From ICS Attacks' Analysis to the S.A.F.E. Approach: Implementation of Filters Based on Behavioral Models and Critical State Distance for ICS Cybersecurity

Since the beginning of this century, Industrial Control Systems (ICSs) are the target of hackers which use vulnerabilities to perform attacks affecting the physical system. These cyberattacks can cause tremendous damages on its system, environment, product quality or equipment of production. Most approaches proposed in the literature are derived from Information Technology cybersecurity field. Unfortunately, most of them fail to fully secure the ICSs. In fact, either they do not consider their specificities or are not adequate as analyzing the industrial network. This paper provides two major contributions: (i) analyses of the main attacks against ICSs with an automation point of view and, (ii) the implementation of the S.A.F.E. (Security Approach based on Filter Execution) approach on a platform. The detection strategy analyzes the normal behavior model of ICSs with its current behavior by analyzing exchanges between control and operative parts through filters. To conclude this paper, the authors discuss about the main contributions, limitations and future research avenues from the proposed approach.

[1]  J. P. Bourey,et al.  Hierarchical specification and validation of operating sequences in the context of FMSs , 1991 .

[2]  Thomas P. von Hoff,et al.  Security for Industrial Communication Systems , 2005, Proceedings of the IEEE.

[3]  Mohammad Omar Abdullah,et al.  A review on the applications of programmable logic controllers (PLCs) , 2016 .

[4]  Franck Sicard,et al.  Critical States Distance Filter Based Approach for Detection and Blockage of Cyberattacks in Industrial Control Systems , 2018 .

[5]  Stamatis Karnouskos,et al.  Stuxnet worm impact on industrial cyber-physical system security , 2011, IECON 2011 - 37th Annual Conference of the IEEE Industrial Electronics Society.

[6]  D. Kushner,et al.  The real story of stuxnet , 2013, IEEE Spectrum.

[7]  Qusay H. Mahmoud,et al.  Cyber physical systems security: Analysis, challenges and solutions , 2017, Comput. Secur..

[8]  Zhiliang Wang,et al.  False sequential logic attack on SCADA system and its physical impact analysis , 2016, Comput. Secur..

[9]  Jean-Marie Flaus,et al.  Distance Concept Based Filter Approach for Detection of Cyberattacks on Industrial Control Systems , 2017 .

[10]  Wei Gao,et al.  On SCADA control system command and response injection and intrusion detection , 2010, 2010 eCrime Researchers Summit.

[11]  Ramesh Karri,et al.  Cybersecurity for Control Systems: A Process-Aware Perspective , 2016, IEEE Design & Test.

[12]  Theodore J. Williams,et al.  A Reference Model for Computer Integrated Manufacturing from the Viewpoint of Industrial Automation , 1990 .

[13]  Michail Maniatakos,et al.  The Cybersecurity Landscape in Industrial Control Systems , 2016, Proceedings of the IEEE.

[14]  S. A. Milinkovic,et al.  Industrial PLC security issues , 2012, 2012 20th Telecommunications Forum (TELFOR).

[15]  A. Tiwari,et al.  Review of cybersecurity issues in industrial critical infrastructure: manufacturing in perspective , 2017 .

[16]  Justin Varghese,et al.  Security issues in SCADA based industrial control systems , 2017, 2017 2nd International Conference on Anti-Cyber Crimes (ICACC).

[17]  Eric Zamai,et al.  Fault diagnosis for the complex manufacturing system , 2016 .

[18]  Frank Kargl,et al.  Sequence-aware Intrusion Detection in Industrial Control Systems , 2015, CPSS@ASIACSS.

[19]  George Chryssolouris,et al.  Manufacturing Systems Complexity Review: Challenges and Outlook , 2012 .

[20]  J. Flaus,et al.  Cyberdéfense des systèmes de contrôle-commande industriels : une approche par filtres basée sur la distance aux états critiques pour la sécurisation face aux cyberattaques , 2017 .

[21]  Haibo He,et al.  Cyber-physical attacks and defences in the smart grid: a survey , 2016, IET Cyper-Phys. Syst.: Theory & Appl..

[22]  Sami Zhioua,et al.  PLC access control: a security analysis , 2016, 2016 World Congress on Industrial Control Systems Security (WCICSS).

[23]  Igor Nai Fovino,et al.  A Multidimensional Critical State Analysis for Detecting Intrusions in SCADA Systems , 2011, IEEE Transactions on Industrial Informatics.

[24]  Tom Bartman,et al.  Securing communications for SCADA and critical industrial systems , 2016, 2016 69th Annual Conference for Protective Relay Engineers (CPRE).

[25]  Karen A. Scarfone,et al.  Guide to Industrial Control Systems (ICS) Security , 2015 .

[26]  Yong Wang,et al.  SRID: State Relation Based Intrusion Detection for False Data Injection Attacks in SCADA , 2014, ESORICS.

[27]  Ing-Ray Chen,et al.  A survey of intrusion detection techniques for cyber-physical systems , 2014, ACM Comput. Surv..

[28]  László Monostori,et al.  ScienceDirect Variety Management in Manufacturing . Proceedings of the 47 th CIRP Conference on Manufacturing Systems Cyber-physical production systems : Roots , expectations and R & D challenges , 2014 .