The Wireless Control Network: Monitoring for Malicious Behavior

We consider the problem of stabilizing a plant with a network of resource constrained wireless nodes. In a companion paper, we developed a protocol where each node repeatedly transmits an appropriate (stabilizing) linear combination of the values in its neighborhood. In this paper, we design an Intrusion Detection System (IDS) for this control scheme, which observes the transmissions of certain nodes and uses that information to (a) recover the plant outputs (for datalogging and diagnostic purposes) and (b) identify malicious behavior by any of the wireless nodes in the network. We show that if the connectivity of the network is sufficiently high, the IDS only needs to observe a subset of the nodes in the network in order to achieve this objective. Our approach provides a characterization of the set of nodes that should be observed, a systematic procedure for the IDS to use to identify the malicious nodes and recover the outputs of the plant, and an upper bound on the delay required to obtain the necessary information

Design of Platforms for Experimentation in Industrial Cybersecurity

[EN] The connectivity advances in industrial control systems have also increased the possibility of cyberattacks in industry. Thus, security becomes crucial in critical infrastructures, whose services are considered essential in fields such as manufacturing, energy or public health. Although theoretical and formal approaches are often proposed to advance in the field of industrial cybersecurity, more experimental efforts in realistic scenarios are needed to understand the impact of incidents, assess security technologies or provide training. In this paper, an approach for cybersecurity experimentation is proposed for several industrial areas. Aiming at a high degree of flexibility, the Critical Infrastructure Cybersecurity Laboratory (CICLab) is designed to integrate both real physical equipment with computing and networking infrastructure. It provides a platform for performing security experiments in control systems of diverse sectors such as industry, energy and building management. They allow researchers to perform security experimentation in realistic environments using a wide variety of technologies that are common in these control systems, as well as in the protection or security analysis of industrial networks. Furthermore, educational developments can be made to meet the growing demand of security-related professionals.SIMinisterio de Economía y Competitividad Spain UNLE13-3E-157

Risks and benefits of the integration Cloud Scada system.

El presente artículo identifica y busca hacer una revisión sobre los riesgos y beneficios que conlleva la integración de un sistema de supervisión y adquisición de datos (SCADA) en un entorno Cloud, haciendo énfasis en las capacidades, oportunidades, riesgos y alternativas de la gestión integral y dinámica de la información, en un proceso industrial automatizado y en la nube. El internet permite una disponibilidad remota y continúa para monitorear el rendimiento de un proceso industrial en cualquier lugar y en cualquier momento, brindando la posibilidad de tomar decisiones en tiempo real, sin la necesidad de presentarse personalmente en el lugar específico, de allí la importancia en la implementación de protocolos seguridad y protección para este tipo de sistemas SCADA Cloud, que recogen información de gran importancia.This article identifies and seeks to make a review of the risks and benefits of the integration of a Supervisory Control And Data Acquisition (SCADA) on a Cloud environment, emphasizing the capabilities, opportunities, risks and alternatives of integrated management and dynamic information, in an automated industrial process on the cloud. The Internet allows remote availability and continues to monitor the performance of an industrial process, at anywhere and at any time, providing the ability to make decisions in real time, without the need to appear in person at the specific place, hence the importance in the implementation of security protocols and safety for this type of Cloud SCADA systems, which collect information of great importance

A Framework for Modeling Cyber-Physical Switching Attacks in Smart Grid

Security issues in cyber-physical systems are of paramount importance due to the often safety- critical nature of its associated applications. A rst step in understanding how to protect such systems requires an understanding of emergent weaknesses, in part, due to the cyber-physical coupling. In this paper, we present a framework that models a class of cyber-physical switching vulnerabilities in smart grid systems. Variable structure system theory is employed to effectively characterize the cyber-physical interaction of the smart grid and demonstrate how existence of the switching vulnerability is dependent on the local structure of the power grid. We identify and demonstrate how through successful cyber intrusion and local knowledge of the grid an opponent can compute and apply a coordinated switching sequence to a circuit breaker to disrupt operation within a short interval of time. We illustrate the utility of the attack approach empirically on the Western Electricity Coordinating Council three-machine, nine-bus system under both model error and partial state information.The open access fee for this work was funded through the Texas A&M University Open Access to Knowledge (OAK) Fund

A water distribution and treatment simulation for testing cyber security enhancements for water sector SCADA systems.

Supervisory control and data acquisition (SCADA) systems are used by many critical infrastructures including electric power production and distribution, water and waste water treatment, rail transportation, and gas and oil distribution. Originally isolated proprietary systems, SCADA systems are increasingly connected to enterprise networks and the Internet and today use commercial hardware and software. As a result SCADA systems now face serious cyber-security threats. The need for testing and evaluation of developed cyber-security solutions presents a challenge since evaluation on actual systems is usually not possible and building complete physical testbeds is costly. This thesis presents the design and development of a water systems simulation for testing and evaluation of cyber-security enhanced field devices. The simulation consists of two main parts: a human machine interface/master terminal unit (HMI/MTU) component and a water treatment and distribution component. The HMI/MTU part supports new security protocols used to communicate with the hardened remote terminal unit (RTU). The water system simulates a water treatment and distribution center. A data acquisition (DAQ) module was used in conjunction with LabVIEWTM to create a water distribution and treatment simulation that could be interfaced with an actual field device. Field device I/Os are wired to the DAQ which then interface with the LabVIEWTM simulation. The simulation supports: selectable polling of I/O, graphical representation of I/O, random water usage, constant water usage, and simulation data collection. The simulation uses a modular design pattern so that it can be easily extended in the future. Initial testing with a hardened RTU prototype confirmed the ability of the simulation to interact with real hardware and identified some minor errors in the prototype’s security protocol implementation. With additional DAQ devices the simulation could be extended to simulate larger water systems

