Chartered Engineer (CEng) with 30 years of experience in the sector. Experienced Telecommunication and Information Security Executive, Consulting and Professional Services Visionary. Information Systems Security Professional. Address: Department of Academic Apprenticeship Room 002A Coonagh Campus Technological University of the Shannon Ennis Road Limerick V94 EC5T
The evolving landscape of cybersecurity threats to Industrial Control Systems (ICS) necessitates ... more The evolving landscape of cybersecurity threats to Industrial Control Systems (ICS) necessitates a deep understanding of potential attack methodologies and their implications. Building upon the previous introduction of the Virtualised Industrial Control Systems Open-source Research Testbed (VIC-SORT), this paper expands on that work to explore cybersecurity threats within ICS settings, which emulate real-world ICS cyberattack scenarios. This paper outlines the specific techniques and strategies employed in the simulation of attacks on ICS, leveraging VIC-SORT's simulation capabilities. Central to this approach is the application of the ICS Cyber Kill Chain framework, which guides the exploration of various attack strategies. The approach detailed herein is not only instrumental in exposing the possible fragility of ICS configured in a similar manner to VICSORT, to a range of cyber threats, but also sets the groundwork for future explorations into effective defence mechanisms. The insights gained from these simulations are pivotal for cybersecurity practitioners and learners, offering a practical and resource-efficient means to gain hands-on experience. The comprehensive approach outlined in this paper contributes significantly to the field of ICS cybersecurity, bridging the gap between theoretical knowledge and practical application, and paving the way for the development of robust defence strategies in subsequent works. The experience and findings gained through VICSORT underscore the urgent need for robust security strategies in safeguarding critical infrastructure.
yberattack matrices, such as the MITRE Adver- sarial Tactics, Techniques, and Common Knowledge (A... more yberattack matrices, such as the MITRE Adver- sarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework, play a pivotal role in both understanding and de- fending against complex cybersecurity threats. These frameworks offer a structured and comprehensive catalog of known adversary behaviours and techniques. This paper extends the insights from ”Simulating Advanced Cyberattacks in Industrial Control Systems – The VICSORT Approach” by aligning the demonstrated attack techniques with the MITRE ATT&CK frameworks for both Enterprise and Industrial Control Systems (ICS). The objective is to categorically map where these techniques intersect with the Tactics, Techniques, and Procedures (TTP) outlined in the MITRE framework, highlighting synergies and distinctions between cybersecurity threats in Enterprise Information Technology (IT) and ICS environments. Highlighting the synergies and distinctions between IT and Operational Technology (OT) in cybersecurity is crucial because it helps in understanding the unique threats, vulnerabilities, and security practices applicable to each domain. Through a comprehensive comparison, this paper aims to illuminate the extent to which the simulated cyberattack method- ologies are represented within both frameworks, thereby offering a dual perspective on the cybersecurity landscape. This detailed examination of the MITRE ATT&CK framework against a simulated cyber attack scenario not only reinforces the relevance of the cybersecurity testbeds such as the Virtualised ICS Open-source Research Testbed (VICSORT) in the broader context of recognised cybersecurity models but also underscores the criticality of adopting a unified view of threat intelligence that bridges the gap between IT and OT security paradigms. The findings seek to contribute towards demonstrating the relevance of the MITRE ATT&CK framework in understanding cyberattack methodology. They also contribute towards the ongoing discourse in cybersecurity, particularly in enhancing cross-domain understanding and developing integrated defensive strategies against the sophisticated cyber threats of today and tomorrow.
Programmable Logic Controller plays a pivotal role in the operation of Industrial Control Systems... more Programmable Logic Controller plays a pivotal role in the operation of Industrial Control Systems, which are widely used to monitor and control critical infrastructure and manufacturing processes. However, the rise of Industry 4.0, coupled with the increasing sophistication of cyber threats poses a significant risk to the security of PLC. This study implements a wide range of attacks on a PLC, including Code Injection, Man in the Middle, and a Denial-of-Service attack. The study further scrutinizes the impact of these attacks on the performance of the PLC with a view to developing effective security measures to mitigate cyber risks in Operational Technology systems. The study employs throughput and round trip time as the key metrics to evaluate PLC performance under normal conditions and during cyberattacks. The results indicate a significant degradation in the PLC performance metrics during the attacks, with DoS having the highest impact followed by Man in the Middle attack. These results highlight the need for robust cybersecurity measures to secure PLC from potential cyber threats.
Cyberattacks on Industrial Control and Automation Systems (ICAS) have significantly increased in ... more Cyberattacks on Industrial Control and Automation Systems (ICAS) have significantly increased in recent years due to IT and OT convergence. Traditionally, ICAS were isolated systems running proprietary protocols on specialised software and hardware. However, to improve business processes and efficiency, ICAS vendors are adopting smart technologies such as Industrial Internet of Things (IIOT), Machine to Machine (M2M), Digital Twin, cloud computing, and Artificial Intelligence (AI). This integration presents new vulnerabilities in ICAS that can be exploited by threat actors. ICAS are utilised in critical infrastructure and widely used in power, nuclear plant, water, oil, natural gas, and manufacturing industries. Therefore, cyberattacks on these systems can pose a significant threat to humans and the environment, disrupt social services, cause financial losses, and threaten national security. Because of these threats, numerous mitigation measures are being implemented to protect ICAS from cyberattacks. However, security experience and expertise have demonstrated that we can never fully protect a system and one should never propose that their solution will fully protect. Rather one can claim that their solution / mitigation technique adds a layer to the defence in depth approach. This paper discusses the different cybersecurity standards and frameworks for ICAS, investigates the existing threats and vulnerabilities, and methods of securing
Industrial Control Systems (ICS) are at the forefront of most, if not all the critical infrastruc... more Industrial Control Systems (ICS) are at the forefront of most, if not all the critical infrastructure and critical service delivery. ICS underpin modern manufacturing and utility processes and greatly contribute to our day-today livelihoods. However, there has been a significant increase in the number and complexity of cyberthreats specifically targetted at ICS, facilitated by increased connectivity in an effort to improve production efficiency. Furthermore, the barriers of entry to ICS cybersecurity are still high given the limited skills base, expensive and proprietary hardware and software as well as the inherent dangers of manipulating real physical processes. This greatly inhibits the practical application of cybersecurity tools in ICS environments and therefore the opportunity for practitioners to gain valuable ICS cybersecurity experience. ICS Testbeds are often either expensive and are not necessarily holistic enough to provide learners with the complete breadth of ICS. This paper introduces VICSORT, a open-source virtualised ICS testbed that provides a platform for ICS cybersecurity learners and practitioners to interface with an ICS environment that closely emulates a real-world ICS, as well as explore and practice techniques for attack and consequently defence of an ICS. VICSORT builds upon the Graphical Realism Framework for Industrial Control Systems (GRFICS) to offer an easier to deploy environment with greater flexibility, whilst requiring significantly less resources all reducing the cost to the learner.
Industrial Control Systems (ICS) are responsible for the control of several processes in various ... more Industrial Control Systems (ICS) are responsible for the control of several processes in various critical infrastructure deployments ranging from energy, power and water utilities, to manufacturing sectors such as pharmaceutical precision engineering. They ensure the smooth, safe running and High Availability of these critical infrastructure and manufacturing processes. ICS cybersecurity is of increasing concern and this is evidenced by the mounting examples of cyber threats and attacks on ICS infrastructure that are referenced both within the technical community and the public media. The barriers of entry to ICS cybersecurity are still high given the limited skills base, expensive and proprietary hardware and software, as well as the inherent dangers of manipulating real physical processes. This greatly inhibits the practical application of cybersecurity tools in ICS environments and therefore the opportunity for practitioners to gain valuable experience. Furthermore, historical ICS testbeds have not delivered a practical application of accessing and improving ICS security posture as poisited in known ICS industry standards. This project seeks to build a comprehensive opensource virtualised ICS testbed to demonstrate typical cybersecurity weaknesses in an ICS environment as well as suitable remediation strategies. This testbed shall simulate real world industrial systems as closely as possible without replicating an entire plant. This research will identify a suitable ICS testbed to visualise the stages of an ICS cyber attack with reference to the ICS cyber kill chain proposed by the SysAdmin, Audit, Network and Security Institute. With the selected ICS testbed as a reference, this project shall also demonstrate an ICS cybersecurity evaluation based on the US National Institute of Standards and Technology cybersecurity framework, detailing how defenders can identify vulnerable components in the ICS, identify potential threat vectors within the environment and develop suitable mitigations to improve the organisations overall security posture. This project contributes to growing ICS cybersecurity skills to better protect industrial processes and critical infrastructure.
