ABSTRACT
In the last years there has been an increasing interest in the security of process control and SCADA systems. Furthermore, recent computer attacks such as the Stuxnet worm, have shown there are parties with the motivation and resources to effectively attack control systems.
While previous work has proposed new security mechanisms for control systems, few of them have explored new and fundamentally different research problems for securing control systems when compared to securing traditional information technology (IT) systems. In particular, the sophistication of new malware attacking control systems--malware including zero-days attacks, rootkits created for control systems, and software signed by trusted certificate authorities--has shown that it is very difficult to prevent and detect these attacks based solely on IT system information.
In this paper we show how, by incorporating knowledge of the physical system under control, we are able to detect computer attacks that change the behavior of the targeted control system. By using knowledge of the physical system we are able to focus on the final objective of the attack, and not on the particular mechanisms of how vulnerabilities are exploited, and how the attack is hidden. We analyze the security and safety of our mechanisms by exploring the effects of stealthy attacks, and by ensuring that automatic attack-response mechanisms will not drive the system to an unsafe state.
A secondary goal of this paper is to initiate the discussion between control and security practitioners--two areas that have had little interaction in the past. We believe that control engineers can leverage security engineering to design--based on a combination of their best practices--control algorithms that go beyond safety and fault tolerance, and include considerations to survive targeted attacks.
- Nicolas Falliere, Liam O Murchu, and Eric Chien. W32.Stuxnet Dossier. Symantec, version 1.3 edition, November 2010.Google Scholar
- Ralph Langner. Langner communications. http://www.langner.com/en/, October 2010.Google Scholar
- Steve Bellovin. Stuxnet: The first weaponized software? http://www.cs.columbia.edu/~smb/blog//2010-09-27.html, October 2010.Google Scholar
- Dale Peterson. Digital bond: Weisscon and stuxnet. http://www.digitalbond.com/index.php/2010/09/22/weisscon-and-stuxnet/, October 2010.Google Scholar
- Brian Krebs. Cyber Incident Blamed for Nuclear Power Plant Shutdown. Washington Post, http://www.washingtonpost.com/wp-dyn/content/article/2008/06/05/AR2008060501958.html, June 2008.Google Scholar
- Robert J. Turk. Cyber incidents involving control systems. Technical Report INL/EXT-05-00671, Idao National Laboratory, October 2005.Google ScholarCross Ref
- Richard Esposito. Hackers penetrate water system computers. http://blogs.abcnews.com/theblotter/2006/10/hackers_penetra.html, October 2006.Google Scholar
- BBC News. Colombia Rebels Blast Power Pylons. BBC, http://news.bbc.co.uk/2/hi/americas/607782.stm, January 2000.Google Scholar
- Jill Slay and Michael Miller. Lessons learned from the maroochy water breach. In Critical Infrastructure Protection, volume 253/2007, pages 73--82. Springer Boston, November 2007.Google Scholar
- Paul Quinn-Judge. Cracks in the system. TIME Magazine, 9th Jan 2002.Google Scholar
- Thomas Reed. At the Abyss: An Insider's History of the Cold War. Presidio Press, March 2004.Google Scholar
- United States Attorney, Eastern District of California. Willows man arrested for hacking into Tehama Colusa Canal Authority computer system. http://www.usdoj.gov/usao/cae/press_releases/docs/2007/11-28-07KeehnInd.pdf, November 2007.Google Scholar
- United States Attorney, Eastern District of California. Sacramento man pleads guilty to attempting ot shut down california's power grid. http://www.usdoj.gov/usao/cae/press_releases/docs/2007/12-14-07DenisonPlea.pdf, November 2007.Google Scholar
- David Kravets. Feds: Hacker disabled offshore oil platform leak-detection system. http://www.wired.com/threatlevel/2009/03/feds-hacker-dis/, March 2009.Google Scholar
- John Leyden. Polish teen derails tram after hacking train network. The Register, 11th Jan 2008.Google Scholar
- Andrew Greenberg. Hackers cut cities' power. In Forbes, Jaunuary 2008.Google Scholar
- V. M. Igure, S. A. Laughter, and R. D. Williams. Security issues in SCADA networks. Computers & Security, 25(7):498--506, 2006.Google ScholarDigital Library
