701 research outputs found
Assessing and augmenting SCADA cyber security: a survey of techniques
SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability
Time is of the Essence: Machine Learning-based Intrusion Detection in Industrial Time Series Data
The Industrial Internet of Things drastically increases connectivity of
devices in industrial applications. In addition to the benefits in efficiency,
scalability and ease of use, this creates novel attack surfaces. Historically,
industrial networks and protocols do not contain means of security, such as
authentication and encryption, that are made necessary by this development.
Thus, industrial IT-security is needed. In this work, emulated industrial
network data is transformed into a time series and analysed with three
different algorithms. The data contains labeled attacks, so the performance can
be evaluated. Matrix Profiles perform well with almost no parameterisation
needed. Seasonal Autoregressive Integrated Moving Average performs well in the
presence of noise, requiring parameterisation effort. Long Short Term
Memory-based neural networks perform mediocre while requiring a high training-
and parameterisation effort.Comment: Extended version of a publication in the 2018 IEEE International
Conference on Data Mining Workshops (ICDMW
Formally designing and implementing cyber security mechanisms in industrial control networks.
This dissertation describes progress in the state-of-the-art for developing and deploying formally verified cyber security devices in industrial control networks. It begins by detailing the unique struggles that are faced in industrial control networks and why concepts and technologies developed for securing traditional networks might not be appropriate. It uses these unique struggles and examples of contemporary cyber-attacks targeting control systems to argue that progress in securing control systems is best met with formal verification of systems, their specifications, and their security properties. This dissertation then presents a development process and identifies two technologies, TLA+ and seL4, that can be leveraged to produce a high-assurance embedded security device. The method presented in this dissertation takes an informal design of an embedded device that might be found in a control system and 1) formalizes the design within TLA+, 2) creates and mechanically checks a model built from the formal design, and 3) translates the TLA+ design into a component-based architecture of a native seL4 application. The later chapters of this dissertation describe an application of the process to a security preprocessor embedded device that was designed to add security mechanisms to the network communication of an existing control system. The device and its security properties are formally specified in TLA+ in chapter 4, mechanically checked in chapter 5, and finally its native seL4 architecture is implemented in chapter 6. Finally, the conclusions derived from the research are laid out, as well as some possibilities for expanding the presented method in the future
MOSTO: A toolkit to facilitate security auditing of ICS devices using Modbus/TCP
The integration of the Internet into industrial plants has connected Industrial Control Systems (ICS) worldwide, resulting in an increase in the number of attack surfaces and the exposure of software and devices not originally intended for networking. In addition, the heterogeneity and technical obsolescence of ICS architectures, legacy hardware, and outdated software pose significant challenges. Since these systems control essential infrastructure such as power grids, water treatment plants, and transportation networks, security is of the utmost importance. Unfortunately, current methods for evaluating the security of ICS are often ad-hoc and difficult to formalize into a systematic evaluation methodology with predictable results. In this paper, we propose a practical method supported by a concrete toolkit for performing penetration testing in an industrial setting. The primary focus is on the Modbus/TCP protocol as the field control protocol. Our approach relies on a toolkit, named MOSTO, which is licensed under GNU GPL and enables auditors to assess the security of existing industrial control settings without interfering with ICS workflows. Furthermore, we present a model-driven framework that combines formal methods, testing techniques, and simulation to (formally) test security properties in ICS networks
A critical review of cyber-physical security for building automation systems
Modern Building Automation Systems (BASs), as the brain that enables the
smartness of a smart building, often require increased connectivity both among
system components as well as with outside entities, such as optimized
automation via outsourced cloud analytics and increased building-grid
integrations. However, increased connectivity and accessibility come with
increased cyber security threats. BASs were historically developed as closed
environments with limited cyber-security considerations. As a result, BASs in
many buildings are vulnerable to cyber-attacks that may cause adverse
consequences, such as occupant discomfort, excessive energy usage, and
unexpected equipment downtime. Therefore, there is a strong need to advance the
state-of-the-art in cyber-physical security for BASs and provide practical
solutions for attack mitigation in buildings. However, an inclusive and
systematic review of BAS vulnerabilities, potential cyber-attacks with impact
assessment, detection & defense approaches, and cyber-secure resilient control
strategies is currently lacking in the literature. This review paper fills the
gap by providing a comprehensive up-to-date review of cyber-physical security
for BASs at three levels in commercial buildings: management level, automation
level, and field level. The general BASs vulnerabilities and protocol-specific
vulnerabilities for the four dominant BAS protocols are reviewed, followed by a
discussion on four attack targets and seven potential attack scenarios. The
impact of cyber-attacks on BASs is summarized as signal corruption, signal
delaying, and signal blocking. The typical cyber-attack detection and defense
approaches are identified at the three levels. Cyber-secure resilient control
strategies for BASs under attack are categorized into passive and active
resilient control schemes. Open challenges and future opportunities are finally
discussed.Comment: 38 pages, 7 figures, 6 tables, submitted to Annual Reviews in Contro
Implementing Man-in-the-Middle Attack to Investigate Network Vulnerabilities in Smart Grid Test-bed
The smart-grid introduces several new data-gathering, communication, and
information-sharing capabilities into the electrical system, as well as
additional privacy threats, vulnerabilities, and cyber-attacks. In this study,
Modbus is regarded as one of the most prevalent interfaces for control systems
in power plants. Modern control interfaces are vulnerable to cyber-attacks,
posing a risk to the entire energy infrastructure. In order to strengthen
resistance to cyber-attacks, this study introduces a test bed for
cyber-physical systems that operate in real-time. To investigate the network
vulnerabilities of smart power grids, Modbus protocol has been examined
combining a real-time power system simulator with a communication system
simulator and the effects of the system presented and analyzed. The goal is to
detect the vulnerability in Modbus protocol and perform the Man-in-the-middle
attack with its impact on the system. This proposed testbed can be evaluated as
a research model for vulnerability assessment as well as a tool for evaluating
cyber-attacks and enquire into any detection mechanism for safeguarding and
defending smart grid systems from a variety of cyberattacks. We present here
the preliminary findings on using the testbed to identify a particular MiTM
attack and the effects on system performance. Finally, we suggest a cyber
security strategy as a solution to address such network vulnerabilities and
deploy appropriate countermeasures.Comment: 7 pages, 10 figures, Conference paper, Accepted in publication for
2023 IEEE World AI IoT Congress (AIIoT
- …