Home Registration Program Directions Flyer

Conference Program

8:20 - 8:30am Registration and Coffee & Tea!
A brief welcome and introduction to the SICSI workshop by our chairs Dr. Christopher Rouff and Dr. Lanier Watkins.
8:30 - 9:00am Reconfiguration of Firewall Filter Rules as a Response to Industrial Control System Intrusion
Gwenaël Delaval (INRIA Rhône-Alpes, France)
In recent years, industrial control systems (ICS) have become a target of choice for cybercriminals. In turn, developing new defense mechanisms against intrusions in ICS has become a necessity. We work within the context of a reaction framework, able to reconfigure a system under attack by migrating applications away from compromised host devices. As communication within an ICS should be heavily filtered to prevent anomalous commands, we need to redefine these filters to match our new configurations. In this paper, from a formal description of the IEC 62443 compliant ICS under study, we aim to automate the creation of all necessary filter rules, and the adaptation to application migration and device isolation. This approach is tested on a small scale installation supervising a physical process with industrial hardware.
9:00 - 9:30am ICS-SimLab: A Containerized Approach for Simulating Industrial Control Systems for Cyber Security Research
Jaxson O. Brown (Curtin University, Australia)
We present ICS-SimLab, an end-to-end software suite that utilizes Docker containerization technology to create a highly configurable ICS simulation environment. This software framework enables researchers to rapidly build and customize different ICS environments, facilitating the development of security solutions across different systems that adhere to the Purdue Enterprise Reference Architecture. To demonstrate its capability, we present three virtual ICS simulations: a solar panel smart grid, a water bottle filling facility, and a system of intelligent electronic devices. Furthermore, we run cyber-attacks on these simulations and construct a dataset of recorded malicious and benign network traffic to be used for IDS development.
9:30 - 10:00am Dark Drones: Can They Be Automatically Detected and Mitigated?
Isaiah D Henry-Simpson (United States Air Force Academy, USA)
The increasing prevalence of drones operating without radio frequency (RF) emissions-referred to as Dark Drones-poses a significant threat to national security and critical infrastructure. These platforms are particularly challenging to detect due to their lack of RF signatures and their potential to carry a wide range of malicious payloads. While existing counter-unmanned aerial systems (C-UAS) often rely on visual or acoustic detection modalities-and in some cases, a fusion of both-there remains a critical gap in solutions that can automatically detect, identify, and mitigate Dark Drones. To address this challenge, we conducted a systematic investigation of commonly available hobbyist and commercial drones, examining their onboard sensors such as GPS, infrared, ultrasonic, and optical systems. We then identified and empirically validated multiple pathways for detecting, identifying, and mitigating these RF-silent drones. Building on these insights, we developed and evaluated a prototype system, the Automated Dark Drone Countering Tool (AD-DeCT). This tool is capable of automatically detecting, classifying, and mitigating Dark Drones without relying on RF emissions. While the current prototype has certain limitations, our findings demonstrate the technical feasibility of a comprehensive automated countermeasure approach against this emerging class of aerial threats.
10:00 - 10:30am Applying Prompt-Based Mitigation of Gender-Role Bias in Large Language Models for Security
Brandon Blackwell (Johns Hopkins University)
As large language models (LLMs) become increasingly integrated into society, concerns over fairness and bias have emerged as critical areas of research. Prior research has demonstrated that LLMs often reflect stereotypes present in their training data, and while this is informative, systematic studies producing rigorous experiments and tangible measurements remain limited. Furthermore, as LLMs are deployed in security-sensitive domains, such as industrial control systems (ICS), Internet-of-Things (IoT) networks, and critical infrastructure, exploring tangible, quantitative bias mitigation techniques becomes essential for real-time deployment. In this work, as a proof of concept, we apply our pipelines to 53 gender-neutral professional resume prompts to generally analyze how LLMs assign gender-specific attributes. Using these prompts, we implement four distinct mitigation pipelines: a Baseline with no intervention, In-Context Example prompting, Self-Evaluation and Regeneration, and Chain-of-Thought (CoT) reasoning. Furthermore, to quantify each pipeline, we introduce the Stereotype Alignment Rate (SAR) to quantify bias, defined as the percentage of outputs conforming to traditional gender stereotypes. Results across each experimental pipeline indicate an effective reduction in bias, lowering the SAR by up to 15% compared to the baseline. This work demonstrates that prompt engineering, particularly through the use of counter-stereotypical examples, can serve as an effective and lightweight method for mitigating bias in LLM outputs.
10:30 - 11:00am Coffee & Tea Break
11:00 - 11:30am An Autonomic Resilient Electrical Grid for a University Campus
Christopher Rouff (Johns Hopkins University Applied Physics Laboratory, USA)
This paper proposes an autonomic cyber-physical electrical grid for a university campus, designed to optimize energy generation, storage, and consumption through autonomic self-management. The system integrates real-time monitoring, predictive analytics, and automated decision-making within a multi-layered MAPE-K architecture. Smart meters and Internet-of-Things (IoT) sensors collect data on usage, occupancy, and environmental conditions, which inform control strategies that dynamically adjust loads, prioritize critical systems, and manage battery storage. The autonomic manager balances supply and demand while integrating renewable sources such as solar and wind. Challenges include minimizing latency through edge computing, ensuring interoperability across legacy and modern systems, preserving user privacy, handling cybersecurity concerns, managing battery degradation, and maintaining user comfort. By combining edge and cloud computing, the system ensures low-latency control and long-term optimization. This approach supports bi-directional energy flow and demonstrates how autonomous energy systems can improve grid resilience, efficiency, and sustainability, serving as a potential model for future campus-scale and other smart grid deployments.
11:30 - 12:00pm A Minimal Overlay-Based Framework for Transitioning Legacy Infrastructure to Zero Trust
Wenjia Wang (Florida International University, USA)
Traditional perimeter-based security models struggle to secure legacy systems against evolving threats posed by remote work, IoT adoption, and cloud migration. Yet most Zero Trust (ZT) roadmaps demand disruptive refactoring that many organizations cannot afford. We present a lightweight, identity-centric transition model that overlays, rather than replaces, existing networks, relying on just three open-source components: Identity & Access Management (IAM), Public Key Infrastructure (PKI), and Continuous Diagnostics & Mitigation (CDM). A three-node Azure prototype using StrongSwan mutual TLS (mTLS) tunnels demonstrates that the full control-plane bundle idles at approximately 8% CPU and 320 MB RAM, each endpoint agent under 1% CPU and 30 MB RAM, and encrypted throughput remains within 2.5% of underlay performance while certificate revocation propagates in 8 min 14 s. These results show that meaningful ZT protections can be deployed immediately-no new hardware, rewiring, or licensing-offering a practical path to deeper ZT maturity. The code and automation scripts are open-sourced to facilitate reproduction.