Securing industrial control system environments: the missing piece

Cyberattacks on industrial control systems (ICSs) are no longer matters of anticipation. These systems are continually subject to malicious attacks without much resistance. Network breaches, data theft, denial of service, and command and control functions are examples of common attacks on ICSs. Despite available security solutions, safety, security, resilience, and performance require both private public sectors to step-up strategies to address increasing security concerns on ICSs. This paper reviews the ICS security risk landscape, including current security solution strategies in order to determine the gaps and limitations for effective mitigation. Notable issues point to a greater emphasis on technology security while discounting people and processes attributes. This is clearly incongruent with; emerging security risk trends, the biased security strategy of focusing more on supervisory control and data acquisition systems, and the emergence of more sector-specific solutions as against generic security solutions. Better solutions need to include approaches that follow similar patterns as the problem trend. These include security measures that are evolutionary by design in response to security risk dynamics. Solutions that recognize and include; people, process and technology security enhancement into asingle system, and addressing all three-entity vulnerabilities can provide a better solution for ICS environments

Cyber security research frameworks for coevolutionary network defense

Cyber security is increasingly a challenge for organizations everywhere. Defense systems that require less expert knowledge and can adapt quickly to threats are strongly needed to combat the rise of cyber attacks. Computational intelligence techniques can be used to rapidly explore potential solutions while searching in a way that is unaffected by human bias. Several architectures have been created for developing and testing systems used in network security, but most are meant to provide a platform for running cyber security experiments as opposed to automating experiment processes. In the first paper, we propose a framework termed Distributed Cyber Security Automation Framework for Experiments (DCAFE) that enables experiment automation and control in a distributed environment. Predictive analysis of adversaries is another thorny issue in cyber security. Game theory can be used to mathematically analyze adversary models, but its scalability limitations restrict its use. Computational game theory allows us to scale classical game theory to larger, more complex systems. In the second paper, we propose a framework termed Coevolutionary Agent-based Network Defense Lightweight Event System (CANDLES) that can coevolve attacker and defender agent strategies and capabilities and evaluate potential solutions with a custom network defense simulation. The third paper is a continuation of the CANDLES project in which we rewrote key parts of the framework. Attackers and defenders have been redesigned to evolve pure strategy, and a new network security simulation is devised which specifies network architecture and adds a temporal aspect. We also add a hill climber algorithm to evaluate the search space and justify the use of a coevolutionary algorithm --Abstract, page iv

Use of Service Oriented Architecture for Scada Networks

Supervisory Control and Data Acquisition (SCADA) systems involve the use of distributed processing to operate geographically dispersed endpoint hardware components. They manage the control networks used to monitor and direct large-scale operations such as utilities and transit systems that are essential to national infrastructure. SCADA industrial control networks (ICNs) have long operated in obscurity and been kept isolated largely through strong physical security. Today, Internet technologies are increasingly being utilized to access control networks, giving rise to a growing concern that they are becoming more vulnerable to attack. Like SCADA, distributed processing is also central to cloud computing or, more formally, the Service Oriented Architecture (SOA) computing model. Certain distinctive properties differentiate ICNs from the enterprise networks that cloud computing developments have focused on. The objective of this project is to determine if modern cloud computing technologies can be also applied to improving dated SCADA distributed processing systems. Extensive research was performed regarding control network requirements as compared to those of general enterprise networks. Research was also conducted into the benefits, implementation, and performance of SOA to determine its merits for application to control networks. The conclusion developed is that some aspects of cloud computing might be usefully applied to SCADA systems but that SOA fails to meet ICN requirements in a certain essential areas. The lack of current standards for SOA security presents an unacceptable risk to SCADA systems that manage dangerous equipment or essential services. SOA network performance is also not sufficiently deterministic to suit many real-time hardware control applications. Finally, SOA environments cannot as yet address the regulatory compliance assurance requirements of critical infrastructure SCADA systems

Enhancing Trust in the Smart Grid by Applying a Modified Exponentially Weighted Averages Algorithm

The main contribution of this thesis is the development and application of a modified Exponentially Weighted Moving Algorithm (EWMA) algorithm, and its ability to robustly function in the face varying numbers of bad (malicious or malfunctioning) Special Protection System (SPS) nodes. Simulation results support the use of the proposed modified EWMA reputation based trust module in SPSs within a smart grid environment. This modification results in the ability to easily maintain the system above the minimum acceptable frequency of 58.8 Hz at the 95% confidence interval, when challenged with test cases containing 5, 10 and 15 bad node test cases out of 31 total load nodes. These promising results are realized by incorporating the optimal modified EWMA strategy, as identified by Receiver Operating Characteristic (ROC) techniques, where an optimal strategy is revealed. The optimal strategy maximizes true positives while minimizing false positives. Implementation of a modified EWMA within a reputation based special protection system does not account for each scenario that an electrical power engineer may face in the field. Instead, this research demonstrates that such an algorithm provides a robust environment to test within, in the hope of successfully meeting challenges and/or opportunities of the future