- P. Oman, E. Schweitzer, and D. Frincke. Concerns about intrusions into remotely accessible substation controllers and SCADA systems. In Proceedings of the Twenty-Seventh Annual Western Protective Relay Conference, volume 160. Citeseer, 2000.Google Scholar
- US-CERT. Control Systems Security Program. US Department of Homeland Security, http://www.us-cert.gov/control_systems/index.html, 2008.Google Scholar
- GAO. Critical infrastructure protection. Multiple efforts to secure control systems are under way, but challenges remain. Technical Report GAO-07-1036, Report to Congressional Requesters, September 2007.Google Scholar
- Jack Eisenhauer, Paget Donnelly, Mark Ellis, and Michael O'Brien. Roadmap to Secure Control Systems in the Energy Sector. Energetics Incorporated. Sponsored by the U.S. Department of Energy and the U.S. Department of Homeland Security, January 2006.Google Scholar
- Eric Byres and Justin Lowe. The myths and facts behind cyber security risks for industrial control systems. In Proceedings of the VDE Congress, VDE Association for Electrical Electronic & Information Technologies, October 2004.Google Scholar
- D. Geer. Security of critical control systems sparks concern. Computer, 39(1):20--23, Jan. 2006. Google ScholarDigital Library
- A. A. Cardenas, T. Roosta, and S. Sastry. Rethinking security properties, threat models, and the design space in sensor networks: A case study in SCADA systems. Ad Hoc Networks, 2009. Google ScholarDigital Library
- NERC-CIP. Critical Infrastructure Protection. North American Electric Reliability Corporation, http://www.nerc.com/cip.html, 2008.Google Scholar
- K. Stouffer, J. Falco, and K. Kent. Guide to supervisory control and data acquisition (SCADA) and industrial control systems security. Sp800-82, NIST, September 2006.Google Scholar
- Idaho National Laboratory. National SCADA Test Bed Program. http://www.inl.gov/scada.Google Scholar
- Hart. http://www.hartcomm2.org/frontpage/wirelesshart.html. WirelessHart whitepaper, 2007.Google Scholar
- ISA. http://isa.org/isasp100. Wireless Systems for Automation, 2007.Google Scholar
- Eric Cosman. Patch management at Dow chemical. In ARC Tenth Annual Forum on Manufacturing, February 20--24 2006.Google Scholar
- Patch management strategies for the electric sector. Edison Electric Institute--IT Security Working Group, March 2004.Google Scholar
- Eric Byres, David Leversage, and Nate Kube. Security incidents and trends in SCADA and process industries. The Industrial Ethernet Book, 39(2):12--20, May 2007.Google Scholar
- Andrew K. Wright, John A. Kinast, and Joe McCarty. Low-latency cryptographic protection for SCADA communications. In Applied Cryptography and Network Security (ACNS), pages 263--277, 2004.Google ScholarCross Ref
- Patrick P. Tsang and Sean W. Smith. YASIR: A low-latency high-integrity security retrofit for lecacy SCADA systems. In 23rd International Information Security Conference (IFIC SEC), pages 445--459, September 2008.Google Scholar
- Steven Hurd, Rhett Smith, and Garrett Leischner. Tutorial: Security in electric utility control systems. In 61st Annual Conference for Protective Relay Engineers, pages 304--309, April 2008.Google ScholarCross Ref
- Steven Cheung, Bruno Dutertre, Martin Fong, Ulf Lindqvist, Keith Skinner, and Alfonso Valdes. Using model-based intrusion detection for SCADA networks. In Proceedings of the SCADA Security Scientific Symposium, Miami Beach, FL, USA, 2007 2007.Google Scholar
- PAS Ralston, JH Graham, and JL Hieb. Cyber security risk assessment for SCADA and DCS networks. ISA transactions, 46(4):583--594, 2007.Google ScholarCross Ref
- P. A. Craig, J. Mortensen, and J. E. Dagle. Metrics for the National SCADA Test Bed Program. Technical report, PNNL-18031, Pacific Northwest National Laboratory (PNNL), Richland, WA (US), 2008.Google Scholar
- G. Hamoud, R. L. Chen, and I. Bradley. Risk assessment of power systems SCADA. In IEEE Power Engineering Society General Meeting, 2003, volume 2, 2003.Google ScholarCross Ref
- Yao Liu, Michael K. Reiter, and Peng Ning. False data injection attacks against state estimation in electric power grids. In CCS '09: Proceedings of the 16th ACM conference on Computer and communications security, pages 21--32, New York, NY, USA, 2009. ACM. Google ScholarDigital Library
- Rakesh Bobba, Katherine M. Rogers, Qiyan Wang, Himanshu Khurana, Klara Nahrstedt, and Thomas J. Overbye. Detecting false data injection attacks on dc state estimation. In Preprints of the 1st Workshop on Secure Control Systems, 2010.Google Scholar
