Cyber-Physical Attacks: The Role of Network Parameters

The fact that modern Networked Industrial Control Systems (NICS) depend on Information and Communications Technologies (ICT) is well known. Although many studies have focused on the security of NICS, today we still lack a proper understanding of the impact that network parameters, e.g. network delays, packet losses, background traffic, and network design decisions, have on cyber attacks targeting NICS. In this paper we investigate the impact of network parameters on cyber attacks targeting industrial processes. Our analysis is based on the Tennessee-Eastman chemical process and proves that network parameters have a limited effect on remote cyber attacks.JRC.G.6-Security technology assessmen

Impact of Network Infrastructure Parameters to the Effectiveness of Cyber Attacks Against Industrial Control Systems

The fact that modern Networked Industrial Control Systems (NICS) depend on Information and Communication Technologies (ICT), is well known. Although many studies have focused on the security of SCADA systems, today we still lack the proper understanding of the effects that cyber attacks have on NICS. In this paper we identify the communication and control logic implementation parameters that influence the outcome of attacks against NICS and that could be used as effective measures for increasing the resilience of industrial installations. The implemented scenario involves a powerful attacker that is able to send legitimate Modbus packets/commands to control hardware in order to bring the physical process into a critical state, i.e. dangerous, or more generally unwanted state of the system. The analysis uses a Boiling Water Power Plant to show that the outcome of cyber attacks is influenced by network delays, packet losses, background traffic and control logic scheduling time. The main goal of this paper is to start an exploration of cyber-physical effects in particular scenarios. This study is the first of its kind to analyze cyber-physical systems and provides insight to the way that the cyber realm affects the physical realm

KYPO4INDUSTRY: A Testbed for Teaching Cybersecurity of Industrial Control Systems

There are different requirements on cybersecurity of industrial control systems and information technology systems. This fact exacerbates the global issue of hiring cybersecurity employees with relevant skills. In this paper, we present KYPO4INDUSTRY training facility and a course syllabus for beginner and intermediate computer science students to learn cybersecurity in a simulated industrial environment. The training facility is built using open-source hardware and software and provides reconfigurable modules of industrial control systems. The course uses a flipped classroom format with hands-on projects: the students create educational games that replicate real cyber attacks. Throughout the semester, they learn to understand the risks and gain capabilities to respond to cyber attacks that target industrial control systems. Our described experience from the design of the testbed and its usage can help any educator interested in teaching cybersecurity of cyber-physical systems

A review of available software for the creation of testbeds for Internet security research

The increasing use of experimental platforms for networking research is due to their ability to support experimentation with complex systems, like the Internet, that simplistic simulators and small scale testbeds fail to reproduce. Therefore many projects and research initiatives have spawned - mainly in the field of Future Internet architectures. Although numerous publications can be found, most of them refer to prototypes and work in progress rather than to publicly available software that is ready to be widely used for the creation of testbeds. The first contribution is the development of a framework for comparing the available software based on their features. The second contribution is a literature review of state-of-the-art tools and their comparison under common criteria. This systematic analysis allows other researchers to make informed decisions about the usability of already available tools and decrease the initial cost of developing a new testbed, leading to an even wider use of such platforms. Our work provides the reader with a useful reference list of readily available software to choose from while designing or upgrading a research infrastructure, laboratory or experimentation facility.JRC.G.6-Security technology assessmen

Theory of Evidence-Based Automated Decision Making in Cyber-Physical Systems

Abstract—The Smart Grid is a complex cyber-physical system that is evolving rapidly from a relatively isolated to an open and diverse environment. Within this context, enhancing the security of the future Smart Grid becomes a major priority. In this paper we introduce the use of data fusion for automated decision making in cyber-physical systems such as the Smart Grid. One of the most important applications of decision making is in the field of anomaly detection. This can enable the detection of attacks in cyber-physical systems without requiring a complete description of the physical process. The novelty of our approach is that it combines reports of various cyber and physical sensors, rather than focusing on either one single metric, or one singe realm, as was the case of similar techniques. Based on the proposed architecture we implement a new cyber-physical anomaly detection system. We show that data fusion is much more effective if it combines both cyber and physical realms, rather than focusing on the two realms separately. Index Terms—Cyber-Physical systems, Smart Grid, data fusion, anomaly detection systems

Developing Cyber-Physical Experimental Capabilities for the Security Analysis of the Future Smart Grid