Abstract In 2009, fibre-optic cables landed on the East coast of Africa, the last major area of t... more Abstract In 2009, fibre-optic cables landed on the East coast of Africa, the last major area of the world to be connected to the Internet triggering a decade of Internet development ( Graham et al., 2015 ). During the same period, there has been a general transformation of the Internet from static content to video streaming. Technologies such as Software Defined Networking (SDN) and Network Functions Virtualisation (NFV) are about to reshape the Internet once again. Globally Internet eXchange Points (IXP) have been a key node on the Internet and a central location for Content Delivery Networks (CDN), though in East Africa they have generally been confined to large cities. There is an understanding that if technology hubs are to develop in other cities, the Internet ecosystem, including IXPs, must extend outwards. This research uses a Proof of Concept (PoC) system design methodology to investigate solutions that containerise IXP functions and develops affordable models for IXPs of various sizes and configurations based on both traditional and software-defined switching paradigms as well as automate the IXP build function. The research argues that it is necessary to develop a national IXP ecosystem by supplementing the national IXP with local IXPs to support economic development outside of the major economic cities of the region. The technology solutions must be used in conjunction with research on the political economy landscape plus optimum deployment to ensure success. This research demonstrates that systems can be designed which are achievable and affordable by exploiting the most suitable model and switching technology for each site. It also determines that software-defined models offer the potential for application development across the IXP. This research concludes that with a combination of function containerisation and astute model selection it is possible to build an affordable set of IXPs to support multiple technology hubs across a national Internet ecosystem. Proposed systems are discussed in the context of East Africa and testbed results discussed in relation to the optimum system design which can be deployed in any IXP setting.
2021 32nd Irish Signals and Systems Conference (ISSC), 2021
Industrial Control Systems (ICS) are responsible for the control of several processes in various ... more Industrial Control Systems (ICS) are responsible for the control of several processes in various critical infrastructure deployments ranging from energy, power and water utilities, to manufacturing sectors such as pharmaceutical precision engineering. They ensure the smooth, safe running and High Availability of these critical infrastructure and manufacturing processes. ICS cybersecurity is of increasing concern and this is evidenced by the mounting examples of cyber threats and attacks on ICS infrastructure that are referenced both within the technical community and the public media. The barriers of entry to ICS cybersecurity are still high given the limited skills base, expensive and proprietary hardware and software, as well as the inherent dangers of manipulating real physical processes. This greatly inhibits the practical application of cybersecurity tools in ICS environments and therefore the opportunity for practitioners to gain valuable experience. Furthermore, historical ICS testbeds have not delivered a practical application of accessing and improving ICS security posture as poisited in known ICS industry standards. This project seeks to build a comprehensive opensource virtualised ICS testbed to demonstrate typical cybersecurity weaknesses in an ICS environment as well as suitable remediation strategies. This testbed shall simulate real world industrial systems as closely as possible without replicating an entire plant. This research will identify a suitable ICS testbed to visualise the stages of an ICS cyber attack with reference to the ICS cyber kill chain proposed by the SysAdmin, Audit, Network and Security Institute. With the selected ICS testbed as a reference, this project shall also demonstrate an ICS cybersecurity evaluation based on the US National Institute of Standards and Technology cybersecurity framework, detailing how defenders can identify vulnerable components in the ICS, identify potential threat vectors within the environment and develop suitable mitigations to improve the organisations overall security posture. This project contributes to growing ICS cybersecurity skills to better protect industrial processes and critical infrastructure.
Networking and telecommunications have been spared the major changes that have occurred in comput... more Networking and telecommunications have been spared the major changes that have occurred in computing over the last decade. Speeds have increased and the convergence with Information Technology (IT) has continued. The speed of this convergence is about to increase dramatically. The IT world went through massive change with the introduction of cloud computing, driven by developments in virtualisation. The benefits of the transformation in IT will come to networking and telecommunications in the form of Software Defined Networking (SDN) and Network Function Virtualisation (NFV). They can be realised in the data centre today and in the customer premises in the near future with the roll-out of high speed ubiquitous broadband. SDN is the extraction of the control functions from networking equipment hardware. This leaves the hardware with only data plane functionality. Therefore SDN is a separation of the control and data forwarding functions within the network. The control plane functions are migrated as software functions to be ran on standard industry hardware or more often than not on server instances located on virtualised cloud platforms. NFV is a separate but complementary technology that replaces existing functions typically found on specialised hardware with virtualised versions of the same function. These NFVs can be delivered on a virtual Customer Premises Equipment (vCPE) devices that will provide virtualisation locally for the provision of NFVs and/or in concert with cloud based functions at the data centre. The changes in the networking landscape promised over the next few years by SDN and NFV are very exciting. It can be considered akin to the changes that virtualisation brought to the data centre and the subsequent explosion of cloud computing over the last 5 years or so that had its origins in the late 1990s. It is safe to assume that these developments in SDN and NFV will lead to an explosion of Network Virtualisation outside of it's the current sweet spot within the data centre where SDN exists today. It is also becoming clear that the current situation where the skill-sets of the software developer and the network engineer, which today are quite different will tend to converge and the network engineer will need to adapt to a world where the command line configuration is replaced or at the very least complemented by a greater reliance on programming and scripting skills. This revolution in networking will create the appearance of infinite capacity to the user and permit the expansion of the current scientific, informatics and engineering boundaries to create a Cloud Integrated Network (CIN). The CIN, the rise of Internet-connected machines and devices that are the Internet of Things (IoT) as well as AuGmented Intelligence (AuGI) will come together in the future to create the perfect storm that will transform human existence in a third industrial revolution (Weldon, 2015).
2017 28th Irish Signals and Systems Conference (ISSC)
Uganda is a land locked country in South East Africa. It is separated from the Indian ocean by Ke... more Uganda is a land locked country in South East Africa. It is separated from the Indian ocean by Kenya to the east and Tanzania to the south. It is separated from South Atlantic by the Democratic Republic of the Congo to the west. Uganda's connection to the Internet is overland to Mombasa, Kenya where the Seacom cable installed in 2009 connected Mombasa to Europe with a capacity of 640 Gb/s and the World Bank funded Eastern Africa Submarine Cable System (EASSy) undersea fibre optic cable connects Eastern Africa to South Africa and Europe with a capacity of 1.4 Tb/s. [1]. Additionally until recently Uganda was dependent upon a single overland link to Kenya via Uganda Electricity Transmission Company Limited (UETCL) power lines whereas today there are a number of options such as the Seacom cable fibre cable completed in 2015. During the 2010 FIFA World Cup Final a terrorist attack on the Kyandondo Rugby Club in Nakawa, Kampala brought all Internet Service Providers (ISP) in Uganda off-line as the rugby ground sits directly underneath the UETCL power lines bring Internet services from Kenya. This leaves Uganda at significant disadvantage regionally and to-date the technology industry has tended to converge at Mombassa and Nairobi as well as in Dar es Salaam, Tanzania. Recently however as the modern Internet services require Global Service Providers (GSP) to get closer to the end-user so they can avail of lower latency, higher bandwidth applications, the justification for serving all of South East Africa from data centres in Narobi, Mombassa, Dar es Salaam and even from South Africa is becoming less valid. In order to facilitate the deployment of locally hosted content and reduce the country's reliance on international cables, additional capacity was required at the country's primary local interconnection point, the Uganda Internet Exchange Point (UIXP). UIXP is currently developing its infrastructure to support a larger membership encompassing growing demand from both ISPs and Application Service Providers (ASP). This paper serves to outline the developments that are being put in place to take UIXP from a local Internet eXchange Point (IXP) supporting local ISPs and e-government services to the next level where it is in a position to support GSP Content Delivery Networks (CDN) and therefore pave the way for the next phase of development of the Internet in Uganda.