- Henrik Sandberg, Teixeira Andre, and Karl H. Johansson. On security indices for state estimators in power networks. In Preprints of the 1st Workshop on Secure Control Systems, 2010.Google Scholar
- Oliver Kosut, Liyan Jia, Robert J. Thomas, and Lang Tong. Malicious data attacks on smart grid state estimation: Attack strategies and countermeasures. In First International Conference on Smart Grid Communications (SmartGridComm), pages 220--225, 2010.Google ScholarCross Ref
- Oliver Kosut, Liyan Jia, Robert J. Thomas, and Lang Tong. On malicious data attacks on power system state estimation. In UPEC, 2010.Google Scholar
- A Teixeira, S. Amin, H. Sandberg, K. H. Johansson, and S. S. Sastry. Cyber-security analysis of state estimators in electric power systems. In IEEE Conference on Decision and Control (CDC), 2010.Google ScholarCross Ref
- Le Xie, Yilin Mo, and Bruno Sinopoli. False data injection attacks in electricity markets. In First International Conference on Smart Grid Communications (SmartGridComm), pages 226--231, 2010.Google ScholarCross Ref
- Yilin Mo and Bruno Sinopoli. False data injection attacks in control systems. In Preprints of the 1st Workshop on Secure Control Systems, 2010.Google Scholar
- Julian Rrushi. Composite Intrusion Detection in Process Control Networks. PhD thesis, Universita Degli Studi Di Milano, 2009.Google Scholar
- NL Ricker. Model predictive control of a continuous, nonlinear, two-phase reactor. JOURNAL OF PROCESS CONTROL, 3:109--109, 1993.Google ScholarCross Ref
- Dorothy Denning. An intrusion-detection model. Software Engineering, IEEE Transactions on, SE-13(2):222--232, Feb. 1987. Google ScholarDigital Library
- S. Joe Quin and Thomas A. Badgwell. A survey of industrial model predictive control technology. Control Engineering Practice, 11(7):733--764, July 2003.Google ScholarCross Ref
- J. B. Rawlings. Tutorial overview of model predictive control. Control Systems Magazine, IEEE, 20(3):38--52, Jun 2000.Google ScholarCross Ref
- T. Kailath and H. V. Poor. Detection of stochastic processes. IEEE Transactions on Information Theory, 44(6):2230--2258, October 1998. Google ScholarDigital Library
- A. Wald. Sequential Analysis. J. Wiley & Sons, New York, 1947.Google Scholar
- Jaeyeon Jung, Vern Paxson, Arthur Berger, and Hari Balakrishan. Fast portscan detection using sequential hypothesis testing. In Proceedings of the 2004 IEEE Symposium on Security and Privacy, pages 211--225, May 2004.Google ScholarCross Ref
- Stuart Schechter and Jaeyeon Jung Arthur Berger. Fast detection of scanning worm infections. In Proc. of the Seventh International Symposium on Recent Advances in Intrusion Detection (RAID), September 2004.Google ScholarCross Ref
- M. Xie, H. Yin, and H. Wang. An effective defense against email spam laundering. In Proceedings of the 13th ACM Conference on Computer and Communications Security, pages 179--190, October 30--November 3 2006. Google ScholarDigital Library
- Guofei Gu, Junjie Zhang, and Wenke Lee. Botsniffer: Detecting botnet command and control channels in network traffic. In Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS'08), San Diego, CA, February 2008.Google Scholar
- B. E. Brodsky and B. S. Darkhovsky. Non-Parametric Methods in Change-Point Problems. Kluwer Academic Publishers, 1993.Google Scholar
Index Terms
- Attacks against process control systems: risk assessment, detection, and response
Recommendations
A Taxonomy of Cyber Attacks on SCADA Systems
ITHINGSCPSCOM '11: Proceedings of the 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social ComputingSupervisory Control and Data Acquisition(SCADA) systems are deeply ingrained in the fabric of critical infrastructure sectors. These computerized real-time process control systems, over geographically dispersed continuous distribution operations, are ...
Understanding Indicators of Compromise against Cyber-attacks in Industrial Control Systems: A Security Perspective
Numerous sophisticated and nation-state attacks on Industrial Control Systems (ICSs) have increased in recent years, exemplified by Stuxnet and Ukrainian Power Grid. Measures to be taken post-incident are crucial to reduce damage, restore control, and ...
A Distributed IDS for Industrial Control Systems
Cyber-threats are one of the most significant problems faced by modern Industrial Control Systems ICS, such as SCADA Supervisory Control and Data Acquisition systems, as the vulnerabilities of ICS technology become serious threats that can ultimately ...
Comments