Abstract—During the evolution of today’s power grid to a Smart Grid it is expected that IP-based communication protocols including Supervisory Control And Data Acquisition (SCADA) systems, will form the basis of communications architecture for substation and distribution automation, advanced metering and home area networking applications. However, this will lead to many Smart Grid security challenges- a forecast that is supported by the vulnerability of current SCADA systems. In this paper we examine how our experimental framework that has been developed for the modeling and simulation of local power plants can be extended and efficiently used for the study of complex wide area environments such as the future Smart Grid. We show that our framework is flexible enough to be easily extended with components for satisfying the requirements of a complex environment as the future Smart Grid. The main contribution of the paper is that it proposes a framework for experimenting with the Smart Grid that can be used by researchers to recreate an experimentation environment for measuring and understanding the consequences of cyber attacks on the Smart Grid. The paper also presents the study of a cyber attack involving compromised control hardware and the IEEE 9-bus system. The results confirm that we can experimentally recreate and study oscillations in the power grid caused by adversaries that attack the system through its IP-based control subsystem. Index Terms—Cyber-physical, security, experimentation, framework, Smart Grid

A survey of software tools for the creation of networked testbeds

The development of testbeds for networking research has been driven by the need for experimentation with complex systems, like the Internet, that simplistic simulators fail to reproduce. Recently, networked testbeds seem to head towards more advanced, flexible and automated experimental platforms mainly as the results of many projects and research initiatives in the field of Future Internet architectures. Although numerous publications can be found, most of them refer to prototypes and work in progress rather than to publicly available software that is ready to be widely used for the creation of such testbeds. The first contribution is the development of a framework that can be used to capture the main features of the available software. The second contribution is a literature review of state-of-the-art tools and their comparison under common criteria. This systematic analysis allows other researchers to make informed decisions about the usability of already available tools and decrease the initial cost of developing a new testbed, leading to an even wider use of such platforms. This paper provides the reader with a useful reference list of readily available software to choose from while designing or upgrading a research infrastructure, laboratory or experimentation facility.JRC.DG.G.6-Security technology assessmen

An Experimental Study on the Impact of Network Segmentation to the Resilience of Physical Processes

Abstract. The fact that modern Networked Industrial Control Systems (NICS) depend on Information and Communication Technologies (ICT) is well known. Although many studies have focused on the security of NICS, today we still lack a proper understanding of the impact that network design choices have on the resilience of NICS, e.g., a network architecture using VLAN segmentation. In this paper we investigate the impact of process control network segmentation on the resilience of physical processes. We consider an adversary capable of reprogramming the logic of control hardware in order to disrupt the normal operation of the physical process. Our analysis that is based on the Tennessee-Eastman chemical process proves that network design decisions significantly increase the resilience of the process using as resilience metric the time that the process is able to run after the attack is started, before shutting down. Therefore a resilience-aware network design can provide a tolerance period of several hours that would give operators more time to intervene, e.g., switch OFF devices or disconnect equipment in order to reduce damages

Towards Multisensor Data Fusion for DoS Detection

In our present work we introduce the use of data fusion in the field of DoS anomaly detection. We present DempsterShafer 's Theory of Evidence (D-S) as the mathematical foundation for the development of a novel DoS detection engine. Based on a data fusion paradigm, we combine multiple evidence generated from simple heuristics to feed our D-S inference engine and attempt to detect flooding attacks

Investigating the effect of Network Parameters on Coordinated Cyber Attacks against a Simulated Power Plant

The fact that modern Networked Industrial Control Systems (NICS) depend on Information and Communication Technologies (ICT), is well known. Although many studies have focused on the security of these systems, today we still lack the proper understanding of the effects that cyber attacks have on NICS. In this paper we use our previously developed framework to study the effects of coordinated cyber attacks against NICS. Coordinated attacks rely on several infected hosts to disrupt the normal functionality of the system. Within the context of NICS we consider multiple infected control hardware, a highly similar setting to the recently reported Stuxnet worm, the first malware specifically designed to attack NICS. Furthermore we consider that the coordinator is located outside the system, in the Internet, from where it launches attacks by sending messages to each infected control hardware. The experimental results show that coordinated attacks against NICS are highly sensitive respect to communication delays, packet losses and network traffic. Furthermore, we prove that coordinated attacks have a low success rate if there are timing constraints between commands sent to each control hardware. The attack scenarios are implemented with our previously developed framework where an emulation testbed (based on Emulab) is used to recreate ICT components and a soft real-time simulator (based on Simulink) is used for the physical processes.JRC.E.2-Technology Innovation in Securit