East Africa was the last major area of the world to gain access to the Internet when submarine fi... more East Africa was the last major area of the world to gain access to the Internet when submarine fibre-optic cables landed at Mombasa, Kenya and Dar-es-Salaam, Tanzania in 2009. The region previously relied on satellite communications to individual Internet Service Providers (ISP). This presented a unique opportunity to acquire and document the thoughts of key business, political and technical leaders who were, and continue to be, an integral part of the development of the regional Internet ecosystem from 2009, via the SEACOM and TEAMS cables. This prompted a mixed methods political economy study of the Internet in East Africa to gain an understanding of why the regional Internet infrastructure developed as it did, a vision of the future direction of the regional Internet, a view of the disruptive potential of new networking technologies such as Software Defined Networking (SDN) and Network Functions Virtualisation (NFV) as well as the growth of the Internet's multinational online...
An Internet eXchange Point (IXP) is a network facility that enables the interconnection of more t... more An Internet eXchange Point (IXP) is a network facility that enables the interconnection of more than two independent Autonomous Systems (AS), primarily for the purpose of facilitating the exchange of Internet traffic. IXPs have been a key element of the Internet architecture and their importance as the ideal location for Content Delivery Networks (CDN) wishing to bring content closer to their customers has enhanced this position. IXPs have witnessed increased traffic levels as a result of delivering video from these CDNs. IXPs operate; as independent regional IXPs, as interlinked IXPs using commercial links or as interlinked IXPs using owned links. In developing countries it is clear that the development of IXPs in regions cannot be commercially justified as in similar population centres across developed countries. This leaves the developing country citizens from regional areas at a disadvantage in terms of future Internet services. This paper presents a model to create a distribute...
Abstract In 2009, fibre-optic cables landed on the East coast of Africa, the last major area of t... more Abstract In 2009, fibre-optic cables landed on the East coast of Africa, the last major area of the world to be connected to the Internet triggering a decade of Internet development ( Graham et al., 2015 ). During the same period, there has been a general transformation of the Internet from static content to video streaming. Technologies such as Software Defined Networking (SDN) and Network Functions Virtualisation (NFV) are about to reshape the Internet once again. Globally Internet eXchange Points (IXP) have been a key node on the Internet and a central location for Content Delivery Networks (CDN), though in East Africa they have generally been confined to large cities. There is an understanding that if technology hubs are to develop in other cities, the Internet ecosystem, including IXPs, must extend outwards. This research uses a Proof of Concept (PoC) system design methodology to investigate solutions that containerise IXP functions and develops affordable models for IXPs of various sizes and configurations based on both traditional and software-defined switching paradigms as well as automate the IXP build function. The research argues that it is necessary to develop a national IXP ecosystem by supplementing the national IXP with local IXPs to support economic development outside of the major economic cities of the region. The technology solutions must be used in conjunction with research on the political economy landscape plus optimum deployment to ensure success. This research demonstrates that systems can be designed which are achievable and affordable by exploiting the most suitable model and switching technology for each site. It also determines that software-defined models offer the potential for application development across the IXP. This research concludes that with a combination of function containerisation and astute model selection it is possible to build an affordable set of IXPs to support multiple technology hubs across a national Internet ecosystem. Proposed systems are discussed in the context of East Africa and testbed results discussed in relation to the optimum system design which can be deployed in any IXP setting.
Telecommunications along with cloud computing are in the process of a transformation towards a Cl... more Telecommunications along with cloud computing are in the process of a transformation towards a Cloud Integrated Network (CIN)[1] triggered by an elastic network in the form of two disruptive technologies Software Defined Networking (SDN) and Network Function Virtualisation (NFV). This project is considering how key infrastructure development at national level and changed Local SPs (LSP) network architectures and business models can deliver the CIN within the constraints of a developing country. A potential set of solutions will be developed through experimental simulations and system models to demonstrate how the CIN can be delivered by rural SPs in a developing nation. While the project is in its early stages, work at the Ugandan Internet eXchange Point (IXP) virtualising services, adding an Akamai Content Delivery Node (CDN) has demonstrated an increased demand and has necessitated a corresponding upgrade to core switches. An OpenStack orchestration laboratory has been built for experimentation with NFV orchestration and Virtual Infrastructure Manager (VIM) functions. A similar testbed will consider Open Source MANO (OSM) and the Open Network Automation Platform (ONAP) Projects. The project will develop potential architectures for the delivery of the CIN to the rural customers of LSPs as well as consider the need for eXchangelets in the future.
In 2009, fibre-optic cables landed on the East coast of Africa, the last major area of the world ... more In 2009, fibre-optic cables landed on the East coast of Africa, the last major area of the world to be connected to the Internet triggering a decade of Internet development ( Graham et al., 2015 ). During the same period, there has been a general transformation of the Internet from static content to video streaming. Technologies such as Software Defined Networking (SDN) and Network Functions Virtualisation (NFV) are about to reshape the Internet once again. Globally Internet eXchange Points (IXP) have been a key node on the Internet and a central location for Content Delivery Networks (CDN), though in East Africa they have generally been confined to large cities. There is an understanding that if technology hubs are to develop in other cities, the Internet ecosystem, including IXPs, must extend outwards. This research uses a Proof of Concept (PoC) system design methodology to investigate solutions that containerise IXP functions and develops affordable models for IXPs of various siz...
East African Journal of Science, Technology and Innovation, 2020
East Africa was the last major area of the world to gain access to the Inter-net when submarine f... more East Africa was the last major area of the world to gain access to the Inter-net when submarine fibre-optic cables landed at Mombasa, Kenya and Dares -Sa-laam, Tanzania in 2009. The region previously relied on satellite communications to individual Internet Service Providers (ISP). This presented a unique opportunity to acquire and document the thoughts of key business, political and technical leaders who were, and continue to be, an integral part of the development of the regional In-ternet ecosystem from 2009, via the SEACOM and TEAMS cables. This prompted a mixed methods political economy study of the Internet in East Africa to gain an understanding of why the regional Internet infrastructure developed as it did, a vision of the future direction of the regional Internet, a view of the disruptive potential of new networking technologies such as Software Defined Networking (SDN) and Network Functions Virtualisation (NFV) as well as the growth of the Internet's multinational online companies that now dominate the Internet. The study concludes that the landing of the submarine fibre-optic cables was the catalyst for improvements that drove the development of regional infrastructure leading to rapidly improving Inter-net services such as streaming video, facilitated by investment in ISP and Internet eXchange Points (IXP), improvements through mobile phone generations and roll-outs across the region have facilitated citizen access. The study also shows that fibre will play an increasingly important role; however, wireless that will remain the key delivery Internet platform over the next decade.
In 2009, fibre-optic cables landed on the East coast of Africa, the last major area of the world ... more In 2009, fibre-optic cables landed on the East coast of Africa, the last major area of the world to be connected to the Internet triggering a decade of Internet development [1]. During the same period, there has been a general transformation of the Internet from static content to video streaming. Technologies such as Software Defined Networking (SDN) and Network Functions Virtuali-sation (NFV) are about to reshape the Internet once again. Globally Internet eXchange Points (IXP) have been a key node on the Internet and a central location for Content Delivery Networks (CDN), though in East Africa they have generally been confined to large cities. There is an understanding that if technology hubs are to develop in other cities, the Internet ecosystem, including IXPs, must extend outwards. This research uses a Proof of Concept (PoC) system design methodology to investigate solutions that containerise IXP functions and develops affordable models for IXPs of various sizes and configurations based on both traditional and software-defined switching paradigms as well as automate the IXP build function. The research argues that it is necessary to develop a national IXP ecosystem by supplementing the national IXP with local IXPs to support economic development outside of the major economic cities of the region. The technology solutions must be used in conjunction with research on the political economy landscape plus optimum deployment to ensure success. This research demonstrates that systems can be designed which are achievable and affordable by exploiting the most suitable model and switching technology for each site. It also determines that software-defined models offer the potential for application development across the IXP. This research concludes that with a combination of function containerisation and astute model selection it is possible to build an affordable set of IXPs to support multiple technology hubs across a national Internet ecosystem. Proposed systems are discussed in the context of East Africa and testbed results discussed in relation to the optimum system design which can be deployed in any IXP setting.
