a comprehensive opensource virtualised ICS testbed to demonstrate typical cybersecurity weaknesses in an ICS environment as well as suitable remediation strategies. This testbed shall simulate real world industrial systems as closely as possible without replicating an entire plant. This research will identify a suitable ICS testbed to visualise the stages of an ICS cyber attack with reference to the ICS cyber kill chain proposed by the SysAdmin, Audit, Network and Security Institute. With the selected ICS testbed as a reference, this project shall also demonstrate an ICS cybersecurity evaluation based on the US National Institute of Standards and Technology cybersecurity framework, detailing how defenders can identify vulnerable components in the ICS, identify potential threat vectors within the environment and develop suitable mitigations to improve the organisations overall security posture. This project contributes to growing ICS cybersecurity skills to better protect industrial processes and critical infrastructure.

Networking and telecommunications have been spared the major changes that have occurred in computing over the last decade. Speeds have increased and the convergence with Information Technology (IT) has continued. The speed of this convergence is about to increase dramatically. The IT world went through massive change with the introduction of cloud computing, driven by developments in virtualisation. The benefits of the transformation in IT will come to networking and telecommunications in the form of Software Defined Networking (SDN) and Network Function Virtualisation (NFV). They can be realised in the data centre today and in the customer premises in the near future with the roll-out of high speed ubiquitous broadband. SDN is the extraction of the control functions from networking equipment hardware. This leaves the hardware with only data plane functionality. Therefore SDN is a separation of the control and data forwarding functions within the network. The control plane functions are migrated as software functions to be ran on standard industry hardware or more often than not on server instances located on virtualised cloud platforms. NFV is a separate but complementary technology that replaces existing functions typically found on specialised hardware with virtualised versions of the same function. These NFVs can be delivered on a virtual Customer Premises Equipment (vCPE) devices that will provide virtualisation locally for the provision of NFVs and/or in concert with cloud based functions at the data centre. The changes in the networking landscape promised over the next few years by SDN and NFV are very exciting. It can be considered akin to the changes that virtualisation brought to the data centre and the subsequent explosion of cloud computing over the last 5 years or so that had its origins in the late 1990s. It is safe to assume that these developments in SDN and NFV will lead to an explosion of Network Virtualisation outside of it's the current sweet spot within the data centre where SDN exists today. It is also becoming clear that the current situation where the skill-sets of the software developer and the network engineer, which today are quite different will tend to converge and the network engineer will need to adapt to a world where the command line configuration is replaced or at the very least complemented by a greater reliance on programming and scripting skills. This revolution in networking will create the appearance of infinite capacity to the user and permit the expansion of the current scientific, informatics and engineering boundaries to create a Cloud Integrated Network (CIN). The CIN, the rise of Internet-connected machines and devices that are the Internet of Things (IoT) as well as AuGmented Intelligence (AuGI) will come together in the future to create the perfect storm that will transform human existence in a third industrial revolution (Weldon, 2015).

Uganda is a land locked country in South East Africa. It is separated from the Indian ocean by Kenya to the east and Tanzania to the south. It is separated from South Atlantic by the Democratic Republic of the Congo to the west. Uganda's connection to the Internet is overland to Mombasa, Kenya where the Seacom cable installed in 2009 connected Mombasa to Europe with a capacity of 640 Gb/s and the World Bank funded Eastern Africa Submarine Cable System (EASSy) undersea fibre optic cable connects Eastern Africa to South Africa and Europe with a capacity of 1.4 Tb/s. [1]. Additionally until recently Uganda was dependent upon a single overland link to Kenya via Uganda Electricity Transmission Company Limited (UETCL) power lines whereas today there are a number of options such as the Seacom cable fibre cable completed in 2015. During the 2010 FIFA World Cup Final a terrorist attack on the Kyandondo Rugby Club in Nakawa, Kampala brought all Internet Service Providers (ISP) in Uganda off-line as the rugby ground sits directly underneath the UETCL power lines bring Internet services from Kenya. This leaves Uganda at significant disadvantage regionally and to-date the technology industry has tended to converge at Mombassa and Nairobi as well as in Dar es Salaam, Tanzania. Recently however as the modern Internet services require Global Service Providers (GSP) to get closer to the end-user so they can avail of lower latency, higher bandwidth applications, the justification for serving all of South East Africa from data centres in Narobi, Mombassa, Dar es Salaam and even from South Africa is becoming less valid. In order to facilitate the deployment of locally hosted content and reduce the country's reliance on international cables, additional capacity was required at the country's primary local interconnection point, the Uganda Internet Exchange Point (UIXP). UIXP is currently developing its infrastructure to support a larger membership encompassing growing demand from both ISPs and Application Service Providers (ASP). This paper serves to outline the developments that are being put in place to take UIXP from a local Internet eXchange Point (IXP) supporting local ISPs and e-government services to the next level where it is in a position to support GSP Content Delivery Networks (CDN) and therefore pave the way for the next phase of development of the Internet in Uganda.

