Cascading effects of cyber-attacks on interconnected critical infrastructure

Modern critical infrastructure, such as a water treatment plant, water distribution system, and power grid, are representative of Cyber Physical Systems (CPSs) in which the physical processes are monitored and controlled in real time. One source of complexity in such systems is due to the intra-system interactions and inter-dependencies. Consequently, these systems are a potential target for attackers. When one or more of these infrastructure are attacked, the connected systems may also be affected due to potential cascading effects. In this paper, we report a study to investigate the cascading effects of cyber-attacks on two interdependent critical infrastructure namely, a Secure water treatment plant (SWaT) and a Water Distribution System (WADI).

[1]  S. Shankar Sastry,et al.  Safe and Secure Networked Control Systems under Denial-of-Service Attacks , 2009, HSCC.

[2]  Florian Dörfler,et al.  Cyber-physical attacks in power networks: Models, fundamental limitations and monitor design , 2011, IEEE Conference on Decision and Control and European Control Conference.

[3]  Marios M. Polycarpou,et al.  Hybrid systems modeling for critical infrastructures interdependency analysis , 2017, Reliab. Eng. Syst. Saf..

[4]  Nils Ole Tippenhauer,et al.  Zero Residual Attacks on Industrial Control Systems and Stateful Countermeasures , 2019, ARES.

[5]  Jianying Zhou,et al.  Evaluating Cascading Effects of Attacks on Resilience of Industrial Control Systems: A Design-Centric Modeling Approach , 2019, ArXiv.

[6]  Aditya Mathur,et al.  A Systematic Framework to Generate Invariants for Anomaly Detection in Industrial Control Systems , 2019, NDSS.

[7]  Nouredine Hadjsaid,et al.  Vulnerability analysis of coupled heterogeneous critical infrastructures: A Co-simulation approach with a testbed validation , 2013, IEEE PES ISGT Europe 2013.

[8]  Min Ouyang,et al.  Resilience assessment of interdependent infrastructure systems: With a focus on joint restoration modeling and analysis , 2015, Reliab. Eng. Syst. Saf..

[9]  N. Hadjsaid,et al.  Towards a common model for studying critical infrastructure interdependencies , 2008, 2008 IEEE Power and Energy Society General Meeting - Conversion and Delivery of Electrical Energy in the 21st Century.

[11]  Alvaro A. Cárdenas,et al.  Attacks against process control systems: risk assessment, detection, and response , 2011, ASIACCS '11.

[12]  Eusebi Calle,et al.  Using interdependency matrices to mitigate targeted attacks on interdependent networks: A case study involving a power grid and backbone telecommunications networks , 2017, Int. J. Crit. Infrastructure Prot..

[13]  Bruce M. McMillin,et al.  A Modal Model of Stuxnet Attacks on Cyber-physical Systems: A Matter of Trust , 2014, 2014 Eighth International Conference on Software Security and Reliability.

[14]  Alvaro A. Cárdenas,et al.  Attacking Fieldbus Communications in ICS: Applications to the SWaT Testbed , 2016, SG-CRC.

[15]  Mohamed Darouach,et al.  Cyber-attack detection based on controlled invariant sets , 2014, 2014 European Control Conference (ECC).

[16]  Weiyi Liu,et al.  Security analysis for Cyber-Physical Systems against stealthy deception attacks , 2013, 2013 American Control Conference.

[17]  Yuqi Chen,et al.  Learning-Guided Network Fuzzing for Testing Cyber-Physical System Defences , 2019, 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[18]  Michael F. Malone,et al.  Reaction Invariants and Mole Balances for Plant Complexes , 2002 .

[19]  Sridhar Adepu,et al.  Investigation of Cyber Attacks on a Water Distribution System , 2019, ACNS Workshops.

[20]  Peng Ning,et al.  False data injection attacks against state estimation in electric power grids , 2009, CCS.

[21]  Thomas M. Chen,et al.  Petri Net Modeling of Cyber-Physical Attacks on Smart Grid , 2011, IEEE Transactions on Smart Grid.

[22]  Aditya P. Mathur,et al.  WADI: a water distribution testbed for research in the design of secure cyber physical systems , 2017, CySWATER@CPSWeek.

