research-article

Attacks against process control systems: risk assessment, detection, and response

Authors:
Alvaro A. Cárdenas

Fujitsu Laboratories of America

Fujitsu Laboratories of America
View Profile

,
Saurabh Amin

University of California, Berkeley

University of California, Berkeley
View Profile

,
Zong-Syun Lin

National Chiao Tung University, Taiwan

National Chiao Tung University, Taiwan
View Profile

,
Yu-Lun Huang

National Chiao Tung University, Taiwan

National Chiao Tung University, Taiwan
View Profile

,
Chi-Yen Huang

National Chiao Tung University, Taiwan

National Chiao Tung University, Taiwan
View Profile

,
Shankar Sastry

University of California, Berkeley

University of California, Berkeley
View Profile

ASIACCS '11: Proceedings of the 6th ACM Symposium on Information, Computer and Communications SecurityMarch 2011Pages 355–366https://doi.org/10.1145/1966913.1966959

Published:22 March 2011Publication History

ASIACCS '11: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security

Pages 355–366

ABSTRACT

In the last years there has been an increasing interest in the security of process control and SCADA systems. Furthermore, recent computer attacks such as the Stuxnet worm, have shown there are parties with the motivation and resources to effectively attack control systems.

While previous work has proposed new security mechanisms for control systems, few of them have explored new and fundamentally different research problems for securing control systems when compared to securing traditional information technology (IT) systems. In particular, the sophistication of new malware attacking control systems--malware including zero-days attacks, rootkits created for control systems, and software signed by trusted certificate authorities--has shown that it is very difficult to prevent and detect these attacks based solely on IT system information.

In this paper we show how, by incorporating knowledge of the physical system under control, we are able to detect computer attacks that change the behavior of the targeted control system. By using knowledge of the physical system we are able to focus on the final objective of the attack, and not on the particular mechanisms of how vulnerabilities are exploited, and how the attack is hidden. We analyze the security and safety of our mechanisms by exploring the effects of stealthy attacks, and by ensuring that automatic attack-response mechanisms will not drive the system to an unsafe state.

A secondary goal of this paper is to initiate the discussion between control and security practitioners--two areas that have had little interaction in the past. We believe that control engineers can leverage security engineering to design--based on a combination of their best practices--control algorithms that go beyond safety and fault tolerance, and include considerations to survive targeted attacks.