Telecommunications along with cloud computing are in the process of a transformation towards a Cloud Integrated Network (CIN)[1] triggered by an elastic network in the form of two disruptive technologies Software Defined Networking (SDN) and Network Function Virtualisation (NFV). This project is considering how key infrastructure development at national level and changed Local SPs (LSP) network architectures and business models can deliver the CIN within the constraints of a developing country. A potential set of solutions will be developed through experimental simulations and system models to demonstrate how the CIN can be delivered by rural SPs in a developing nation. While the project is in its early stages, work at the Ugandan Internet eXchange Point (IXP) virtualising services, adding an Akamai Content Delivery Node (CDN) has demonstrated an increased demand and has necessitated a corresponding upgrade to core switches. An OpenStack orchestration laboratory has been built for experimentation with NFV orchestration and Virtual Infrastructure Manager (VIM) functions. A similar testbed will consider Open Source MANO (OSM) and the Open Network Automation Platform (ONAP) Projects. The project will develop potential architectures for the delivery of the CIN to the rural customers of LSPs as well as consider the need for eXchangelets in the future.

East Africa was the last major area of the world to gain access to the Inter-net when submarine fibre-optic cables landed at Mombasa, Kenya and Dares -Sa-laam, Tanzania in 2009. The region previously relied on satellite communications to individual Internet Service Providers (ISP). This presented a unique opportunity to acquire and document the thoughts of key business, political and technical leaders who were, and continue to be, an integral part of the development of the regional In-ternet ecosystem from 2009, via the SEACOM and TEAMS cables. This prompted a mixed methods political economy study of the Internet in East Africa to gain an understanding of why the regional Internet infrastructure developed as it did, a vision of the future direction of the regional Internet, a view of the disruptive potential of new networking technologies such as Software Defined Networking (SDN) and Network Functions Virtualisation (NFV) as well as the growth of the Internet's multinational online companies that now dominate the Internet. The study concludes that the landing of the submarine fibre-optic cables was the catalyst for improvements that drove the development of regional infrastructure leading to rapidly improving Inter-net services such as streaming video, facilitated by investment in ISP and Internet eXchange Points (IXP), improvements through mobile phone generations and roll-outs across the region have facilitated citizen access. The study also shows that fibre will play an increasingly important role; however, wireless that will remain the key delivery Internet platform over the next decade.

An Internet eXchange Point (IXP) is a network facility that enables the interconnection of more than two independent Autonomous Systems (AS), primarily for the purpose of facilitating the exchange of Internet traffic. IXPs have been a key element of the Internet architecture and their importance as the ideal location for Content Delivery Networks (CDN) wishing to bring content closer to their customers has enhanced this position. IXPs have witnessed increased traffic levels as a result of delivering video from these CDNs. IXPs operate; as independent regional IXPs, as interlinked IXPs using commercial links or as interlinked IXPs using owned links. In developing countries it is clear that the development of IXPs in regions cannot be commercially justified as in similar population centres across developed countries. This leaves the developing country citizens from regional areas at a disadvantage in terms of future Internet services. This paper presents a model to create a distributed IXP (dIXP) with mini IXPs (mIXP) in regional cities and towns. The mIXP is managed centrally, removing the regional skill-set issue as a barrier to implementation.

