Securing industrial control system environments: the missing piece

ABSTRACT Cyberattacks on industrial control systems (ICSs) are no longer matters of anticipation. These systems are continually subject to malicious attacks without much resistance. Network breaches, data theft, denial of service, and command and control functions are examples of common attacks on ICSs. Despite available security solutions, safety, security, resilience, and performance require both private public sectors to step-up strategies to address increasing security concerns on ICSs. This paper reviews the ICS security risk landscape, including current security solution strategies in order to determine the gaps and limitations for effective mitigation. Notable issues point to a greater emphasis on technology security while discounting people and processes attributes. This is clearly incongruent with; emerging security risk trends, the biased security strategy of focusing more on supervisory control and data acquisition systems, and the emergence of more sector-specific solutions as against generic security solutions. Better solutions need to include approaches that follow similar patterns as the problem trend. These include security measures that are evolutionary by design in response to security risk dynamics. Solutions that recognize and include; people, process and technology security enhancement into asingle system, and addressing all three-entity vulnerabilities can provide a better solution for ICS environments.

[1]  Florian Dörfler,et al.  Distributed detection of cyber-physical attacks in power networks: A waveform relaxation approach , 2011, 2011 49th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[2]  Igor Nai Fovino,et al.  Design and Implementation of a Secure Modbus Protocol , 2009, Critical Infrastructure Protection.

[3]  Gabor Karsai,et al.  A testbed for secure and robust SCADA systems , 2008, SIGBED.

[4]  Threat Landscape for Industrial Automation Systems in H 2 , 2017 .

[5]  Wei Liu,et al.  The model and method of trustworthiness level evaluation for software product , 2010, 2010 Sixth International Conference on Natural Computation.

[6]  Ing-Ray Chen,et al.  Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems , 2013, IEEE Transactions on Reliability.

[7]  Matt Bishop,et al.  What Is Computer Security? , 2003, IEEE Secur. Priv..

[8]  Julian L. Rrushi SCADA Protocol Vulnerabilities , 2012, Critical Infrastructure Protection.

[9]  Sherali Zeadally,et al.  Critical infrastructure protection: Requirements and challenges for the 21st century , 2015, Int. J. Crit. Infrastructure Prot..

[10]  Protecting Industrial Control Systems - Key Components of our Nation's Critical Infrastructures | NIST , 2011 .

[11]  Jason Stamp,et al.  Reliability impacts from cyber attack on electric power systems , 2009, 2009 IEEE/PES Power Systems Conference and Exposition.

[12]  Xiaobo Guo,et al.  A Systematic Review of Studies on Cyber Physical System Security , 2015 .

[13]  Peng Ning,et al.  False data injection attacks against state estimation in electric power grids , 2009, CCS.

[14]  Roberta Terruggia,et al.  Weighted attack trees for the cybersecurity analysis of SCADA systems , 2013 .

[15]  Liu Li,et al.  Industrial Control System Security , 2011, 2011 Third International Conference on Intelligent Human-Machine Systems and Cybernetics.

[16]  M. Papa,et al.  Chapter 15 SECURITY ANALYSIS OF MULTILAYER SCADA PROTOCOLS: A MODBUS TCP CASE STUDY , 2007 .

[17]  Tianbo Lu,et al.  A New Multilevel Framework for Cyber-Physical System Security , 2013 .

[18]  Vinay M. Igure,et al.  Security issues in SCADA networks , 2006, Comput. Secur..

[19]  Francesco Bullo,et al.  Control-Theoretic Methods for Cyberphysical Security: Geometric Principles for Optimal Cross-Layer Resilient Control Systems , 2015, IEEE Control Systems.

[20]  Thomas H. Morris,et al.  A causal event graph for cyber-power system events using synchrophasor , 2014, 2014 IEEE PES General Meeting | Conference & Exposition.

[21]  Joel F. Brenner Eyes wide shut: The growing threat of cyber attacks on industrial control systems , 2013 .

[22]  Adrie Stander,et al.  Cyber security in civil aviation , 2016 .

[23]  Florian Dörfler,et al.  Cyber-physical attacks in power networks: Models, fundamental limitations and monitor design , 2011, IEEE Conference on Decision and Control and European Control Conference.

