Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

Cybercrime and Risks for Cyber Physical Systems

Cyber Physical Systems (CPS) is the integration of computation and physical systems that make a complete system such as the network, software, embedded systems, and physical components. Major industries such as industrial plants, transport, national grid, and communication systems depend heavily on CPS for financial and economic growth. However, these components may have inherent threats and vulnerabilities on them that may run the risk of being attacked, manipulated or exploited by cyber attackers and commit cybercrimes. Cybercriminals in their quest to bring down these systems may cause disruption of services either for fame, data theft, revenge, political motive, economic war, cyber terrorism, and cyberwar. Therefore, identifying the risks has become imperative in mitigating the cybercrimes. This paper seeks to identify cybercrimes and risks that are associated with a smart grid business application system to determine the motives and intents of the cybercriminal. The paper identified four goals to mitigate the risks: as business value, organizational requirements, threat agent and impact vectors. We used the Analytical Hierarchy Process (AHP) to determine the importance of the goals that contribute to identifying cybercrime and risks in CPS. For the results, a case study is used to identify the threat and vulnerable spots and the prioritized goals are then used to assess the risks using a semi-quantitative approach to determine the net threat level. The results indicate that using the AHP approach to identify cybercrime and risk on CPS provides specific risk mitigation goals

Anomaly Detection and Encrypted Programming Forensics for Automation Controllers

Securing the critical infrastructure of the United States is of utmost importance in ensuring the security of the nation. To secure this complex system a structured approach such as the NIST Cybersecurity framework is used, but systems are only as secure as the sum of their parts. Understanding the capabilities of the individual devices, developing tools to help detect misoperations, and providing forensic evidence for incidence response are all essential to mitigating risk. This thesis examines the SEL-3505 RTAC to demonstrate the importance of existing security capabilities as well as creating new processes and tools to support the NIST Framework. The research examines the potential pitfalls of having small-form factor devices in poorly secured and geographically disparate locations. Additionally, the research builds a data-collection framework to provide a proof of concept anomaly detection system for detecting network intrusions by recognizing the change in task time distribution. Statistical tests distinguish between normal and anomalous behaviour. The high true positive rates and low false positive rates show the merit of such an anomaly detection system. Finally, the work presents a network forensic process for recreating control logic from encrypted programming traffic

SoK: Security of Programmable Logic Controllers

Billions of people rely on essential utility and manufacturing infrastructures such as water treatment plants, energy management, and food production. Our dependence on reliable infrastructures makes them valuable targets for cyberattacks. One of the prime targets for adversaries attacking physical infrastructures are Programmable Logic Controllers (PLCs) because they connect the cyber and physical worlds. In this study, we conduct the first comprehensive systematization of knowledge that explores the security of PLCs: We present an in-depth analysis of PLC attacks and defenses and discover trends in the security of PLCs from the last 17 years of research. We introduce a novel threat taxonomy for PLCs and Industrial Control Systems (ICS). Finally, we identify and point out research gaps that, if left ignored, could lead to new catastrophic attacks against critical infrastructures.Comment: 25 pages, 13 figures, Extended version February 2024, A shortened version is to be published in the 33rd USENIX Security Symposium, for more information, see https://efrenlopez.org

