论文信息 - Cybersecurity through Real-Time Distributed Control Systems

Cybersecurity through Real-Time Distributed Control Systems

Critical infrastructure sites and facilities are becoming increasingly dependent on interconnected physical and cyber-based real-time distributed control systems (RTDCSs). A mounting cybersecurity threat results from the nature of these ubiquitous and sometimes unrestrained communications interconnections. Much work is under way in numerous organizations to characterize the cyber threat, determine means to minimize risk, and develop mitigation strategies to address potential consequences. While it seems natural that a simple application of cyber-protection methods derived from corporate business information technology (IT) domain would lead to an acceptable solution, the reality is that the characteristics of RTDCSs make many of those methods inadequate and unsatisfactory or even harmful. A solution lies in developing a defense-in-depth approach that ranges from protection at communications interconnect levels ultimately to the control system s functional characteristics that are designed to maintain control in the face of malicious intrusion. This paper summarizes the nature of RTDCSs from a cybersecurity perspec tive and discusses issues, vulnerabilities, candidate mitigation approaches, and metrics.

[1] S. Shankar Sastry,et al. Research Challenges for the Security of Control Systems , 2008, HotSec.

[2] Carl E. Landwehr,et al. Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[3] R. Olfati-Saber,et al. Distributed Kalman Filter with Embedded Consensus Filters , 2005, Proceedings of the 44th IEEE Conference on Decision and Control.

[4] R. A. Kisner,et al. Verification and validation of control system software , 1991 .

[5] Bruno Sinopoli,et al. Foundations of Control and Estimation Over Lossy Networks , 2007, Proceedings of the IEEE.

[6] Xuemin Wang,et al. Data mapping and the prediction of common cause failure probability , 2005, IEEE Transactions on Reliability.

[7] Bengt E. Ossfeldt. Maintaining Permanent and Temporary Faults in a Communications System , 1986, IEEE J. Sel. Areas Commun..

[8] S. Shankar Sastry,et al. Secure Control: Towards Survivable Cyber-Physical Systems , 2008, 2008 The 28th International Conference on Distributed Computing Systems Workshops.

[9] Jun Zhou,et al. Fuzzy Logic Controller to a Steam Generator Feedwater Flow , 1990, 1990 American Control Conference.

[10] David A. Wagner,et al. Secure routing in wireless sensor networks: attacks and countermeasures , 2003, Ad Hoc Networks.

[11] Robert J. Turk. Cyber Incidents Involving Control Systems , 2005 .

[12] Michel Kinnaert,et al. Diagnosis and Fault-Tolerant Control , 2006 .

[13] M. Luk,et al. MiniSec: A Secure Sensor Network Communication Architecture , 2007, 2007 6th International Symposium on Information Processing in Sensor Networks.

[14] B. R. Upadhyaya,et al. Fault-tolerant control and diagnostics for large-scale systems , 1995 .

[15] Amitabh Mishra. Security and Quality of Service in Ad Hoc Wireless Networks , 2008 .

[16] Jack M. Holtzman,et al. Analysis of a simple successive interference cancellation scheme in a DS/CDMA system , 1994, IEEE J. Sel. Areas Commun..

[17] T. L. Wilson,et al. B W PWR advanced control system algorithm development , 1992 .

[18] Mário Zenha Rela,et al. A study of failure models in feedback control systems , 2001, 2001 International Conference on Dependable Systems and Networks.

[19] Miles A. McQueen,et al. Ideal Based Cyber Security Technical Metrics for Control Systems , 2007, CRITIS.

[20] Leslie Lamport,et al. The Byzantine Generals Problem , 1982, TOPL.

[21] R A Kisner,et al. Automating large-scale power plant systems: a perspective and philosophy , 1984 .

[22] Sergio Verdu,et al. Multiuser Detection , 1998 .

[23] R. E. Battle,et al. Reactor protection system design using application specific integrated circuits , 1992 .

[24] Virgil D. Gligor,et al. A key-management scheme for distributed sensor networks , 2002, CCS '02.

[25] David Eugene Holcomb,et al. Diversity Strategies for Nuclear Power Plant Instrumentation and Control Systems , 2010 .

[26] B.R. Upadhyaya,et al. Advanced automation concepts for large-scale systems , 1991, IEEE Control Systems.

[27] Rohan J. McAdam,et al. A Software Architecture Primer , 2006 .

[28] Daniel P. Siewiorek,et al. High-availability computer systems , 1991, Computer.

[29] Gerhard Fohler,et al. Jitter compensation for real-time control systems , 2001, Proceedings 22nd IEEE Real-Time Systems Symposium (RTSS 2001) (Cat. No.01PR1420).

[30] Andrew J. Viterbi,et al. Very Low Rate Convolutional Codes for Maximum Theoretical Performance of Spread-Spectrum Multiple-Access Channels , 1990, IEEE J. Sel. Areas Commun..

[31] B. Kasztenny,et al. Synchrophasors: A primer and practical applications , 2007, 2007 Power Systems Conference: Advanced Metering, Protection, Control, Communication, and Distributed Resources.

[32] Himanshu Khurana,et al. Towards A Taxonomy Of Attacks Against Energy Control Systems , 2008, Critical Infrastructure Protection.

[33] S. Shankar Sastry,et al. Safe and Secure Networked Control Systems under Denial-of-Service Attacks , 2009, HSCC.

[34] David A. Wagner,et al. Security in wireless sensor networks , 2004, SASN '04.

[35] Jun Zhou,et al. Hierarchical fuzzy control , 1991 .

[36] Robert C. Dixon,et al. Spread Spectrum Systems with Commercial Applications , 2008 .

[37] Gerhard Fohler,et al. An integrated approach to real-time distributed control systems over fieldbuses , 2001, ETFA 2001. 8th International Conference on Emerging Technologies and Factory Automation. Proceedings (Cat. No.01TH8597).

[38] J. Massey. Towards an Information Theory of Spread-Spectrum Systems , 1995 .