Sartec is a Saras group company based in Sardinia, in the industrial area of ??Macchiareddu. Sartec is a company of about 150 employees offering value-added services and technological solutions in the refining, chemical and petrochemical, energy efficiency and environmental protection.
With decades of experience in the automation of industrial plants, design and construction of analysis systems, engineering and environmental monitoring, Sartec continuously invests in the development of new skills and in the evolution of the services offered.
In the context of critical infrastructures, technology plays an essential role in the operation and control of plants, e.g., the management of reactors, furnaces and boilers, pumps, turbines, compressors, valves, etc.
Networks of distributed control systems (DCS), servers, workstations, PLCs, perform essential functions in support of operators, ensuring that the various components of the system work correctly within pre-established thresholds, managing the necessary adjustments in real-time to obtain optimal production, activating protections and safety measures in the event of anomalous behavior and plant shutdowns.
In support of technologies traditionally used in the industrial sector, Sartec now also operates in the Cybersecurity sector, designing and implementing solutions for the security and monitoring of IT assets and control networks in accordance with the guidelines and reference requirements (e.g., ISA / IEC 62443).
Furthermore, pursuing the objective of continuous innovation, Sartec focuses its interest in IoT digital technologies, that allow interconnecting assets and devices in a streamlined and economic way, and to acquire and interpret data that are useful to production needs, as well as to business management needs.
The following topics are available for interships and/or Master thesis projects: If you are interested, please contact Prof. Giacinto for more information.
SartecCyberSec_01: "Advanced Security Log Management in industrial plants"
In the industrial sector, it is essential to guarantee the security and integrity of the IT components. This is possible through constant and careful monitoring of the IT security status which is mainly carried out with the help of two key technologies: network monitoring and log collection. Although there are methods and tools widely used in the ICT field to carry out these tasks, these systems are often ineffective in the industrial sector, and new tools and methodologies needs to be investigated.
The task of the trainee, working alongside the Sartec Cybersecurity team, will be to study, evaluate, test and implement solutions capable of efficiently managing the huge and inconsistent amounts of logs generated by the industrial plant from the point of view of IT security. Technically, one of the main problems to be addressed concerns the identification of flexible / dynamic methods for the interpretation of data sources, so as to allow the management, interpretation and correlation of key information. Following an analysis on the state of the art, the aim of the work will be to identify and develop the approach deemed most effective, including the use of techniques and tools not yet mature.
SartecCyberSec_02: "Active Defense - Identification of anomalies"
The trainee, with the collaboration / coordinating with the trainee dealing with the topic SartecCyberSec_01, and working alongside the Sartec Cybersecurity team, will study, evaluate, test and implement solutions and models of Artificial Intelligence / Machine Learning capable of supporting the Industrial team Active Defense to proactively detect possible anomalous behaviors that can be attributed not only to compromise attempts (Hacking, Malware), but also to anomalous behaviors carried out by operators. Technically, one of the main problems to be addressed, given access to the logs of industrial systems and network communications, concerns the possibility to identify anomalies starting from both a baseline of behaviors provided by historical data, and a set of a-priori rules.
SartecIIoT_03: "Security by Design Industrial IoT"
The introduction of low-cost and highly interconnected industrial components and sensors enables the possibility of cyber attacks targeting the sensor network aimed, for example, at "obscuring" certain detections or at "falsifying" certain measures, potentially generating significant impacts on production and plants. In this context, the creation of "Hack Proof" industrial IoT devices covers a topic of particular interest. The trainee, working alongside the Connectivity / IIoT team and the Sartec Cybersecurity team, will study, evaluate, test and implement security solutions tailored to the devices being developed by Sartec. One of the main issues to be addressed is the definition of a technical framework of safety requirements for IIoT devices capable of guiding technological choices (e.g., the type of microcontroller or communication channel) based on the risk profile of the specific sensor in its use context.