An Internet eXchange Point (IXP) is a network facility that enables the interconnection of more t... more An Internet eXchange Point (IXP) is a network facility that enables the interconnection of more than two independent Autonomous Systems (AS), primarily for the purpose of facilitating the exchange of Internet traffic. IXPs have been a key element of the Internet architecture and their importance as the ideal location for Content Delivery Networks (CDN) wishing to bring content closer to their customers has enhanced this position. IXPs have witnessed increased traffic levels as a result of delivering video from these CDNs. IXPs operate; as independent regional IXPs, as interlinked IXPs using commercial links or as interlinked IXPs using owned links. In developing countries it is clear that the development of IXPs in regions cannot be commercially justified as in similar population centres across developed countries. This leaves the developing country citizens from regional areas at a disadvantage in terms of future Internet services. This paper presents a model to create a distributed IXP (dIXP) with mini IXPs (mIXP) in regional cities and towns. The mIXP is managed centrally, removing the regional skill-set issue as a barrier to implementation.
28th Irish Signals and Systems Conference (ISSC), 2017
Uganda is a land locked country in South East
Africa. It is separated from the Indian ocean by Ke... more Uganda is a land locked country in South East Africa. It is separated from the Indian ocean by Kenya to the east and Tanzania to the south. It is separated from South Atlantic by the Democratic Republic of the Congo to the west. Uganda’s connection to the Internet is overland to Mombasa, Kenya where the Seacom cable installed in 2009 connected Mombasa to Europe with a capacity of 640 Gb/s and the World Bank funded Eastern Africa Submarine Cable System (EASSy) undersea fibre optic cable connects Eastern Africa to South Africa and Europe with a capacity of 1.4 Tb/s. [1]. Additionally until recently Uganda was dependent upon a single overland link to Kenya via Uganda Electricity Transmission Company Limited (UETCL) power lines whereas today there are a number of options such as the Seacom cable fibre cable completed in 2015. During the 2010 FIFA World Cup Final a terrorist attack on the Kyandondo Rugby Club in Nakawa, Kampala brought all Internet Service Providers (ISP) in Uganda off-line as the rugby ground sits directly underneath the UETCL power lines bring Internet services from Kenya. This leaves Uganda at significant disadvantage regionally and to-date the technology industry has tended to converge at Mombassa and Nairobi as well as in Dar es Salaam, Tanzania. Recently however as the modern Internet services require Global Service Providers (GSP) to get closer to the end-user so they can avail of lower latency, higher bandwidth applications, the justification for serving all of South East Africa from data centres in Narobi, Mombassa, Dar es Salaam and even from South Africa is becoming less valid. In order to facilitate the deployment of locally hosted content and reduce the country’s reliance on international cables, additional capacity was required at the country’s primary local interconnection point, the Uganda Internet Exchange Point (UIXP). UIXP is currently developing its infrastructure to support a larger membership encompassing growing demand from both ISPs and Application Service Providers (ASP). This paper serves to outline the developments that are being put in place to take UIXP from a local Internet eXchange Point (IXP) supporting local ISPs and e-government services to the next level where it is in a position to support GSP Content Delivery Networks (CDN) and therefore pave the way for the next phase of development of the Internet in Uganda.
The evolving landscape of cybersecurity threats to Industrial Control Systems (ICS) necessitates ... more The evolving landscape of cybersecurity threats to Industrial Control Systems (ICS) necessitates a deep understanding of potential attack methodologies and their implications. Building upon the previous introduction of the Virtualised Industrial Control Systems Open-source Research Testbed (VIC-SORT), this paper expands on that work to explore cybersecurity threats within ICS settings, which emulate real-world ICS cyberattack scenarios. This paper outlines the specific techniques and strategies employed in the simulation of attacks on ICS, leveraging VIC-SORT's simulation capabilities. Central to this approach is the application of the ICS Cyber Kill Chain framework, which guides the exploration of various attack strategies. The approach detailed herein is not only instrumental in exposing the possible fragility of ICS configured in a similar manner to VICSORT, to a range of cyber threats, but also sets the groundwork for future explorations into effective defence mechanisms. The insights gained from these simulations are pivotal for cybersecurity practitioners and learners, offering a practical and resource-efficient means to gain hands-on experience. The comprehensive approach outlined in this paper contributes significantly to the field of ICS cybersecurity, bridging the gap between theoretical knowledge and practical application, and paving the way for the development of robust defence strategies in subsequent works. The experience and findings gained through VICSORT underscore the urgent need for robust security strategies in safeguarding critical infrastructure.
yberattack matrices, such as the MITRE Adver- sarial Tactics, Techniques, and Common Knowledge (A... more yberattack matrices, such as the MITRE Adver- sarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework, play a pivotal role in both understanding and de- fending against complex cybersecurity threats. These frameworks offer a structured and comprehensive catalog of known adversary behaviours and techniques. This paper extends the insights from ”Simulating Advanced Cyberattacks in Industrial Control Systems – The VICSORT Approach” by aligning the demonstrated attack techniques with the MITRE ATT&CK frameworks for both Enterprise and Industrial Control Systems (ICS). The objective is to categorically map where these techniques intersect with the Tactics, Techniques, and Procedures (TTP) outlined in the MITRE framework, highlighting synergies and distinctions between cybersecurity threats in Enterprise Information Technology (IT) and ICS environments. Highlighting the synergies and distinctions between IT and Operational Technology (OT) in cybersecurity is crucial because it helps in understanding the unique threats, vulnerabilities, and security practices applicable to each domain. Through a comprehensive comparison, this paper aims to illuminate the extent to which the simulated cyberattack method- ologies are represented within both frameworks, thereby offering a dual perspective on the cybersecurity landscape. This detailed examination of the MITRE ATT&CK framework against a simulated cyber attack scenario not only reinforces the relevance of the cybersecurity testbeds such as the Virtualised ICS Open-source Research Testbed (VICSORT) in the broader context of recognised cybersecurity models but also underscores the criticality of adopting a unified view of threat intelligence that bridges the gap between IT and OT security paradigms. The findings seek to contribute towards demonstrating the relevance of the MITRE ATT&CK framework in understanding cyberattack methodology. They also contribute towards the ongoing discourse in cybersecurity, particularly in enhancing cross-domain understanding and developing integrated defensive strategies against the sophisticated cyber threats of today and tomorrow.
Programmable Logic Controller plays a pivotal role in the operation of Industrial Control Systems... more Programmable Logic Controller plays a pivotal role in the operation of Industrial Control Systems, which are widely used to monitor and control critical infrastructure and manufacturing processes. However, the rise of Industry 4.0, coupled with the increasing sophistication of cyber threats poses a significant risk to the security of PLC. This study implements a wide range of attacks on a PLC, including Code Injection, Man in the Middle, and a Denial-of-Service attack. The study further scrutinizes the impact of these attacks on the performance of the PLC with a view to developing effective security measures to mitigate cyber risks in Operational Technology systems. The study employs throughput and round trip time as the key metrics to evaluate PLC performance under normal conditions and during cyberattacks. The results indicate a significant degradation in the PLC performance metrics during the attacks, with DoS having the highest impact followed by Man in the Middle attack. These results highlight the need for robust cybersecurity measures to secure PLC from potential cyber threats.