[24]  Shikun Zhou,et al.  SCADA System Security, Complexity, and Security Proof , 2012, ICPCA/SWS.

[25]  A. Tiwari,et al.  Review of cybersecurity issues in industrial critical infrastructure: manufacturing in perspective , 2017 .

[26]  Karl Henrik Johansson,et al.  Cyber security analysis of state estimators in electric power systems , 2010, 49th IEEE Conference on Decision and Control (CDC).

[27]  Pieter H. Hartel,et al.  A log mining approach for process monitoring in SCADA , 2010, International Journal of Information Security.

[28]  Heejo Lee,et al.  This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination. INVITED PAPER Cyber–Physical Security of a Smart Grid Infrastructure , 2022 .

[29]  Gail E. Kaiser,et al.  An Autonomic Reliability Improvement System for Cyber-Physical Systems , 2012, 2012 IEEE 14th International Symposium on High-Assurance Systems Engineering.

[30]  Yong Zhou,et al.  Stability of Software Trustworthiness Measurements Models , 2013, 2013 IEEE Seventh International Conference on Software Security and Reliability Companion.

[31]  Joseph W. Weiss,et al.  Protecting Industrial Control Systems from Electronic Threats , 2010 .

[32]  Paulo Tabuada,et al.  A Notion of Robustness for Cyber-Physical Systems , 2013, IEEE Transactions on Automatic Control.

[33]  Karen A. Scarfone,et al.  Guide to Industrial Control Systems (ICS) Security , 2015 .

[34]  Vijay Varadharajan,et al.  Techniques for detecting attacks on critical infrastructure , 2014, 2014 International Conference on Computing, Networking and Communications (ICNC).

[35]  Hamed Mohsenian Rad,et al.  Distributed Internet-Based Load Altering Attacks Against Smart Power Grids , 2011, IEEE Transactions on Smart Grid.

[36]  Mark Wilson,et al.  SP 800-16. Information Technology Security Training Requirements: a Role- and Performance-Based Model , 1998 .

[37]  Siddharth Sridhar,et al.  Cyber–Physical System Security for the Electric Power Grid , 2012, Proceedings of the IEEE.

[38]  S. Sastry,et al.  SCADA-specific Intrusion Detection / Prevention Systems : A Survey and Taxonomy , 2010 .

[39]  Jian Guan,et al.  An Ontology for Identifying Cyber Intrusion Induced Faults in Process Control Systems , 2009, Critical Infrastructure Protection.

[40]  G. Manimaran,et al.  Vulnerability Assessment of Cybersecurity for SCADA Systems , 2008, IEEE Transactions on Power Systems.

[41]  Bruno Sinopoli,et al.  Challenges for Securing Cyber Physical Systems , 2009 .

[42]  S. Shankar Sastry,et al.  Safe and Secure Networked Control Systems under Denial-of-Service Attacks , 2009, HSCC.

[43]  Avishai Wool,et al.  Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems , 2013, Int. J. Crit. Infrastructure Prot..

[44]  Matthias Hollick,et al.  Information Security Theory and Practice -- Security, Privacy and Trust in Computing Systems and Ambient Intelligent Ecosystems , 2012 .

[45]  Ling Shi,et al.  Optimal DoS attack policy against remote state estimation , 2013, 52nd IEEE Conference on Decision and Control.

[46]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[47]  J. Y. Keller,et al.  Monitoring of stealthy attack in networked control systems , 2013, 2013 Conference on Control and Fault-Tolerant Systems (SysTol).

[48]  Suhas Rautmare SCADA system security: Challenges and recommendations , 2011, 2011 Annual IEEE India Conference.

[49]  Gabi Dreo Rodosek,et al.  Assuring trustworthiness of sensor data for cyber-physical systems , 2013, 2013 IFIP/IEEE International Symposium on Integrated Network Management (IM 2013).

[50]  Jong-Ho Lee,et al.  Detection of replay attacks in smart grid systems , 2013, 2013 International Conference on Computing, Management and Telecommunications (ComManTel).