Telecommunications along with cloud computing are in the process of a transformation towards a Cloud Integrated Network (CIN)[1] triggered by an elastic network in the form of two disruptive technologies Software Defined Networking (SDN) and Network Function Virtualisation (NFV). This project is considering how key infrastructure development at national level and changed Local SPs (LSP) network architectures and business models can deliver the CIN within the constraints of a developing country. A potential set of solutions will be developed through experimental simulations and system models to demonstrate how the CIN can be delivered by rural SPs in a developing nation. While the project is in its early stages, work at the Ugandan Internet eXchange Point (IXP) virtualising services, adding an Akamai Content Delivery Node (CDN) has demonstrated an increased demand and has necessitated a corresponding upgrade the core switches. An OpenStack orchestration laboratory has been built for experimentation with NFV orchestration and Virtual Infrastructure Manager (VIM) functions. A similar testbed will consider Open Source MANO (OSM) and the Open Network Automation Platform (ONAP) Projects. The project will develop potential architectures for the delivery of the CIN to the rural customers of LSPs as well as consider the need for eXchangelets in the future.

The delivery of Voice, Video and Data has transformed with the migration from single government controlled state or semi-state companies to sets of independent telecommunication ‘Carriers’ delivering competing products to the market. This has resulted in a delivery and technology revolution behind the scenes, which the consumer did not see.

In this white paper the author looks at the evolution and revolution that is the migration of residential Internet access from the slow speed dial-up modem to the various midband and broadband technologies supplying not just Internet access for web services but also voice and even television (TV) services. Additionally with the market changes due to the split of responsibility for the access and services to a model where different entities provide different portions of the overall solution from access and transport to services. The author explores the politics of the new Internet, how are the access providers managed so as not to control the content providers creating many separated internets.

The delivery of Voice, Video and Data has transformed in the last number of years with the migration from co-axial trunks to fibre delivery and major protocol shifts, in the background from Asynchronous Transfer Mode (ATM) to Internet Protocol (IP). Telephone/fax line at the customer residence changed to Integrated Services Digital Network (ISDN) then to Asynchronous Digital Subscriber Line (ADSL), which is changing to Gigabit Passive Optical Network (GPON) and Gigabit Ethernet Passive Optical Network (GEPON). During this migration a major group of consumers, particularly those living in rural areas have been left to rely on Wireless solutions to provide access to services. To meet with the speeds that urban networks receive Wireless Internet Services Providers (WISP) and Mobile Operators need imaginative solutions to deliver services.
While traditional carriers like Eircom have tended to leverage their existing telephone networks by offering ADSL, the limited range of this technology has left gaps in coverage. In Ireland, in particular the timing of the sale of Eircom has left the country with a patchy broadband deployment based on the new owner’s commercial interests. Community broadband schemes using Wireless Local Area Networks (WLAN) solutions evolved into a patchwork of Wireless Internet Service Providers (WISP) upon which the mobile operators have layered what can be accurately described 3G midband to close the difference.
In this white paper the author looks at the solutions used currently for wireless provision of Internet Access. He also discusses at Long Term Evolution (LTE) and Wireless MAX (WiMAX), two solutions vying to provide wireless broadband for the future.

