A case study of a systematic attack design method for critical infrastructure cyber-physical systems

As cyber-physical systems continue to become more prevalent in critical infrastructures, security of these systems becomes paramount. Unlike purely cyber systems, cyber-physical systems allow cyber attackers to induce physical consequences. The purpose of this paper is to design a general attack methodology for cyber-physical systems and illustrate it using a case study of the Sevier River System in Central Utah (United States). By understanding such attacks, future work can then focus on designing systems that are robust against them.

[1]  Ann Cox,et al.  A science of system security , 2014, 53rd IEEE Conference on Decision and Control.

[2]  Sean C. Warnick,et al.  Necessary and Sufficient Conditions for Dynamical Structure Reconstruction of LTI Networks , 2008, IEEE Transactions on Automatic Control.

[3]  S. Warnick,et al.  Modeling and identification of the Sevier River System , 2006, 2006 American Control Conference.

[4]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[5]  Sean C. Warnick,et al.  Network semantics of dynamical systems , 2015, 2015 54th IEEE Conference on Decision and Control (CDC).

[6]  Peter H. Gleick,et al.  Water and terrorism , 2006 .

[7]  Sean C. Warnick,et al.  Dynamical structure functions for the reverse engineering of LTI networks , 2007, 2007 46th IEEE Conference on Decision and Control.

[8]  Jill Slay,et al.  Lessons Learned from the Maroochy Water Breach , 2007, Critical Infrastructure Protection.

[9]  Sean C. Warnick,et al.  Vulnerability analysis for distributed and coordinated destabilization attacks , 2014, 53rd IEEE Conference on Decision and Control.

[10]  S. Shankar Sastry,et al.  A Taxonomy of Cyber Attacks on SCADA Systems , 2011, 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing.

[11]  Sean C. Warnick,et al.  Shared hidden state and network representations of interconnected dynamical systems , 2015, 2015 53rd Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[12]  Francesco Bullo,et al.  Control-Theoretic Methods for Cyberphysical Security: Geometric Principles for Optimal Cross-Layer Resilient Control Systems , 2015, IEEE Control Systems.

[13]  David Ward,et al.  Vulnerable links and secure architectures in the stabilization of networks of controlled dynamical systems , 2012, 2012 American Control Conference (ACC).

[14]  Karl Henrik Johansson,et al.  Secure Control Systems: A Quantitative Risk Management Approach , 2015, IEEE Control Systems.

[15]  Quanyan Zhu,et al.  Game-Theoretic Methods for Robustness, Security, and Resilience of Cyberphysical Control Systems: Games-in-Games Principle for Optimal Cross-Layer Resilient Control Systems , 2015, IEEE Control Systems.