References

Nicolas Falliere, Liam O Murchu, and Eric Chien. W32.Stuxnet Dossier. Symantec, version 1.3 edition, November 2010.Google Scholar
Ralph Langner. Langner communications. http://www.langner.com/en/, October 2010.Google Scholar
Steve Bellovin. Stuxnet: The first weaponized software? http://www.cs.columbia.edu/~smb/blog//2010-09-27.html, October 2010.Google Scholar
Dale Peterson. Digital bond: Weisscon and stuxnet. http://www.digitalbond.com/index.php/2010/09/22/weisscon-and-stuxnet/, October 2010.Google Scholar
Brian Krebs. Cyber Incident Blamed for Nuclear Power Plant Shutdown. Washington Post, http://www.washingtonpost.com/wp-dyn/content/article/2008/06/05/AR2008060501958.html, June 2008.Google Scholar
Robert J. Turk. Cyber incidents involving control systems. Technical Report INL/EXT-05-00671, Idao National Laboratory, October 2005.Google ScholarCross Ref
Richard Esposito. Hackers penetrate water system computers. http://blogs.abcnews.com/theblotter/2006/10/hackers_penetra.html, October 2006.Google Scholar
BBC News. Colombia Rebels Blast Power Pylons. BBC, http://news.bbc.co.uk/2/hi/americas/607782.stm, January 2000.Google Scholar
Jill Slay and Michael Miller. Lessons learned from the maroochy water breach. In Critical Infrastructure Protection, volume 253/2007, pages 73--82. Springer Boston, November 2007.Google Scholar
Paul Quinn-Judge. Cracks in the system. TIME Magazine, 9th Jan 2002.Google Scholar
Thomas Reed. At the Abyss: An Insider's History of the Cold War. Presidio Press, March 2004.Google Scholar
United States Attorney, Eastern District of California. Willows man arrested for hacking into Tehama Colusa Canal Authority computer system. http://www.usdoj.gov/usao/cae/press_releases/docs/2007/11-28-07KeehnInd.pdf, November 2007.Google Scholar
United States Attorney, Eastern District of California. Sacramento man pleads guilty to attempting ot shut down california's power grid. http://www.usdoj.gov/usao/cae/press_releases/docs/2007/12-14-07DenisonPlea.pdf, November 2007.Google Scholar
David Kravets. Feds: Hacker disabled offshore oil platform leak-detection system. http://www.wired.com/threatlevel/2009/03/feds-hacker-dis/, March 2009.Google Scholar
John Leyden. Polish teen derails tram after hacking train network. The Register, 11th Jan 2008.Google Scholar
Andrew Greenberg. Hackers cut cities' power. In Forbes, Jaunuary 2008.Google Scholar
V. M. Igure, S. A. Laughter, and R. D. Williams. Security issues in SCADA networks. Computers &amp; Security, 25(7):498--506, 2006.Google ScholarDigital Library
P. Oman, E. Schweitzer, and D. Frincke. Concerns about intrusions into remotely accessible substation controllers and SCADA systems. In Proceedings of the Twenty-Seventh Annual Western Protective Relay Conference, volume 160. Citeseer, 2000.Google Scholar
US-CERT. Control Systems Security Program. US Department of Homeland Security, http://www.us-cert.gov/control_systems/index.html, 2008.Google Scholar
GAO. Critical infrastructure protection. Multiple efforts to secure control systems are under way, but challenges remain. Technical Report GAO-07-1036, Report to Congressional Requesters, September 2007.Google Scholar
Jack Eisenhauer, Paget Donnelly, Mark Ellis, and Michael O'Brien. Roadmap to Secure Control Systems in the Energy Sector. Energetics Incorporated. Sponsored by the U.S. Department of Energy and the U.S. Department of Homeland Security, January 2006.Google Scholar
Eric Byres and Justin Lowe. The myths and facts behind cyber security risks for industrial control systems. In Proceedings of the VDE Congress, VDE Association for Electrical Electronic &amp; Information Technologies, October 2004.Google Scholar
D. Geer. Security of critical control systems sparks concern. Computer, 39(1):20--23, Jan. 2006. Google ScholarDigital Library
A. A. Cardenas, T. Roosta, and S. Sastry. Rethinking security properties, threat models, and the design space in sensor networks: A case study in SCADA systems. Ad Hoc Networks, 2009. Google ScholarDigital Library
NERC-CIP. Critical Infrastructure Protection. North American Electric Reliability Corporation, http://www.nerc.com/cip.html, 2008.Google Scholar
K. Stouffer, J. Falco, and K. Kent. Guide to supervisory control and data acquisition (SCADA) and industrial control systems security. Sp800-82, NIST, September 2006.Google Scholar
Idaho National Laboratory. National SCADA Test Bed Program. http://www.inl.gov/scada.Google Scholar
Hart. http://www.hartcomm2.org/frontpage/wirelesshart.html. WirelessHart whitepaper, 2007.Google Scholar
ISA. http://isa.org/isasp100. Wireless Systems for Automation, 2007.Google Scholar
Eric Cosman. Patch management at Dow chemical. In ARC Tenth Annual Forum on Manufacturing, February 20--24 2006.Google Scholar
Patch management strategies for the electric sector. Edison Electric Institute--IT Security Working Group, March 2004.Google Scholar
Eric Byres, David Leversage, and Nate Kube. Security incidents and trends in SCADA and process industries. The Industrial Ethernet Book, 39(2):12--20, May 2007.Google Scholar