[51]  Sandro Etalle,et al.  N-Gram against the Machine: On the Feasibility of the N-Gram Network Analysis for Binary Protocols , 2012, RAID.

[52]  Quanyan Zhu,et al.  Resilient control of cyber-physical systems against Denial-of-Service attacks , 2013, 2013 6th International Symposium on Resilient Control Systems (ISRCS).

[53]  Roy H. Campbell,et al.  Detecting Cyber Attacks On Nuclear Power Plants , 2008, Critical Infrastructure Protection.

[54]  Igor Nai Fovino,et al.  Distributed Intrusion Detection System for SCADA Protocols , 2010, Critical Infrastructure Protection.

[55]  Dimitrios Hristu-Varsakelis,et al.  Two Types of Key-Compromise Impersonation Attacks against One-Pass Key Establishment Protocols , 2007, ICETE.

[56]  Gabi Dreo Rodosek,et al.  Towards a trust computing architecture for RPL in Cyber Physical Systems , 2013, Proceedings of the 9th International Conference on Network and Service Management (CNSM 2013).

[57]  Dieter Gollmann,et al.  Industrial control systems security: What is happening? , 2013, 2013 11th IEEE International Conference on Industrial Informatics (INDIN).

[58]  Nabil Sahli,et al.  SECURITY FOR INDUSTRIAL AUTOMATION AND CONTROL SYSTEMS , 2013 .

[59]  Tang Ming . Wei Lian. Si Tuo Lin Si,et al.  Cryptography and Network Security - Principles and Practice , 2015 .

[60]  Paulo Tabuada,et al.  Towards Robustness for Cyber-Physical Systems , 2014, IEEE Transactions on Automatic Control.

[61]  Jörg Hähner,et al.  A Concept for Securing Cyber-Physical Systems with Organic Computing Techniques , 2013, ARCS Workshops.

[62]  Mike Burmester,et al.  A trusted computing architecture for critical infrastructure protection , 2013, IISA 2013.

[63]  Jie Wu,et al.  On building secure SCADA systems using security patterns , 2009, CSIIRW '09.

[64]  Francesco Parisi-Presicce,et al.  DNPSec: Distributed Network Protocol Version 3 (DNP3) Security Framework , 2007 .

[65]  Zhuo Lu,et al.  Cyber security in the Smart Grid: Survey and challenges , 2013, Comput. Networks.

[66]  Roy S. Smith,et al.  A Decoupled Feedback Structure for Covertly Appropriating Networked Control Systems , 2011 .

[67]  Randy L. Ekl,et al.  Security Technology for Smart Grid Networks , 2010, IEEE Transactions on Smart Grid.

[68]  Carlo Bellettini,et al.  Combating Memory Corruption Attacks On Scada Devices , 2008, Critical Infrastructure Protection.

[69]  Florian Dörfler,et al.  Attack Detection and Identification in Cyber-Physical Systems -- Part II: Centralized and Distributed Monitor Design , 2012, ArXiv.

[70]  R. K. Shyamasundar,et al.  Security and protection of SCADA: a bigdata algorithmic approach , 2013, SIN.

[71]  Weiyi Liu,et al.  Security analysis for Cyber-Physical Systems against stealthy deception attacks , 2013, 2013 American Control Conference.

[72]  Mats Björkman,et al.  Exploring Security in PROFINET IO , 2009, 2009 33rd Annual IEEE International Computer Software and Applications Conference.

[73]  H. A. Boyes Trustworthy cyber-physical systems - a review , 2013 .

[74]  Toshio Miyachi Protecting Industrial Control Systems , 2012 .

[75]  Paulo Tabuada,et al.  Abstracting and refining robustness for cyber-physical systems , 2014, HSCC.

[76]  Leon Wu,et al.  FARE: A framework for benchmarking reliability of cyber-physical systems , 2013, 2013 IEEE Long Island Systems, Applications and Technology Conference (LISAT).

[77]  Naima Kaabouch,et al.  Cyber security in the Smart Grid: Survey and challenges , 2013, Comput. Networks.

[78]  Yang Li,et al.  Towards a Framework for Assuring Cyber Physical System Security , 2015 .

