Identifying and Anticipating Cyberattacks That Could Cause Physical Damage to Industrial Control Systems

Physical control systems are increasingly controlled by reconfigurable, network-enabled devices to increase flexibility and ease commissioning and maintenance. Such capability creates vulnerabilities. Devices may be remotely reprogrammed by a malicious actor to act in unintended ways, causing physical damage to mechanical equipment, infrastructure, and life and limb. In this paper, past examples of actual damage to cyber-physical systems are shown, threats posed by software-controlled variable frequency drives (VFDs) are analyzed, and a small-scale version of an attack on ubiquitous VFD equipment is demonstrated.

[1]  Wei Gao,et al.  Industrial Control System Cyber Attacks , 2013, ICS-CSR.

[2]  M. J. Thompson,et al.  Fundamentals and advancements in generator synchronizing systems , 2012, 2012 65th Annual Conference for Protective Relay Engineers.

[3]  Chunjie Zhou,et al.  Assessing the Physical Impact of Cyberattacks on Industrial Cyber-Physical Systems , 2018, IEEE Transactions on Industrial Electronics.

[4]  John A. Kocur,et al.  VFD Induced Coupling Failure , 2008 .

[5]  Sakir Sezer,et al.  STPA-SafeSec: Safety and security analysis for cyber-physical systems , 2017, J. Inf. Secur. Appl..

[6]  Dieter Gollmann,et al.  Cyber-Physical Systems Security: Experimental Analysis of a Vinyl Acetate Monomer Plant , 2015, CPSS@ASIACSS.

[7]  Dieter Gollmann,et al.  Cyber-Physical System Discovery: Reverse Engineering Physical Processes , 2017, CPSS@AsiaCCS.

[8]  Dieter Gollmann,et al.  Industrial control systems security: What is happening? , 2013, 2013 11th IEEE International Conference on Industrial Informatics (INDIN).

[9]  D. Kushner,et al.  The real story of stuxnet , 2013, IEEE Spectrum.

[10]  Thomas H. Morris,et al.  Modeling Cyber-Physical Vulnerability of the Smart Grid With Incomplete Information , 2013, IEEE Transactions on Smart Grid.