A Survey on Industrial Control System Testbeds and Datasets for Security Research

The increasing digitization and interconnection of legacy Industrial Control Systems (ICSs) open new vulnerability surfaces, exposing such systems to malicious attackers. Furthermore, since ICSs are often employed in critical infrastructures (e.g., nuclear plants) and manufacturing companies (e.g., chemical industries), attacks can lead to devastating physical damages. In dealing with this security requirement, the research community focuses on developing new security mechanisms such as Intrusion Detection Systems (IDSs), facilitated by leveraging modern machine learning techniques. However, these algorithms require a testing platform and a considerable amount of data to be trained and tested accurately. To satisfy this prerequisite, Academia, Industry, and Government are increasingly proposing testbed (i.e., scaled-down versions of ICSs or simulations) to test the performances of the IDSs. Furthermore, to enable researchers to cross-validate security systems (e.g., security-by-design concepts or anomaly detectors), several datasets have been collected from testbeds and shared with the community. In this paper, we provide a deep and comprehensive overview of ICSs, presenting the architecture design, the employed devices, and the security protocols implemented. We then collect, compare, and describe testbeds and datasets in the literature, highlighting key challenges and design guidelines to keep in mind in the design phases. Furthermore, we enrich our work by reporting the best performing IDS algorithms tested on every dataset to create a baseline in state of the art for this field. Finally, driven by knowledge accumulated during this survey's development, we report advice and good practices on the development, the choice, and the utilization of testbeds, datasets, and IDSs

Inferring Power Grid Information with Power Line Communications: Review and Insights

High-frequency signals were widely studied in the last decade to identify grid and channel conditions in PLNs. PLMs operating on the grid's physical layer are capable of transmitting such signals to infer information about the grid. Hence, PLC is a suitable communication technology for SG applications, especially suited for grid monitoring and surveillance. In this paper, we provide several contributions: 1) a classification of PLC-based applications; 2) a taxonomy of the related methodologies; 3) a review of the literature in the area of PLC Grid Information Inference (GII); and, insights that can be leveraged to further advance the field. We found research contributions addressing PLMs for three main PLC-GII applications: topology inference, anomaly detection, and physical layer key generation. In addition, various PLC-GII measurement, processing, and analysis approaches were found to provide distinctive features in measurement resolution, computation complexity, and analysis accuracy. We utilize the outcome of our review to shed light on the current limitations of the research contributions and suggest future research directions in this field.Comment: IEEE Communication Surveys and Tutorials Journa

Systematic specification of requirements for assembly process control system in the pharmaceutical industry

Abstract. Pharmaceutical manufacturing is one of the most strictly regulated fields in the world. Manufacturers of pharmaceutical products are juridically obliged to monitor the safety and quality of products. Any defects and manufacturing errors affecting the product are demanded to be traceable due to patient safety. Regulative bodies have set strict demands for data integrity in manufacturing records. The main objective of this thesis is to evaluate whether the proposed supervisory control and data acquisition software can adhere to current prevailing regulatory framework. The evaluation of the proposed supervisory control and data acquisition software focuses on handling of electronic records and electronic signatures. Features like user management, alarm and event management, reporting, and locally set requirements in the target company are investigated and reflected to the prevailing regulations concerning data integrity. The results showed that the proposed software is, when properly configured, compliant to prevailing regulations regarding electronic records and electronic signatures. In addition, the proposed software is capable of the requirements set by the target company.Systemaattinen vaatimusmäärittely kokoonpanoprosessin ohjausjärjestelmälle lääketeollisuudessa. Tiivistelmä. Valmistava lääketeollisuus on yksi maailman eniten säädellyin teollisuuden ala. Lääkinnällisten tuotteiden valmistaja on lainmukaisesti vastuussa tuotteidensa laadusta ja valmistuksen valvomisesta. Tuotteiden laatu- ja valmistusvirheiden vaaditaan olevan jäljitettävissä potilasturvallisuuden vuoksi. Sääntelyviranomaiset ovat asettaneet tiukat vaatimukset tuotantokoneiden elektronisille tallenteille. Tämän diplomityön tavoitteena on arvioida noudattaako ehdotettu ohjausjärjestelmä nykyisiä säädöksiä. Ohjausjärjestelmän arviointi keskittyy eletronisten tallenteiden ja elektronisten allekirjoitusten toteutukseen ohjelmassa. Arvioinnin perustana käytetään sääntelyviranomaisten viimeisimpiä säädöksiä. Arviointi kohdistuu ohjelmiston käyttähallintaan, hälytys- ja tapahtumahallintaan, raportointiin ja paikallisesti asetettuihin vaatimuksiin tiedon eheyden näkökulmasta. Arviointi osoitti, että oikein konfiguroituna ehdotettu ohjausjärjestelmä noudattaa nykyisiä säännöksiä elektronisten tallenteiden ja elektronisten allekirjoitusten osalta. Ohjelmisto pystyy myös vastaamaan yrityksen paikallisesti asetettuihin vaatimuksiin. Ohjelmistoa voi kuitenkin käyttää vastoin nykyisiä sääntelyviranomaisten laatimia säädöksiä ilman riittävää asiantuntevuutta

Machine Learning for Cyber Physical Systems

This open access proceedings presents new approaches to Machine Learning for Cyber Physical Systems, experiences and visions. It contains selected papers from the fifth international Conference ML4CPS – Machine Learning for Cyber Physical Systems, which was held in Berlin, March 12-13, 2020. Cyber Physical Systems are characterized by their ability to adapt and to learn: They analyze their environment and, based on observations, they learn patterns, correlations and predictive models. Typical applications are condition monitoring, predictive maintenance, image processing and diagnosis. Machine Learning is the key technology for these developments

No Need to Know Physics: Resilience of Process-based Model-free Anomaly Detection for Industrial Control Systems

In recent years, a number of process-based anomaly detection schemes for Industrial Control Systems were proposed. In this work, we provide the first systematic analysis of such schemes, and introduce a taxonomy of properties that are verified by those detection systems. We then present a novel general framework to generate adversarial spoofing signals that violate physical properties of the system, and use the framework to analyze four anomaly detectors published at top security conferences. We find that three of those detectors are susceptible to a number of adversarial manipulations (e.g., spoofing with precomputed patterns), which we call Synthetic Sensor Spoofing and one is resilient against our attacks. We investigate the root of its resilience and demonstrate that it comes from the properties that we introduced. Our attacks reduce the Recall (True Positive Rate) of the attacked schemes making them not able to correctly detect anomalies. Thus, the vulnerabilities we discovered in the anomaly detectors show that (despite an original good detection performance), those detectors are not able to reliably learn physical properties of the system. Even attacks that prior work was expected to be resilient against (based on verified properties) were found to be successful. We argue that our findings demonstrate the need for both more complete attacks in datasets, and more critical analysis of process-based anomaly detectors. We plan to release our implementation as open-source, together with an extension of two public datasets with a set of Synthetic Sensor Spoofing attacks as generated by our framework