Cyberattacks on Industrial Control and Automation Systems (ICAS) have significantly increased in ... more Cyberattacks on Industrial Control and Automation Systems (ICAS) have significantly increased in recent years due to IT and OT convergence. Traditionally, ICAS were isolated systems running proprietary protocols on specialised software and hardware. However, to improve business processes and efficiency, ICAS vendors are adopting smart technologies such as Industrial Internet of Things (IIOT), Machine to Machine (M2M), Digital Twin, cloud computing, and Artificial Intelligence (AI). This integration presents new vulnerabilities in ICAS that can be exploited by threat actors. ICAS are utilised in critical infrastructure and widely used in power, nuclear plant, water, oil, natural gas, and manufacturing industries. Therefore, cyberattacks on these systems can pose a significant threat to humans and the environment, disrupt social services, cause financial losses, and threaten national security. Because of these threats, numerous mitigation measures are being implemented to protect ICAS from cyberattacks. However, security experience and expertise have demonstrated that we can never fully protect a system and one should never propose that their solution will fully protect. Rather one can claim that their solution / mitigation technique adds a layer to the defence in depth approach. This paper discusses the different cybersecurity standards and frameworks for ICAS, investigates the existing threats and vulnerabilities, and methods of securing
Industrial Control Systems (ICS) are at the forefront of most, if not all the critical infrastruc... more Industrial Control Systems (ICS) are at the forefront of most, if not all the critical infrastructure and critical service delivery. ICS underpin modern manufacturing and utility processes and greatly contribute to our day-today livelihoods. However, there has been a significant increase in the number and complexity of cyberthreats specifically targetted at ICS, facilitated by increased connectivity in an effort to improve production efficiency. Furthermore, the barriers of entry to ICS cybersecurity are still high given the limited skills base, expensive and proprietary hardware and software as well as the inherent dangers of manipulating real physical processes. This greatly inhibits the practical application of cybersecurity tools in ICS environments and therefore the opportunity for practitioners to gain valuable ICS cybersecurity experience. ICS Testbeds are often either expensive and are not necessarily holistic enough to provide learners with the complete breadth of ICS. This paper introduces VICSORT, a open-source virtualised ICS testbed that provides a platform for ICS cybersecurity learners and practitioners to interface with an ICS environment that closely emulates a real-world ICS, as well as explore and practice techniques for attack and consequently defence of an ICS. VICSORT builds upon the Graphical Realism Framework for Industrial Control Systems (GRFICS) to offer an easier to deploy environment with greater flexibility, whilst requiring significantly less resources all reducing the cost to the learner.
Industrial Control Systems (ICS) are responsible for the control of several processes in various ... more Industrial Control Systems (ICS) are responsible for the control of several processes in various critical infrastructure deployments ranging from energy, power and water utilities, to manufacturing sectors such as pharmaceutical precision engineering. They ensure the smooth, safe running and High Availability of these critical infrastructure and manufacturing processes. ICS cybersecurity is of increasing concern and this is evidenced by the mounting examples of cyber threats and attacks on ICS infrastructure that are referenced both within the technical community and the public media. The barriers of entry to ICS cybersecurity are still high given the limited skills base, expensive and proprietary hardware and software, as well as the inherent dangers of manipulating real physical processes. This greatly inhibits the practical application of cybersecurity tools in ICS environments and therefore the opportunity for practitioners to gain valuable experience. Furthermore, historical ICS testbeds have not delivered a practical application of accessing and improving ICS security posture as poisited in known ICS industry standards. This project seeks to build a comprehensive opensource virtualised ICS testbed to demonstrate typical cybersecurity weaknesses in an ICS environment as well as suitable remediation strategies. This testbed shall simulate real world industrial systems as closely as possible without replicating an entire plant. This research will identify a suitable ICS testbed to visualise the stages of an ICS cyber attack with reference to the ICS cyber kill chain proposed by the SysAdmin, Audit, Network and Security Institute. With the selected ICS testbed as a reference, this project shall also demonstrate an ICS cybersecurity evaluation based on the US National Institute of Standards and Technology cybersecurity framework, detailing how defenders can identify vulnerable components in the ICS, identify potential threat vectors within the environment and develop suitable mitigations to improve the organisations overall security posture. This project contributes to growing ICS cybersecurity skills to better protect industrial processes and critical infrastructure.
Abstract In 2009, fibre-optic cables landed on the East coast of Africa, the last major area of t... more Abstract In 2009, fibre-optic cables landed on the East coast of Africa, the last major area of the world to be connected to the Internet triggering a decade of Internet development ( Graham et al., 2015 ). During the same period, there has been a general transformation of the Internet from static content to video streaming. Technologies such as Software Defined Networking (SDN) and Network Functions Virtualisation (NFV) are about to reshape the Internet once again. Globally Internet eXchange Points (IXP) have been a key node on the Internet and a central location for Content Delivery Networks (CDN), though in East Africa they have generally been confined to large cities. There is an understanding that if technology hubs are to develop in other cities, the Internet ecosystem, including IXPs, must extend outwards. This research uses a Proof of Concept (PoC) system design methodology to investigate solutions that containerise IXP functions and develops affordable models for IXPs of various sizes and configurations based on both traditional and software-defined switching paradigms as well as automate the IXP build function. The research argues that it is necessary to develop a national IXP ecosystem by supplementing the national IXP with local IXPs to support economic development outside of the major economic cities of the region. The technology solutions must be used in conjunction with research on the political economy landscape plus optimum deployment to ensure success. This research demonstrates that systems can be designed which are achievable and affordable by exploiting the most suitable model and switching technology for each site. It also determines that software-defined models offer the potential for application development across the IXP. This research concludes that with a combination of function containerisation and astute model selection it is possible to build an affordable set of IXPs to support multiple technology hubs across a national Internet ecosystem. Proposed systems are discussed in the context of East Africa and testbed results discussed in relation to the optimum system design which can be deployed in any IXP setting.
2021 32nd Irish Signals and Systems Conference (ISSC), 2021
Industrial Control Systems (ICS) are responsible for the control of several processes in various ... more Industrial Control Systems (ICS) are responsible for the control of several processes in various critical infrastructure deployments ranging from energy, power and water utilities, to manufacturing sectors such as pharmaceutical precision engineering. They ensure the smooth, safe running and High Availability of these critical infrastructure and manufacturing processes. ICS cybersecurity is of increasing concern and this is evidenced by the mounting examples of cyber threats and attacks on ICS infrastructure that are referenced both within the technical community and the public media. The barriers of entry to ICS cybersecurity are still high given the limited skills base, expensive and proprietary hardware and software, as well as the inherent dangers of manipulating real physical processes. This greatly inhibits the practical application of cybersecurity tools in ICS environments and therefore the opportunity for practitioners to gain valuable experience. Furthermore, historical ICS testbeds have not delivered a practical application of accessing and improving ICS security posture as poisited in known ICS industry standards. This project seeks to build a comprehensive opensource virtualised ICS testbed to demonstrate typical cybersecurity weaknesses in an ICS environment as well as suitable remediation strategies. This testbed shall simulate real world industrial systems as closely as possible without replicating an entire plant. This research will identify a suitable ICS testbed to visualise the stages of an ICS cyber attack with reference to the ICS cyber kill chain proposed by the SysAdmin, Audit, Network and Security Institute. With the selected ICS testbed as a reference, this project shall also demonstrate an ICS cybersecurity evaluation based on the US National Institute of Standards and Technology cybersecurity framework, detailing how defenders can identify vulnerable components in the ICS, identify potential threat vectors within the environment and develop suitable mitigations to improve the organisations overall security posture. This project contributes to growing ICS cybersecurity skills to better protect industrial processes and critical infrastructure.
Networking and telecommunications have been spared the major changes that have occurred in comput... more Networking and telecommunications have been spared the major changes that have occurred in computing over the last decade. Speeds have increased and the convergence with Information Technology (IT) has continued. The speed of this convergence is about to increase dramatically. The IT world went through massive change with the introduction of cloud computing, driven by developments in virtualisation. The benefits of the transformation in IT will come to networking and telecommunications in the form of Software Defined Networking (SDN) and Network Function Virtualisation (NFV). They can be realised in the data centre today and in the customer premises in the near future with the roll-out of high speed ubiquitous broadband. SDN is the extraction of the control functions from networking equipment hardware. This leaves the hardware with only data plane functionality. Therefore SDN is a separation of the control and data forwarding functions within the network. The control plane functions are migrated as software functions to be ran on standard industry hardware or more often than not on server instances located on virtualised cloud platforms. NFV is a separate but complementary technology that replaces existing functions typically found on specialised hardware with virtualised versions of the same function. These NFVs can be delivered on a virtual Customer Premises Equipment (vCPE) devices that will provide virtualisation locally for the provision of NFVs and/or in concert with cloud based functions at the data centre. The changes in the networking landscape promised over the next few years by SDN and NFV are very exciting. It can be considered akin to the changes that virtualisation brought to the data centre and the subsequent explosion of cloud computing over the last 5 years or so that had its origins in the late 1990s. It is safe to assume that these developments in SDN and NFV will lead to an explosion of Network Virtualisation outside of it's the current sweet spot within the data centre where SDN exists today. It is also becoming clear that the current situation where the skill-sets of the software developer and the network engineer, which today are quite different will tend to converge and the network engineer will need to adapt to a world where the command line configuration is replaced or at the very least complemented by a greater reliance on programming and scripting skills. This revolution in networking will create the appearance of infinite capacity to the user and permit the expansion of the current scientific, informatics and engineering boundaries to create a Cloud Integrated Network (CIN). The CIN, the rise of Internet-connected machines and devices that are the Internet of Things (IoT) as well as AuGmented Intelligence (AuGI) will come together in the future to create the perfect storm that will transform human existence in a third industrial revolution (Weldon, 2015).
