Yongjian Ding

• Prof. Dr.-Ing. (retired)
• Professor at Hochschule Magdeburg-Stendal, University of Applied Sciences, Germany

This paper explores how domain specific modelling can be used to support the identification of potential vulnerabilities and risks in Industrial Automation and Control Systems (IACS) to enhance security by enabling a mitigation of these vulnerabilities. This approach can be used to support already deployed IACS or to include Security-by-Design and...

Nowadays, there are a lot of defense mechanisms to secure IT-systems against Cyber attacks. Thus, Cyber attacks have to be more sophisticated than they used to be in order to stay undetected as long as possible and to bypass defense mechanisms. As a result, current threats frequently use steganographic techniques to hide malicious functions in a ha...

Im Juni 2018, also gut zwei Jahre vor Ende des Qualitätspakt-Lehre-Projekts Qualität2 der Hochschule Magdeburg-Stendal fand ein Klausurtag mit über 20 Projektmitarbeiter: innen aus allen Fachbereichen, aus dem Qualitätsmanagement sowie aus dem Zentrum für Hochschuldidaktik und angewandte Hochschulforschung (ZHH) statt. Es stellte sich die Frage, wa...

This paper shows the extension of an entity model developed in cooperation with project partners by an “Organizational Entity” in order to detect potential weaknesses in IT security as well as to prove the standard conformity (IT security level according to IEC 62443) of the examined systems. This allows suitable security measures to be taken syste...

Whether during construction, operation or decommissioning, any successful cyberattack on a nuclear facility would harm a nation that even partially relies on the safe operation of its nuclear facilities. Such conditions could disturb the complete power grid and interrupt regular daily life, initiate the release of radioactive substances or bias the...

Die Bedeutung der Cyber-Sicherheit für industrielle Produktionsanlagen nimmt mit weiterer Ver-breitung der IT-Technik in der Produktion ständig zu und wird im Industrie 4.0-Zeitalter enorm steigen. Dies resultiert aus den mit Industrie 4.0 in Verbindung stehenden vollvernetzen, intelli-genten, industriellen Produktionsanlagen, sogenannten cyber-phy...

Cybersecurity of industrial control systems is a serious threat and can lead to property and environmental damage or even loss of life and limb, depending on the cyber-physical system in question. Nuclear facilities have a special need of protection against potential cybersecurity threats. Modeling the system can support the identification and unde...

The generic concept of security controls, as initially deployed in the information security domain, is gradually used in other business domains, including industrial security for critical infrastructure and cybersecurity of nuclear safety instrumentation & control (I&C). A security control, or less formally, a security countermeasure can be any org...

Durch die stetige Entwicklung im Bereich Industrie 4.0 ergeben sich neue Möglichkeiten und Risiken für die Industrie. So wächst die Gefahr der Cyberattacke nicht nur auf das Unternehmensnetzwerk, sondern zunehmend auch auf die Automatisierungssysteme und damit die Produktionsanlagen selbst. Daher ist es notwendig, IT-Sicherheitsrisiken für industri...

The generic concept of Security Controls, as initially deployed in the information security domain, is gradually used in other business domains, including industrial security for critical infrastructure and cybersecurity of nuclear safety I&C. A Security Control, or less formally, a security countermeasure can be any organizational, technical or ad...

In the last decade, the amount of cyber-attacks targeting industrial facilities with specialized knowledge, tools and malware increased dramatically. The wide variety of industrial IT-systems and various required expertise for cyber-physical attack modeling is currently a challenge for interdisciplinary research. To address the variety of systems a...

Mit dem Fortschreiten der vierten industriellen Revolution ergeben sich neue Herausforderungen für die IT-Security hinsichtlich Automationstechnik und eingesetzter IT-Komponenten. Eine wesentliche Herausforderung besteht in der Pauschalisierung und adäquaten Abbildung von komplexen Industrie 4.0 Systemlandschaften, bestehend aus einer Vielzahl von...

Cybersecurity, Cyberdefense, Cybercrime, Critical infrastructure, Model-driven security testing, Attack modeling, Threat modeling, Risk assessment

Nuclear Safety, I&C, Cybersecurity, Security by Design, Safety and Security, Risk Assessment, Security Testing

The paper describes a safety objective oriented systematic design approach of digital (computerized) safety I&C in modern nuclear power plants which considers the plant safety requirements as well as cybersecurity needs. The defence in depth philosophy is applied by using different defence lines in the I&C architecture and protection zones in the p...

Um die höchsten Anforderungen an die Sicherheitsleittechnik in Kernkraftwerken (KKW) zu erfüllen, muss diese systematisch konzipiert und überprüfbar projektiert werden. Der Aufsatz stellt einen schutzzielorientierten Designprozess vor, wobei gleichzeitig die Philosopie der gestaffelten Verteidigung (Defence in Depth) angewendet wird. Der Ansatz eig...

Safety instrumentation and control in nuclear power plants has to be systematically designed and revisable in order to meet the highest safety requirements. A safety objective oriented design process is presented in combination with the defence in depth philosophy. The approach is applicable for the construction of new plants like the European Pres...

This paper describes a systematic way to apply the functional safety standards IEC 61508 and IEC 61511 on the safety management of a chemical process tank. After a short introduction of the basic principle of the functional safety philosophy the risk based determination of the safety integrity level (SIL) for a special liquid tank application is gi...

Germany announced on 30 May 2011 that it will shut down all of its 17 nuclear power stations by 2022 (8 of them immediately, the others step by step), which makes Germany become the first developed country in the world that totally give up the nuclear power and fulfill the change of energy structure after the Fukushima nuclear accident in Japan. Th...

This paper introduces the current state of solar heating system among Wanzleben city heating net. In view of low efficiency (only 20-30%) of this system, it analyses the shortcomings of this applied system from sensors' situation, fixed flow problem, the influence of the user's water temperature and the length of pipe separately. Some improving met...

It is difficult to model a liquid resonance controlling system when there are different materials, different capacity of the container, different liquid density and so on in the system. In order to realize resonance of these liquids in the container, a self-optimizing control method of the level of the liquid is suggested. Meanwhile in order to imp...

To optimize the proof intervall of a reactor limitation system the unavailability analysis has been carried out. First of all the relevant operation and failure behaviour of the 2-out-of-4 I&C system with high redundancy has been described by an analytical model. The maximal, minimal and average values of the unavailability are calculated. After th...