Intégration de la blockchain à l'Internet des objets

L'Internet des objets (IdO) est en train de transformer l'industrie traditionnelle en une industrie intelligente où les décisions sont prises en fonction des données. L'IdO interconnecte de nombreux objets (ou dispositifs) qui effectuent des tâches complexes (e.g., la collecte de données, l'optimisation des services, la transmission de données). Toutefois, les caractéristiques intrinsèques de l'IdO entraînent plusieurs problèmes, tels que la décentralisation, une faible interopérabilité, des problèmes de confidentialité et des failles de sécurité. Avec l'évolution attendue de l'IdO dans les années à venir, il est nécessaire d'assurer la confiance dans cette énorme source d'informations entrantes. La blockchain est apparue comme une technologie clé pour relever les défis de l'IdO. En raison de ses caractéristiques saillantes telles que la décentralisation, l'immuabilité, la sécurité et l'auditabilité, la blockchain a été proposée pour établir la confiance dans plusieurs applications, y compris l'IdO. L'intégration de la blockchain a l'IdO ouvre la porte à de nouvelles possibilités qui améliorent intrinsèquement la fiabilité, la réputation, et la transparence pour toutes les parties concernées, tout en permettant la sécurité. Cependant, les blockchains classiques sont coûteuses en calcul, ont une évolutivité limitée, et nécessitent une bande passante élevée, ce qui les rend inadaptées aux environnements IdO à ressources limitées. L'objectif principal de cette thèse est d'utiliser la blockchain comme un outil clé pour améliorer l'IdO. Pour atteindre notre objectif, nous relevons les défis de la fiabilité des données et de la sécurité de l'IdO en utilisant la blockchain ainsi que de nouvelles technologies émergentes, notamment l'intelligence artificielle (IA). Dans la première partie de cette thèse, nous concevons une blockchain qui garantit la fiabilité des données, adaptée à l'IdO. Tout d'abord, nous proposons une architecture blockchain légère qui réalise la décentralisation en formant un réseau superposé où les dispositifs à ressources élevées gèrent conjointement la blockchain. Ensuite, nous présentons un algorithme de consensus léger qui réduit la puissance de calcul, la capacité de stockage, et la latence de la blockchain. Dans la deuxième partie de cette thèse, nous concevons un cadre sécurisé pour l'IdO tirant parti de la blockchain. Le nombre croissant d'attaques sur les réseaux IdO, et leurs graves effets, rendent nécessaire la création d'un IdO avec une sécurité plus sophistiquée. Par conséquent, nous tirons parti des modèles IA pour fournir une intelligence intégrée dans les dispositifs et les réseaux IdO afin de prédire et d'identifier les menaces et les vulnérabilités de sécurité. Nous proposons un système de détection d'intrusion par IA qui peut détecter les comportements malveillants et contribuer à renforcer la sécurité de l'IdO basé sur la blockchain. Ensuite, nous concevons un mécanisme de confiance distribué basé sur des contrats intelligents de blockchain pour inciter les dispositifs IdO à se comporter de manière fiable. Les systèmes IdO existants basés sur la blockchain souffrent d'une bande passante de communication et d’une évolutivité limitée. Par conséquent, dans la troisième partie de cette thèse, nous proposons un apprentissage machine évolutif basé sur la blockchain pour l'IdO. Tout d'abord, nous proposons un cadre IA multi-tâches qui exploite la blockchain pour permettre l'apprentissage parallèle de modèles. Ensuite, nous concevons une technique de partitionnement de la blockchain pour améliorer l'évolutivité de la blockchain. Enfin, nous proposons un algorithme d'ordonnancement des dispositifs pour optimiser l'utilisation des ressources, en particulier la bande passante de communication.Abstract : The Internet of Things (IoT) is reshaping the incumbent industry into a smart industry featured with data-driven decision making. The IoT interconnects many objects (or devices) that perform complex tasks (e.g., data collection, service optimization, data transmission). However, intrinsic features of IoT result in several challenges, such as decentralization, poor interoperability, privacy issues, and security vulnerabilities. With the expected evolution of IoT in the coming years, there is a need to ensure trust in this huge source of incoming information. Blockchain has emerged as a key technology to address the challenges of IoT. Due to its salient features such as decentralization, immutability, security, and auditability, blockchain has been proposed to establish trust in several applications, including IoT. The integration of IoT and blockchain opens the door for new possibilities that inherently improve trustworthiness, reputation, and transparency for all involved parties, while enabling security. However, conventional blockchains are computationally expensive, have limited scalability, and incur significant bandwidth, making them unsuitable for resource-constrained IoT environments. The main objective of this thesis is to leverage blockchain as a key enabler to improve the IoT. Toward our objective, we address the challenges of data reliability and IoT security using the blockchain and new emerging technologies, including machine learning (ML). In the first part of this thesis, we design a blockchain that guarantees data reliability, suitable for IoT. First, we propose a lightweight blockchain architecture that achieves decentralization by forming an overlay network where high-resource devices jointly manage the blockchain. Then, we present a lightweight consensus algorithm that reduces blockchain computational power, storage capability, and latency. In the second part of this thesis, we design a secure framework for IoT leveraging blockchain. The increasing number of attacks on IoT networks, and their serious effects, make it necessary to create an IoT with more sophisticated security. Therefore, we leverage ML models to provide embedded intelligence in the IoT devices and networks to predict and identify security threats and vulnerabilities. We propose a ML intrusion detection system that can detect malicious behaviors and help further bolster the blockchain-based IoT’s security. Then, we design a distributed trust mechanism based on blockchain smart contracts to incite IoT devices to behave reliably. Existing blockchain-based IoT systems suffer from limited communication bandwidth and scalability. Therefore, in the third part of this thesis, we propose a scalable blockchain-based ML for IoT. First, we propose a multi-task ML framework that leverages the blockchain to enable parallel model learning. Then, we design a blockchain partitioning technique to improve the blockchain scalability. Finally, we propose a device scheduling algorithm to optimize resource utilization, in particular communication bandwidth