2017 28th Irish Signals and Systems Conference (ISSC)
Uganda is a land locked country in South East Africa. It is separated from the Indian ocean by Ke... more Uganda is a land locked country in South East Africa. It is separated from the Indian ocean by Kenya to the east and Tanzania to the south. It is separated from South Atlantic by the Democratic Republic of the Congo to the west. Uganda's connection to the Internet is overland to Mombasa, Kenya where the Seacom cable installed in 2009 connected Mombasa to Europe with a capacity of 640 Gb/s and the World Bank funded Eastern Africa Submarine Cable System (EASSy) undersea fibre optic cable connects Eastern Africa to South Africa and Europe with a capacity of 1.4 Tb/s. [1]. Additionally until recently Uganda was dependent upon a single overland link to Kenya via Uganda Electricity Transmission Company Limited (UETCL) power lines whereas today there are a number of options such as the Seacom cable fibre cable completed in 2015. During the 2010 FIFA World Cup Final a terrorist attack on the Kyandondo Rugby Club in Nakawa, Kampala brought all Internet Service Providers (ISP) in Uganda off-line as the rugby ground sits directly underneath the UETCL power lines bring Internet services from Kenya. This leaves Uganda at significant disadvantage regionally and to-date the technology industry has tended to converge at Mombassa and Nairobi as well as in Dar es Salaam, Tanzania. Recently however as the modern Internet services require Global Service Providers (GSP) to get closer to the end-user so they can avail of lower latency, higher bandwidth applications, the justification for serving all of South East Africa from data centres in Narobi, Mombassa, Dar es Salaam and even from South Africa is becoming less valid. In order to facilitate the deployment of locally hosted content and reduce the country's reliance on international cables, additional capacity was required at the country's primary local interconnection point, the Uganda Internet Exchange Point (UIXP). UIXP is currently developing its infrastructure to support a larger membership encompassing growing demand from both ISPs and Application Service Providers (ASP). This paper serves to outline the developments that are being put in place to take UIXP from a local Internet eXchange Point (IXP) supporting local ISPs and e-government services to the next level where it is in a position to support GSP Content Delivery Networks (CDN) and therefore pave the way for the next phase of development of the Internet in Uganda.
East Africa was the last major area of the world to gain access to the Internet when submarine fi... more East Africa was the last major area of the world to gain access to the Internet when submarine fibre-optic cables landed at Mombasa, Kenya and Dar-es-Salaam, Tanzania in 2009. The region previously relied on satellite communications to individual Internet Service Providers (ISP). This presented a unique opportunity to acquire and document the thoughts of key business, political and technical leaders who were, and continue to be, an integral part of the development of the regional Internet ecosystem from 2009, via the SEACOM and TEAMS cables. This prompted a mixed methods political economy study of the Internet in East Africa to gain an understanding of why the regional Internet infrastructure developed as it did, a vision of the future direction of the regional Internet, a view of the disruptive potential of new networking technologies such as Software Defined Networking (SDN) and Network Functions Virtualisation (NFV) as well as the growth of the Internet's multinational online...
An Internet eXchange Point (IXP) is a network facility that enables the interconnection of more t... more An Internet eXchange Point (IXP) is a network facility that enables the interconnection of more than two independent Autonomous Systems (AS), primarily for the purpose of facilitating the exchange of Internet traffic. IXPs have been a key element of the Internet architecture and their importance as the ideal location for Content Delivery Networks (CDN) wishing to bring content closer to their customers has enhanced this position. IXPs have witnessed increased traffic levels as a result of delivering video from these CDNs. IXPs operate; as independent regional IXPs, as interlinked IXPs using commercial links or as interlinked IXPs using owned links. In developing countries it is clear that the development of IXPs in regions cannot be commercially justified as in similar population centres across developed countries. This leaves the developing country citizens from regional areas at a disadvantage in terms of future Internet services. This paper presents a model to create a distribute...
Abstract In 2009, fibre-optic cables landed on the East coast of Africa, the last major area of t... more Abstract In 2009, fibre-optic cables landed on the East coast of Africa, the last major area of the world to be connected to the Internet triggering a decade of Internet development ( Graham et al., 2015 ). During the same period, there has been a general transformation of the Internet from static content to video streaming. Technologies such as Software Defined Networking (SDN) and Network Functions Virtualisation (NFV) are about to reshape the Internet once again. Globally Internet eXchange Points (IXP) have been a key node on the Internet and a central location for Content Delivery Networks (CDN), though in East Africa they have generally been confined to large cities. There is an understanding that if technology hubs are to develop in other cities, the Internet ecosystem, including IXPs, must extend outwards. This research uses a Proof of Concept (PoC) system design methodology to investigate solutions that containerise IXP functions and develops affordable models for IXPs of various sizes and configurations based on both traditional and software-defined switching paradigms as well as automate the IXP build function. The research argues that it is necessary to develop a national IXP ecosystem by supplementing the national IXP with local IXPs to support economic development outside of the major economic cities of the region. The technology solutions must be used in conjunction with research on the political economy landscape plus optimum deployment to ensure success. This research demonstrates that systems can be designed which are achievable and affordable by exploiting the most suitable model and switching technology for each site. It also determines that software-defined models offer the potential for application development across the IXP. This research concludes that with a combination of function containerisation and astute model selection it is possible to build an affordable set of IXPs to support multiple technology hubs across a national Internet ecosystem. Proposed systems are discussed in the context of East Africa and testbed results discussed in relation to the optimum system design which can be deployed in any IXP setting.
Telecommunications along with cloud computing are in the process of a transformation towards a Cl... more Telecommunications along with cloud computing are in the process of a transformation towards a Cloud Integrated Network (CIN)[1] triggered by an elastic network in the form of two disruptive technologies Software Defined Networking (SDN) and Network Function Virtualisation (NFV). This project is considering how key infrastructure development at national level and changed Local SPs (LSP) network architectures and business models can deliver the CIN within the constraints of a developing country. A potential set of solutions will be developed through experimental simulations and system models to demonstrate how the CIN can be delivered by rural SPs in a developing nation. While the project is in its early stages, work at the Ugandan Internet eXchange Point (IXP) virtualising services, adding an Akamai Content Delivery Node (CDN) has demonstrated an increased demand and has necessitated a corresponding upgrade to core switches. An OpenStack orchestration laboratory has been built for experimentation with NFV orchestration and Virtual Infrastructure Manager (VIM) functions. A similar testbed will consider Open Source MANO (OSM) and the Open Network Automation Platform (ONAP) Projects. The project will develop potential architectures for the delivery of the CIN to the rural customers of LSPs as well as consider the need for eXchangelets in the future.
In 2009, fibre-optic cables landed on the East coast of Africa, the last major area of the world ... more In 2009, fibre-optic cables landed on the East coast of Africa, the last major area of the world to be connected to the Internet triggering a decade of Internet development ( Graham et al., 2015 ). During the same period, there has been a general transformation of the Internet from static content to video streaming. Technologies such as Software Defined Networking (SDN) and Network Functions Virtualisation (NFV) are about to reshape the Internet once again. Globally Internet eXchange Points (IXP) have been a key node on the Internet and a central location for Content Delivery Networks (CDN), though in East Africa they have generally been confined to large cities. There is an understanding that if technology hubs are to develop in other cities, the Internet ecosystem, including IXPs, must extend outwards. This research uses a Proof of Concept (PoC) system design methodology to investigate solutions that containerise IXP functions and develops affordable models for IXPs of various siz...