[23]  Osman Yagan,et al.  Modeling and Analysis of Cascading Failures in Interdependent Cyber-Physical Systems , 2018, 2018 IEEE Conference on Decision and Control (CDC).

[24]  H. T. Mouftah,et al.  Security Mechanism for Multi-Domain Vehicle-to-Grid Infrastructure , 2011, 2011 IEEE Global Telecommunications Conference - GLOBECOM 2011.

[25]  Daniel Jackson,et al.  Model-Based Security Analysis of a Water Treatment System , 2016, 2016 IEEE/ACM 2nd International Workshop on Software Engineering for Smart Cyber-Physical Systems (SEsCPS).

[26]  D. Berman,et al.  Towards characterization of cyber attacks on industrial control systems: Emulating field devices using Gumstix technology , 2012, 2012 5th International Symposium on Resilient Control Systems.

[27]  Sridhar Adepu,et al.  Generalized Attacker and Attack Models for Cyber Physical Systems , 2016, 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC).

[28]  Sridhar Adepu,et al.  WaterJam: An Experimental Case Study of Jamming Attacks on a Water Treatment System , 2017, 2017 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C).

[29]  Mark Stamp,et al.  Information security - principles and practice , 2005 .

[30]  Sridhar Adepu,et al.  Distributed Detection of Single-Stage Multipoint Cyber Attacks in a Water Treatment Plant , 2016, AsiaCCS.

[31]  Henrik Sandberg,et al.  Limiting the Impact of Stealthy Attacks on Industrial Control Systems , 2016, CCS.

[32]  Jun Sun,et al.  Learning from Mutants: Using Code Mutation to Learn and Monitor Invariants of a Cyber-Physical System , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[33]  Sridhar Adepu,et al.  Integrating Six-Step Model with Information Flow Diagrams for Comprehensive Analysis of Cyber-Physical System Safety and Security , 2017, 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE).

[34]  Marios M. Polycarpou,et al.  Centralized Fault Detection of Complex Uncertain Hybrid Systems , 2018 .

[35]  John C. Mulder,et al.  WeaselBoard : zero-day exploit detection for programmable logic controllers. , 2013 .

[36]  Peng Ning,et al.  False data injection attacks against state estimation in electric power grids , 2011, TSEC.

[37]  Karl Henrik Johansson,et al.  Attack models and scenarios for networked control systems , 2012, HiCoNS '12.

[38]  M. F. Malone,et al.  A systematic method for reaction invariants and mole balances for complex chemistries , 2001 .

[39]  Maciej J. Zawodniok,et al.  Invariants as a unified knowledge model for Cyber-Physical Systems , 2011, 2011 IEEE International Conference on Service-Oriented Computing and Applications (SOCA).

[40]  S. Shankar Sastry,et al.  Security of interdependent and identical networked control systems , 2013, Autom..

[41]  JinLin Liu,et al.  Research on Conceptual Design Method for Marine Power Plant Based on QFD , 2012, 2012 Fifth International Symposium on Computational Intelligence and Design.

[42]  Sridhar Adepu,et al.  Access Control in Water Distribution Networks: A Case Study , 2017, 2017 IEEE International Conference on Software Quality, Reliability and Security (QRS).

[43]  Nils Ole Tippenhauer,et al.  SWaT: a water treatment testbed for research and training on ICS security , 2016, 2016 International Workshop on Cyber-physical Systems for Smart Water Networks (CySWater).

[44]  Jianying Zhou,et al.  Noise Matters: Using Sensor and Process Noise Fingerprint to Detect Stealthy Cyber Attacks and Authenticate sensors in CPS , 2018, ACSAC.

[45]  Carlos Murguia,et al.  Model-based Attack Detection Scheme for Smart Water Distribution Networks , 2017, AsiaCCS.

[46]  Conversion and delivery of electrical energy in the 21st century , 2008, 2008 IEEE Power and Energy Society General Meeting - Conversion and Delivery of Electrical Energy in the 21st Century.

[47]  James P. Peerenboom,et al.  Identifying, understanding, and analyzing critical infrastructure interdependencies , 2001 .

[48]  John E. Mitchell,et al.  Assessing vulnerability of proposed designs for interdependent infrastructure systems , 2004, 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.