Accurate Modeling of the Siemens S7 SCADA Protocol for Intrusion Detection and Digital Forensics

The Siemens S7 protocol is commonly used in SCADA systems for communications between a Human Machine Interface (HMI) and the Programmable Logic Controllers (PLCs). This paper presents a model-based Intrusion Detection Systems (IDS) designed for S7 networks. The approach is based on the key observation that S7 traffic to and from a specific PLC is highly periodic; as a result, each HMI-PLC channel can be modeled using its own unique Deterministic Finite Automaton (DFA). The resulting DFA-based IDS is very sensitive and is able to flag anomalies such as a message appearing out of its position in the normal sequence or a message referring to a single unexpected bit. The intrusion detection approach was evaluated on traffic from two production systems. Despite its high sensitivity, the system had a very low false positive rate - over 99.82% of the traffic was identified as normal

A knowledge discovery approach for the detection of power grid state variable attacks

As the level of sophistication in power system technologies increases, the amount of system state parameters being recorded also increases. This data not only provides an opportunity for monitoring and diagnostics of a power system, but it also creates an environment wherein security can be maintained. Being able to extract relevant information from this pool of data is one of the key challenges still yet to be obtained in the smart grid. The potential exists for the creation of innovative power grid cybersecurity applications, which harness the information gained from advanced analytics. Such analytics can be based on the extraction of key features from statistical measures of reported and contingency power system state parameters. These applications, once perfected, will be able to alert upon potential cyber intrusions providing a framework for the creation of power system intrusion detection schemes derived from the cyber-physical perspective. With the power grid having a growing cyber dependency, these systems are becoming increasingly the target of attacks. The current power grid is undergoing a state of transition where new monitoring and control devices are being constantly added. These newly connected devices, by means of the cyber infrastructure, are capable of executing remote control decisions along with reporting sensor data back to a centralized location. This dissertation is an examination of advanced data mining and data analytic techniques for the development of a framework for detecting malicious cyber activity in the power grid based solely on reported power system state parameters. Through this examination, results indicate the successful development of a cyber-event detection framework capable of detecting and localizing 92% of the simulated cyber-events. In focusing on specific types of intrusions, this work describes the utilization of machine learning techniques to examine key features of multiple power systems for the detection of said intrusions. System analysis is preformed using the Newton-Raphson method to solve the nonlinear power system partial differential power flow equations for a 5-Bus and 14-Bus power system. This examination offers the theory and simulated implementation examples behind a context specific detection approach for securing the current and next generation\u27s critical infrastructure power grid

The digital harms of smart home devices:a systematic literature review

The connection of home electronic devices to the internet allows remote control of physical devices and involves the collection of large volumes of data. With the increase in the uptake of Internet-of-Things home devices, it becomes critical to understand the digital harms of smart homes. We present a systematic literature review on the security and privacy harms of smart homes. PRISMA methodology is used to systematically review 63 studies published between January 2011 and October 2021; and a review of known cases is undertaken to illustrate the literature review findings with real-world scenarios. Published literature identifies that smart homes may pose threats to confidentiality (unwanted release of information), authentication (sensing information being falsified) and unauthorised access to system controls. Most existing studies focus on privacy intrusions as a prevalent form of harm against smart homes. Other types of harms that are less common in the literature include hacking, malware and DoS attacks. Digital harms, and data associated with these harms, may vary extensively across smart devices. Most studies propose technical measures to mitigate digital harms, while fewer consider social prevention mechanisms. We also identify salient gaps in research, and argue that these should be addressed in future crossdisciplinary research initiatives

A Comprehensive Survey on the Cyber-Security of Smart Grids: Cyber-Attacks, Detection, Countermeasure Techniques, and Future Directions

One of the significant challenges that smart grid networks face is cyber-security. Several studies have been conducted to highlight those security challenges. However, the majority of these surveys classify attacks based on the security requirements, confidentiality, integrity, and availability, without taking into consideration the accountability requirement. In addition, some of these surveys focused on the Transmission Control Protocol/Internet Protocol (TCP/IP) model, which does not differentiate between the application, session, and presentation and the data link and physical layers of the Open System Interconnection (OSI) model. In this survey paper, we provide a classification of attacks based on the OSI model and discuss in more detail the cyber-attacks that can target the different layers of smart grid networks communication. We also propose new classifications for the detection and countermeasure techniques and describe existing techniques under each category. Finally, we discuss challenges and future research directions