Andrew K. Wright, John A. Kinast, and Joe McCarty. Low-latency cryptographic protection for SCADA communications. In Applied Cryptography and Network Security (ACNS), pages 263--277, 2004.Google ScholarCross Ref
Patrick P. Tsang and Sean W. Smith. YASIR: A low-latency high-integrity security retrofit for lecacy SCADA systems. In 23rd International Information Security Conference (IFIC SEC), pages 445--459, September 2008.Google Scholar
Steven Hurd, Rhett Smith, and Garrett Leischner. Tutorial: Security in electric utility control systems. In 61st Annual Conference for Protective Relay Engineers, pages 304--309, April 2008.Google ScholarCross Ref
Steven Cheung, Bruno Dutertre, Martin Fong, Ulf Lindqvist, Keith Skinner, and Alfonso Valdes. Using model-based intrusion detection for SCADA networks. In Proceedings of the SCADA Security Scientific Symposium, Miami Beach, FL, USA, 2007 2007.Google Scholar
PAS Ralston, JH Graham, and JL Hieb. Cyber security risk assessment for SCADA and DCS networks. ISA transactions, 46(4):583--594, 2007.Google ScholarCross Ref
P. A. Craig, J. Mortensen, and J. E. Dagle. Metrics for the National SCADA Test Bed Program. Technical report, PNNL-18031, Pacific Northwest National Laboratory (PNNL), Richland, WA (US), 2008.Google Scholar
G. Hamoud, R. L. Chen, and I. Bradley. Risk assessment of power systems SCADA. In IEEE Power Engineering Society General Meeting, 2003, volume 2, 2003.Google ScholarCross Ref
Yao Liu, Michael K. Reiter, and Peng Ning. False data injection attacks against state estimation in electric power grids. In CCS '09: Proceedings of the 16th ACM conference on Computer and communications security, pages 21--32, New York, NY, USA, 2009. ACM. Google ScholarDigital Library
Rakesh Bobba, Katherine M. Rogers, Qiyan Wang, Himanshu Khurana, Klara Nahrstedt, and Thomas J. Overbye. Detecting false data injection attacks on dc state estimation. In Preprints of the 1st Workshop on Secure Control Systems, 2010.Google Scholar
Henrik Sandberg, Teixeira Andre, and Karl H. Johansson. On security indices for state estimators in power networks. In Preprints of the 1st Workshop on Secure Control Systems, 2010.Google Scholar
Oliver Kosut, Liyan Jia, Robert J. Thomas, and Lang Tong. Malicious data attacks on smart grid state estimation: Attack strategies and countermeasures. In First International Conference on Smart Grid Communications (SmartGridComm), pages 220--225, 2010.Google ScholarCross Ref
Oliver Kosut, Liyan Jia, Robert J. Thomas, and Lang Tong. On malicious data attacks on power system state estimation. In UPEC, 2010.Google Scholar
A Teixeira, S. Amin, H. Sandberg, K. H. Johansson, and S. S. Sastry. Cyber-security analysis of state estimators in electric power systems. In IEEE Conference on Decision and Control (CDC), 2010.Google ScholarCross Ref
Le Xie, Yilin Mo, and Bruno Sinopoli. False data injection attacks in electricity markets. In First International Conference on Smart Grid Communications (SmartGridComm), pages 226--231, 2010.Google ScholarCross Ref
Yilin Mo and Bruno Sinopoli. False data injection attacks in control systems. In Preprints of the 1st Workshop on Secure Control Systems, 2010.Google Scholar
Julian Rrushi. Composite Intrusion Detection in Process Control Networks. PhD thesis, Universita Degli Studi Di Milano, 2009.Google Scholar
NL Ricker. Model predictive control of a continuous, nonlinear, two-phase reactor. JOURNAL OF PROCESS CONTROL, 3:109--109, 1993.Google ScholarCross Ref
Dorothy Denning. An intrusion-detection model. Software Engineering, IEEE Transactions on, SE-13(2):222--232, Feb. 1987. Google ScholarDigital Library
S. Joe Quin and Thomas A. Badgwell. A survey of industrial model predictive control technology. Control Engineering Practice, 11(7):733--764, July 2003.Google ScholarCross Ref
J. B. Rawlings. Tutorial overview of model predictive control. Control Systems Magazine, IEEE, 20(3):38--52, Jun 2000.Google ScholarCross Ref
T. Kailath and H. V. Poor. Detection of stochastic processes. IEEE Transactions on Information Theory, 44(6):2230--2258, October 1998. Google ScholarDigital Library
A. Wald. Sequential Analysis. J. Wiley &amp; Sons, New York, 1947.Google Scholar
Jaeyeon Jung, Vern Paxson, Arthur Berger, and Hari Balakrishan. Fast portscan detection using sequential hypothesis testing. In Proceedings of the 2004 IEEE Symposium on Security and Privacy, pages 211--225, May 2004.Google ScholarCross Ref
Stuart Schechter and Jaeyeon Jung Arthur Berger. Fast detection of scanning worm infections. In Proc. of the Seventh International Symposium on Recent Advances in Intrusion Detection (RAID), September 2004.Google ScholarCross Ref
M. Xie, H. Yin, and H. Wang. An effective defense against email spam laundering. In Proceedings of the 13th ACM Conference on Computer and Communications Security, pages 179--190, October 30--November 3 2006. Google ScholarDigital Library
Guofei Gu, Junjie Zhang, and Wenke Lee. Botsniffer: Detecting botnet command and control channels in network traffic. In Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS'08), San Diego, CA, February 2008.Google Scholar
B. E. Brodsky and B. S. Darkhovsky. Non-Parametric Methods in Change-Point Problems. Kluwer Academic Publishers, 1993.Google Scholar