[79]  Radu Marculescu,et al.  Minimizing Eavesdropping Risk by Transmission Power Control in Multihop Wireless Networks , 2007, IEEE Transactions on Computers.

[80]  Keith Kirkpatrick Protecting industrial control systems , 2019, Commun. ACM.

[81]  Sherif Abdelwahed,et al.  A Model-based Approach to Self-Protection in SCADA Systems , 2014, Feedback Computing.

[82]  Ling Shi,et al.  Jamming attack on Cyber-Physical Systems: A game-theoretic approach , 2013, 2013 IEEE International Conference on Cyber Technology in Automation, Control and Intelligent Systems.

[83]  David Hutchison,et al.  A survey of cyber security management in industrial control systems , 2015, Int. J. Crit. Infrastructure Prot..

[84]  Steve Purser Standards for Cyber Security , 2014, Best Practices in Computer Network Defense.

[85]  S. Shankar Sastry,et al.  A Taxonomy of Cyber Attacks on SCADA Systems , 2011, 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing.

[86]  Sangkyum Kim,et al.  Tru-Alarm: Trustworthiness Analysis of Sensor Networks in Cyber-Physical Systems , 2010, 2010 IEEE International Conference on Data Mining.

[87]  Thomas H. Morris,et al.  Modeling Cyber-Physical Vulnerability of the Smart Grid With Incomplete Information , 2013, IEEE Transactions on Smart Grid.

[88]  Vahid Madani,et al.  Causal event graphs cyber-physical system intrusion detection system , 2013, CSIIRW '13.

[89]  Emmanouil Magkos,et al.  Modeling security in cyber-physical systems , 2012, Int. J. Crit. Infrastructure Prot..

[90]  Moises Sudit,et al.  Cyber attack modeling and simulation for network security analysis , 2007, 2007 Winter Simulation Conference.

[91]  Stuart E. Madnick,et al.  A Systems Theoretic Approach to the Security Threats in Cyber Physical Systems Applied to Stuxnet , 2018, IEEE Transactions on Dependable and Secure Computing.

[92]  Guide,et al.  GOOD PRACTICE GUIDE PROCESS CONTROL AND SCADA SECURITY , 2006 .

[93]  Yuan Xue,et al.  Taxonomy for description of cross-domain attacks on CPS , 2013, HiCoNS '13.

[94]  Siu-Ming Yiu,et al.  Security Issues and Challenges for Cyber Physical System , 2010, 2010 IEEE/ACM Int'l Conference on Green Computing and Communications & Int'l Conference on Cyber, Physical and Social Computing.

[95]  Michael R. Grimaila,et al.  Evaluation of security solutions in the SCADA environment , 2014, DATB.

[96]  M. Naedele,et al.  Human-Assisted Intrusion Detection for Process Control Systems , 2004 .

[97]  J. Hale,et al.  Using hybrid attack graphs to model cyber-physical attacks in the Smart Grid , 2012, 2012 5th International Symposium on Resilient Control Systems.

[98]  Quanyan Zhu,et al.  A hierarchical security architecture for cyber-physical systems , 2011, 2011 4th International Symposium on Resilient Control Systems.

[99]  Dieter Gollmann Veracity, Plausibility, and Reputation , 2012, WISTP.

[100]  Arthur Gervais Security Analysis of Industrial Control Systems , 2012 .

[101]  Mats Björkman,et al.  Exploring Network Security in PROFIsafe , 2009, SAFECOMP.

[102]  Robert Axelrod,et al.  Timing of cyber conflict , 2014, Proceedings of the National Academy of Sciences.

[103]  S. Shankar Sastry,et al.  Secure Control: Towards Survivable Cyber-Physical Systems , 2008, 2008 The 28th International Conference on Distributed Computing Systems Workshops.

[104]  Aditya Ashok,et al.  Cyber-physical security of Wide-Area Monitoring, Protection and Control in a smart grid environment , 2013, Journal of advanced research.

[105]  Ing-Ray Chen,et al.  A hierarchical performance model for intrusion detection in cyber-physical systems , 2011, 2011 IEEE Wireless Communications and Networking Conference.