East African Journal of Science, Technology and Innovation, 2020
East Africa was the last major area of the world to gain access to the Inter-net when submarine f... more East Africa was the last major area of the world to gain access to the Inter-net when submarine fibre-optic cables landed at Mombasa, Kenya and Dares -Sa-laam, Tanzania in 2009. The region previously relied on satellite communications to individual Internet Service Providers (ISP). This presented a unique opportunity to acquire and document the thoughts of key business, political and technical leaders who were, and continue to be, an integral part of the development of the regional In-ternet ecosystem from 2009, via the SEACOM and TEAMS cables. This prompted a mixed methods political economy study of the Internet in East Africa to gain an understanding of why the regional Internet infrastructure developed as it did, a vision of the future direction of the regional Internet, a view of the disruptive potential of new networking technologies such as Software Defined Networking (SDN) and Network Functions Virtualisation (NFV) as well as the growth of the Internet's multinational online companies that now dominate the Internet. The study concludes that the landing of the submarine fibre-optic cables was the catalyst for improvements that drove the development of regional infrastructure leading to rapidly improving Inter-net services such as streaming video, facilitated by investment in ISP and Internet eXchange Points (IXP), improvements through mobile phone generations and roll-outs across the region have facilitated citizen access. The study also shows that fibre will play an increasingly important role; however, wireless that will remain the key delivery Internet platform over the next decade.
In 2009, fibre-optic cables landed on the East coast of Africa, the last major area of the world ... more In 2009, fibre-optic cables landed on the East coast of Africa, the last major area of the world to be connected to the Internet triggering a decade of Internet development [1]. During the same period, there has been a general transformation of the Internet from static content to video streaming. Technologies such as Software Defined Networking (SDN) and Network Functions Virtuali-sation (NFV) are about to reshape the Internet once again. Globally Internet eXchange Points (IXP) have been a key node on the Internet and a central location for Content Delivery Networks (CDN), though in East Africa they have generally been confined to large cities. There is an understanding that if technology hubs are to develop in other cities, the Internet ecosystem, including IXPs, must extend outwards. This research uses a Proof of Concept (PoC) system design methodology to investigate solutions that containerise IXP functions and develops affordable models for IXPs of various sizes and configurations based on both traditional and software-defined switching paradigms as well as automate the IXP build function. The research argues that it is necessary to develop a national IXP ecosystem by supplementing the national IXP with local IXPs to support economic development outside of the major economic cities of the region. The technology solutions must be used in conjunction with research on the political economy landscape plus optimum deployment to ensure success. This research demonstrates that systems can be designed which are achievable and affordable by exploiting the most suitable model and switching technology for each site. It also determines that software-defined models offer the potential for application development across the IXP. This research concludes that with a combination of function containerisation and astute model selection it is possible to build an affordable set of IXPs to support multiple technology hubs across a national Internet ecosystem. Proposed systems are discussed in the context of East Africa and testbed results discussed in relation to the optimum system design which can be deployed in any IXP setting.
An Internet eXchange Point (IXP) is a network facility that enables the interconnection of more t... more An Internet eXchange Point (IXP) is a network facility that enables the interconnection of more than two independent Autonomous Systems (AS), primarily for the purpose of facilitating the exchange of Internet traffic. IXPs have been a key element of the Internet architecture and their importance as the ideal location for Content Delivery Networks (CDN) wishing to bring content closer to their customers has enhanced this position. IXPs have witnessed increased traffic levels as a result of delivering video from these CDNs. IXPs operate; as independent regional IXPs, as interlinked IXPs using commercial links or as interlinked IXPs using owned links. In developing countries it is clear that the development of IXPs in regions cannot be commercially justified as in similar population centres across developed countries. This leaves the developing country citizens from regional areas at a disadvantage in terms of future Internet services. This paper presents a model to create a distributed IXP (dIXP) with mini IXPs (mIXP) in regional cities and towns. The mIXP is managed centrally, removing the regional skill-set issue as a barrier to implementation.
28th Irish Signals and Systems Conference (ISSC), 2017
Uganda is a land locked country in South East
Africa. It is separated from the Indian ocean by Ke... more Uganda is a land locked country in South East Africa. It is separated from the Indian ocean by Kenya to the east and Tanzania to the south. It is separated from South Atlantic by the Democratic Republic of the Congo to the west. Uganda’s connection to the Internet is overland to Mombasa, Kenya where the Seacom cable installed in 2009 connected Mombasa to Europe with a capacity of 640 Gb/s and the World Bank funded Eastern Africa Submarine Cable System (EASSy) undersea fibre optic cable connects Eastern Africa to South Africa and Europe with a capacity of 1.4 Tb/s. [1]. Additionally until recently Uganda was dependent upon a single overland link to Kenya via Uganda Electricity Transmission Company Limited (UETCL) power lines whereas today there are a number of options such as the Seacom cable fibre cable completed in 2015. During the 2010 FIFA World Cup Final a terrorist attack on the Kyandondo Rugby Club in Nakawa, Kampala brought all Internet Service Providers (ISP) in Uganda off-line as the rugby ground sits directly underneath the UETCL power lines bring Internet services from Kenya. This leaves Uganda at significant disadvantage regionally and to-date the technology industry has tended to converge at Mombassa and Nairobi as well as in Dar es Salaam, Tanzania. Recently however as the modern Internet services require Global Service Providers (GSP) to get closer to the end-user so they can avail of lower latency, higher bandwidth applications, the justification for serving all of South East Africa from data centres in Narobi, Mombassa, Dar es Salaam and even from South Africa is becoming less valid. In order to facilitate the deployment of locally hosted content and reduce the country’s reliance on international cables, additional capacity was required at the country’s primary local interconnection point, the Uganda Internet Exchange Point (UIXP). UIXP is currently developing its infrastructure to support a larger membership encompassing growing demand from both ISPs and Application Service Providers (ASP). This paper serves to outline the developments that are being put in place to take UIXP from a local Internet eXchange Point (IXP) supporting local ISPs and e-government services to the next level where it is in a position to support GSP Content Delivery Networks (CDN) and therefore pave the way for the next phase of development of the Internet in Uganda.
Networking and telecommunications have been spared the major changes that have occurred in comput... more Networking and telecommunications have been spared the major changes that have occurred in computing over the last decade. Speeds have increased and the convergence with Information Technology (IT) has continued. The speed of this convergence is about to increase dramatically. The IT world went through massive change with the introduction of cloud computing, driven by developments in virtualisation. The benefits of the transformation in IT will come to networking and telecommunications in the form of Software Defined Networking (SDN) and Network Functions Virtualisation (NFV). They can be realised in the data centre today and in the customer premises in the near future with the roll-out of high speed ubiquitous broadband. SDN is the extraction of the control functions from networking equipment hardware leaving the hardware with only data plane functions, a separation of the control and data forwarding functions. The control plane functions are migrated as software functions to be ran on standard industry hardware or more often than not on server instances located on virtualised cloud platforms. NFV is a separate but complementary technology that replaces existing functions typically found on specialised hardware with virtualised versions of the same function. These NFVs can be delivered on a virtual Customer Premises Equipment (vCPE) devices that will provide virtualisation locally for the provision of NFVs and/or in concert with cloud based functions at the data centre. The changes in the networking landscape promised over the next few years by SDN and NFV are very exciting. I consider it to be akin to the changes that virtualisation brought to the data centre and the subsequent explosion of cloud computing over the last 5 years or so, yet I remember virtualising many Microsoft Windows flavours simultaneously on VMware on my GNU/Linux desktop to support modems in the 1990s. Therefore it is safe to assume that these developments in SDN and NFV will lead to an explosion of Network Virtualisation outside it's the current sweet spot in the data centre today. It is also becoming clear that the current situation where the skill-sets of the software developer and the network engineer which today is quite different will tend to converge and the network engineer will need to adapt to a world where the command line configuration is replaced or at the very least complemented by a greater reliance on programming and scripting skills.
Software has become a strategic societal resource in the last few decades. The emergence of Free ... more Software has become a strategic societal resource in the last few decades. The emergence of Free Software, which has entered in major sectors of the Information ICT market, is drastically changing the economics of software development and usage. Free Software – sometimes also referred to as “Open Source” or “Libre Software” – can be used, studied, copied, modified and distributed freely. It offers the freedom to learn and to teach without engaging in dependencies on any single technology provider. These freedoms are considered a fundamental precondition for sustainable development and an inclusive information society. Although there is a growing interest in free technologies (including Free Software and Open Standards), still a limited number of people have sufficient knowledge and expertise in these fields. The FTA attempts to respond to this demand.
