Identifying Security-Critical Cyber-Physical Components in Industrial Control Systems

In recent years, Industrial Control Systems (ICS) have become an appealing target for cyber attacks, having massive destructive consequences. Security metrics are therefore essential to assess their security posture. In this paper, we present a novel ICS security metric based on AND/OR graphs that represent cyber-physical dependencies among network components. Our metric is able to efficiently identify sets of critical cyber-physical components, with minimal cost for an attacker, such that if compromised, the system would enter into a non-operational state. We address this problem by efficiently transforming the input AND/OR graph-based model into a weighted logical formula that is then used to build and solve a Weighted Partial MAX-SAT problem. Our tool, META4ICS, leverages state-of-the-art techniques from the field of logical satisfiability optimisation in order to achieve efficient computation times. Our experimental results indicate that the proposed security metric can efficiently scale to networks with thousands of nodes and be computed in seconds. In addition, we present a case study where we have used our system to analyse the security posture of a realistic water transport network. We discuss our findings on the plant as well as further security applications of our metric.Comment: Keywords: Security metrics, industrial control systems, cyber-physical systems, AND-OR graphs, MAX-SAT resolutio

Information flow properties for cyber-physical systems

In cyber-physical systems, which are the integrations of computational and physical processes, security properties are difficult to enforce. Fundamentally, physically observable behavior leads to violations of confidentiality. This work analyzes certain noninterference based security properties to ensure that interactions between the cyber and physical processes preserve confidentiality. A considerable barrier to this analysis is the representation of physical system interactions at the cyber-level. This thesis presents encoding of these physical system properties into a discrete event system and represents the cyber-physical system using Security Process Algebra (SPA). The model checker, Checker of Persistent Security (CoPS) shows Bisimulation based NonDeducibility on Compositions (BNDC) properties, which are a variant of noninterference properties, to check the system\u27s security against all potential high-level interactions. This work considers a model problem of invariant pipeline flow to examine the BNDC properties and their applicability for cyber-physical systems--Abstract, page iii

Cyber-Security Incidents: A Review Cases In Cyber-Physical Systems

Cyber-Physical Systems refer to systems that have an interaction between computers, communication channels and physical devices to solve a real-world problem. Towards industry 4.0 revolution, Cyber-Physical Systems currently become one of the main targets of hackers and any damage to them lead to high losses to a nation. According to valid resources, several cases reported involved security breaches on Cyber-Physical Systems. Understanding fundamental and theoretical concept of security in the digital world was discussed worldwide. Yet, security cases in regard to the cyber-physical system are still remaining less explored. In addition, limited tools were introduced to overcome security problems in Cyber-Physical System. To improve understanding and introduce a lot more security solutions for the cyber-physical system, the study on this matter is highly on demand. In this paper, we investigate the current threats on Cyber-Physical Systems and propose a classification and matrix for these threats, and conduct a simple statistical analysis of the collected data using a quantitative approach. We confirmed four components i.e., (the type of attack, impact, intention and incident categories) main contributor to threat taxonomy of Cyber-Physical System

CPSA: A Cyber-Physical Security Assessment Tool for Situational Awareness in Smart Grid

It has now become critical and important to understanding the nature of cyber-attacks and their impact on the physical operation of emerging smart electricity grids. Modeling and simulation provide a cost-effective means to develop frameworks and algorithms that address cyber-physical security challenges facing the smart grid. Existing simulation tools support either the communication network or the power system, but not both together. Thus, it is difficult to explore the effects of cyber-physical attacks on power system dynamics and operations. In order to bridge this gap, a cyber-physical co-simulator is required. In this paper, we present a novel integrated cyber-physical security co-simulator tool capable of cyber-physical security assessment (CPSA), which simulates the communication network and the power system together. The tool identifies future vulnerable states and bad measurements and guides the operator at the control center on taking appropriate action to minimize disruption of the physical power system operation due to cyber-attack. The developed tool can be used in understanding of power system monitoring, analyzing the nature of cyber-attacks, detecting bad measurement data, bad command, disabled devices and understand their impact on the operation of the power system