The delivery of Voice, Video and Data has transformed with the migration from single government controlled state or semi-state companies to sets of independent telecommunication ‘Carriers’ delivering competing products to the market. This has resulted in a delivery and technology revolution behind the scenes, which the consumer did not see. These changes involved a shift from Co-axial trunks to fibre delivery and major protocol shifts, in the background from Asynchronous Transfer Mode (ATM) to Internet Protocol (IP). Telephone/fax line at the customer residence changed to Integrated Services Digital Network (ISDN) then to Asynchronous Digital Subscriber Line (ADSL), which in turn changed to Gigabit Passive Optical Network (GPON) and Gigabit Ethernet Passive Optical Network (GEPON). During this migration a major group of consumers, particularly those living in rural areas, were left to rely on Wireless solutions to provide access to services. To meet with the speeds that urban networks provided Wireless Internet Services Providers (WISP)s and Mobile operators needed imaginative solutions to deliver services. These were access changes that the consumer directly benefited from at home and at work. During this period of great change, many of the carriers were privatised and if not privatisation they now at least had to deal with competition in their market for the first time. This resulted in a changed focus from simply delivering simple switching and data services in a non-competitive environment to one where they have to compete not just on price but also on the quality and functionality of services.
On top of all this change and the pressures of competition authorities, the ubiquitous network model split into the Network Access Provider (NAP), the Network Service Provider (NSP) and the Application Service Provider (ASP). (Bouchat et al., 2003)i The consumer now had choice as to who and where they buy each part of what they want. The principle of Net Neutrality pushed this change further by separating the elements within the carrier, the delivery organisation for the network and the services delivered over it. This separation of elements within the carrier has driven innovation at each of these tiers while at the same time competition has driven prices down.
In this work, the author looks at the NAP, which has seen loss of control over the data and services, attached to their network access points, which pass to and from the consumer.  He designs and implements a mechanism to measure and analyse the traffic streams at the intersection point between the NAP and the NSP. From the data collected and analysed, he proposes a set of models for the typical traffic patterns that the NAP can expect. From these models the entrant NAP can design their network and avoid the typical pitfalls of design and development that can occur when creating a network. Those pitfalls can result in the network; being unable to meet customer needs, being over engineered and being excessively expensive.

Networking and telecommunications have been spared the major changes that have occurred in computing over the last decade. Speeds have increased and the convergence with Information Technology (IT) has continued. The speed of this convergence is about to increase dramatically. The IT world went through massive change with the introduction of cloud computing, driven by developments in virtualisation. The benefits of the transformation in IT will come to networking and telecommunications in the form of Software Defined Networking (SDN) and Network Functions Virtualisation (NFV). They can be realised in the data centre today and in the customer premises in the near future with the roll-out of high speed ubiquitous broadband.
SDN is the extraction of the control functions from networking equipment hardware leaving the hardware with only data plane functions, a separation of the control and data forwarding functions. The control plane functions are migrated as software functions to be ran on standard industry hardware or more often than not on server instances located on virtualised cloud platforms.
NFV is a separate but complementary technology that replaces existing functions typically found on specialised hardware with virtualised versions of the same function. These NFVs can be delivered on a virtual Customer Premises Equipment (vCPE) devices that will provide virtualisation locally for the provision of NFVs and/or in concert with cloud based functions at the data centre.     
The changes in the networking landscape promised over the next few years by SDN and NFV are very exciting. I consider it to be akin to the changes that virtualisation brought to the data centre and the subsequent explosion of cloud computing over the last 5 years or so, yet I remember virtualising many Microsoft Windows flavours simultaneously on VMware on my GNU/Linux desktop to support modems in the 1990s. Therefore it is safe to assume that these developments in SDN and NFV will lead to an explosion of Network Virtualisation outside it's the current sweet spot in the data centre today.
It is also becoming clear that the current situation where the skill-sets of the software developer and the network engineer which today is quite different will tend to converge and the network engineer will need to adapt to a world where the command line configuration is replaced or at the very least complemented by a greater reliance on programming and scripting skills.

Software has become a strategic societal resource in the last few decades. The emergence of Free Software, which has entered in major sectors of the Information ICT market, is drastically changing the economics of software development and usage. Free Software – sometimes also referred to as “Open Source” or “Libre Software” – can be used, studied, copied, modified and distributed freely. It offers the freedom to learn and to teach without engaging in dependencies on any single technology provider. These freedoms are considered a fundamental precondition for sustainable development and an inclusive information society.
Although there is a growing interest in free technologies (including Free Software and Open Standards), still a limited number of people have sufficient knowledge and expertise in these fields. The FTA attempts to respond to this demand.