Uploads
Papers by Diarmuid O'Briain
The objective is to categorically map where these techniques intersect with the Tactics, Techniques, and Procedures (TTP) outlined in the MITRE framework, highlighting synergies and distinctions between cybersecurity threats in Enterprise Information Technology (IT) and ICS environments. Highlighting the synergies and distinctions between IT and Operational Technology (OT) in cybersecurity is crucial because it helps in understanding the unique threats, vulnerabilities, and security practices applicable to each domain.
Through a comprehensive comparison, this paper aims to illuminate the extent to which the simulated cyberattack method- ologies are represented within both frameworks, thereby offering a dual perspective on the cybersecurity landscape.
This detailed examination of the MITRE ATT&CK framework against a simulated cyber attack scenario not only reinforces the relevance of the cybersecurity testbeds such as the Virtualised ICS Open-source Research Testbed (VICSORT) in the broader context of recognised cybersecurity models but also underscores the criticality of adopting a unified view of threat intelligence that bridges the gap between IT and OT security paradigms. The findings seek to contribute towards demonstrating the relevance of the MITRE ATT&CK framework in understanding cyberattack methodology. They also contribute towards the ongoing discourse in cybersecurity, particularly in enhancing cross-domain understanding and developing integrated defensive strategies against the sophisticated cyber threats of today and tomorrow.
Africa. It is separated from the Indian ocean by Kenya to the
east and Tanzania to the south. It is separated from South
Atlantic by the Democratic Republic of the Congo to the west.
Uganda’s connection to the Internet is overland to Mombasa,
Kenya where the Seacom cable installed in 2009 connected
Mombasa to Europe with a capacity of 640 Gb/s and the World
Bank funded Eastern Africa Submarine Cable System (EASSy)
undersea fibre optic cable connects Eastern Africa to South
Africa and Europe with a capacity of 1.4 Tb/s. [1]. Additionally
until recently Uganda was dependent upon a single overland
link to Kenya via Uganda Electricity Transmission Company
Limited (UETCL) power lines whereas today there are a number
of options such as the Seacom cable fibre cable completed in
2015. During the 2010 FIFA World Cup Final a terrorist attack
on the Kyandondo Rugby Club in Nakawa, Kampala brought
all Internet Service Providers (ISP) in Uganda off-line as the
rugby ground sits directly underneath the UETCL power lines
bring Internet services from Kenya.
This leaves Uganda at significant disadvantage regionally
and to-date the technology industry has tended to converge at
Mombassa and Nairobi as well as in Dar es Salaam, Tanzania.
Recently however as the modern Internet services require
Global Service Providers (GSP) to get closer to the end-user so
they can avail of lower latency, higher bandwidth applications,
the justification for serving all of South East Africa from data
centres in Narobi, Mombassa, Dar es Salaam and even from
South Africa is becoming less valid. In order to facilitate the
deployment of locally hosted content and reduce the country’s
reliance on international cables, additional capacity was required
at the country’s primary local interconnection point, the Uganda
Internet Exchange Point (UIXP).
UIXP is currently developing its infrastructure to support
a larger membership encompassing growing demand from both
ISPs and Application Service Providers (ASP). This paper serves
to outline the developments that are being put in place to take
UIXP from a local Internet eXchange Point (IXP) supporting
local ISPs and e-government services to the next level where it is
in a position to support GSP Content Delivery Networks (CDN)
and therefore pave the way for the next phase of development
of the Internet in Uganda.
The objective is to categorically map where these techniques intersect with the Tactics, Techniques, and Procedures (TTP) outlined in the MITRE framework, highlighting synergies and distinctions between cybersecurity threats in Enterprise Information Technology (IT) and ICS environments. Highlighting the synergies and distinctions between IT and Operational Technology (OT) in cybersecurity is crucial because it helps in understanding the unique threats, vulnerabilities, and security practices applicable to each domain.
Through a comprehensive comparison, this paper aims to illuminate the extent to which the simulated cyberattack method- ologies are represented within both frameworks, thereby offering a dual perspective on the cybersecurity landscape.
This detailed examination of the MITRE ATT&CK framework against a simulated cyber attack scenario not only reinforces the relevance of the cybersecurity testbeds such as the Virtualised ICS Open-source Research Testbed (VICSORT) in the broader context of recognised cybersecurity models but also underscores the criticality of adopting a unified view of threat intelligence that bridges the gap between IT and OT security paradigms. The findings seek to contribute towards demonstrating the relevance of the MITRE ATT&CK framework in understanding cyberattack methodology. They also contribute towards the ongoing discourse in cybersecurity, particularly in enhancing cross-domain understanding and developing integrated defensive strategies against the sophisticated cyber threats of today and tomorrow.
Africa. It is separated from the Indian ocean by Kenya to the
east and Tanzania to the south. It is separated from South
Atlantic by the Democratic Republic of the Congo to the west.
Uganda’s connection to the Internet is overland to Mombasa,
Kenya where the Seacom cable installed in 2009 connected
Mombasa to Europe with a capacity of 640 Gb/s and the World
Bank funded Eastern Africa Submarine Cable System (EASSy)
undersea fibre optic cable connects Eastern Africa to South
Africa and Europe with a capacity of 1.4 Tb/s. [1]. Additionally
until recently Uganda was dependent upon a single overland
link to Kenya via Uganda Electricity Transmission Company
Limited (UETCL) power lines whereas today there are a number
of options such as the Seacom cable fibre cable completed in
2015. During the 2010 FIFA World Cup Final a terrorist attack
on the Kyandondo Rugby Club in Nakawa, Kampala brought
all Internet Service Providers (ISP) in Uganda off-line as the
rugby ground sits directly underneath the UETCL power lines
bring Internet services from Kenya.
This leaves Uganda at significant disadvantage regionally
and to-date the technology industry has tended to converge at
Mombassa and Nairobi as well as in Dar es Salaam, Tanzania.
Recently however as the modern Internet services require
Global Service Providers (GSP) to get closer to the end-user so
they can avail of lower latency, higher bandwidth applications,
the justification for serving all of South East Africa from data
centres in Narobi, Mombassa, Dar es Salaam and even from
South Africa is becoming less valid. In order to facilitate the
deployment of locally hosted content and reduce the country’s
reliance on international cables, additional capacity was required
at the country’s primary local interconnection point, the Uganda
Internet Exchange Point (UIXP).
UIXP is currently developing its infrastructure to support
a larger membership encompassing growing demand from both
ISPs and Application Service Providers (ASP). This paper serves
to outline the developments that are being put in place to take
UIXP from a local Internet eXchange Point (IXP) supporting
local ISPs and e-government services to the next level where it is
in a position to support GSP Content Delivery Networks (CDN)
and therefore pave the way for the next phase of development
of the Internet in Uganda.
SDN is the extraction of the control functions from networking equipment hardware leaving the hardware with only data plane functions, a separation of the control and data forwarding functions. The control plane functions are migrated as software functions to be ran on standard industry hardware or more often than not on server instances located on virtualised cloud platforms.
NFV is a separate but complementary technology that replaces existing functions typically found on specialised hardware with virtualised versions of the same function. These NFVs can be delivered on a virtual Customer Premises Equipment (vCPE) devices that will provide virtualisation locally for the provision of NFVs and/or in concert with cloud based functions at the data centre.
The changes in the networking landscape promised over the next few years by SDN and NFV are very exciting. I consider it to be akin to the changes that virtualisation brought to the data centre and the subsequent explosion of cloud computing over the last 5 years or so, yet I remember virtualising many Microsoft Windows flavours simultaneously on VMware on my GNU/Linux desktop to support modems in the 1990s. Therefore it is safe to assume that these developments in SDN and NFV will lead to an explosion of Network Virtualisation outside it's the current sweet spot in the data centre today.
It is also becoming clear that the current situation where the skill-sets of the software developer and the network engineer which today is quite different will tend to converge and the network engineer will need to adapt to a world where the command line configuration is replaced or at the very least complemented by a greater reliance on programming and scripting skills.
Although there is a growing interest in free technologies (including Free Software and Open Standards), still a limited number of people have sufficient knowledge and expertise in these fields. The FTA attempts to respond to this demand.