Index Terms

Attacks against process control systems: risk assessment, detection, and response
1. Hardware
  1. Hardware validation

Recommendations

A Taxonomy of Cyber Attacks on SCADA Systems
ITHINGSCPSCOM '11: Proceedings of the 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing

Supervisory Control and Data Acquisition(SCADA) systems are deeply ingrained in the fabric of critical infrastructure sectors. These computerized real-time process control systems, over geographically dispersed continuous distribution operations, are ...
Read More
Understanding Indicators of Compromise against Cyber-attacks in Industrial Control Systems: A Security Perspective
Numerous sophisticated and nation-state attacks on Industrial Control Systems (ICSs) have increased in recent years, exemplified by Stuxnet and Ukrainian Power Grid. Measures to be taken post-incident are crucial to reduce damage, restore control, and ...
Read More
A Distributed IDS for Industrial Control Systems

Cyber-threats are one of the most significant problems faced by modern Industrial Control Systems ICS, such as SCADA Supervisory Control and Data Acquisition systems, as the vulnerabilities of ICS technology become serious threats that can ultimately ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
ASIACCS '11: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
March 2011
527 pages
ISBN:9781450305648
DOI:10.1145/1966913
General Chairs:
Bruce Cheung
The University of Hong Kong, China
,
Lucas Chi Kwong Hui
The University of Hong Kong, China
,
Program Chairs:
Ravi Sandhu
University of Texas, San Antonio
,
Duncan S. Wong
City University of Hong Kong, China
Copyright © 2011 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 22 March 2011
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
IDS
SCADA
control systems
critical infrastructure protection
cyber-physical systems
security
Qualifiers
- research-article
Conference

Acceptance Rates
ASIACCS '11 Paper Acceptance Rate35of217submissions,16%Overall Acceptance Rate418of2,322submissions,18%
More
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 450
  Total Citations
  View Citations
- 6,091
  Total Downloads
- Downloads (Last 12 months)339
- Downloads (Last 6 weeks)45
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Attacks against process control systems: risk assessment, detection, and response

ASIACCS '11: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security

ABSTRACT

References

Cited By

Index Terms

Recommendations

A Taxonomy of Cyber Attacks on SCADA Systems

Understanding Indicators of Compromise against Cyber-attacks in Industrial Control Systems: A Security Perspective

A Distributed IDS for Industrial Control Systems