Research Challenges for the Security of Control Systems

In this paper we attempt to answer two questions: (1) Why should we be interested in the security of control systems? And (2) What are the new and fundamentally different requirements and problems for the security of control systems? We also propose a new mathematical framework to analyze attacks against control systems. Within this framework we formulate specific research problems to (1) detect attacks, and (2) survive attacks.

[1]  Kevin Fu,et al.  Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[2]  Jill Slay,et al.  Lessons Learned from the Maroochy Water Breach , 2007, Critical Infrastructure Protection.

[3]  Timothy Grance,et al.  Guide to Supervisory Control and Data Acquisition (SCADA) and Other Industrial Control System Security , 2006 .

[4]  E. Poster,et al.  Cracks in the system: professional and continuing education under scrutiny. , 2003, Journal of child and adolescent psychiatric nursing : official publication of the Association of Child and Adolescent Psychiatric Nurses, Inc.

[5]  Robert J. Turk Cyber Incidents Involving Control Systems , 2005 .

[6]  Gary E. Weir,et al.  The Department of Energy , 1989 .

[7]  E. Byres,et al.  The Myths and Facts behind Cyber Security Risks for Industrial Control Systems , 2004 .

[8]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[9]  Sean W. Smith,et al.  YASIR: A Low-Latency, High-Integrity Security Retrofit for Legacy SCADA Systems , 2008, SEC.

[10]  Ross J. Anderson,et al.  Security in open versus closed systems - the dance of Boltzmann , 2002 .

[11]  Thomas C. Reed At the Abyss: An Insider's History of the Cold War , 2004 .

[12]  S. Shankar Sastry,et al.  Secure Control: Towards Survivable Cyber-Physical Systems , 2008, 2008 The 28th International Conference on Distributed Computing Systems Workshops.

[13]  Ulf Lindqvist,et al.  Using Model-based Intrusion Detection for SCADA Networks , 2006 .

[14]  George Scalise,et al.  Leadership Under Challenge: Information Technology R&D in a Competitive World. An Assessment of the Federal Networking and Information Technology R&D Program , 2007 .

[15]  S. Hurd,et al.  Tutorial: Security in Electric Utility Control Systems , 2008, 2008 61st Annual Conference for Protective Relay Engineers.

[16]  Hassan Nafaa Cracks in the System , 2006 .

[17]  Andrew K. Wright,et al.  Low-Latency Cryptographic Protection for SCADA Communications , 2004, ACNS.

[18]  Hari Balakrishnan,et al.  Fast portscan detection using sequential hypothesis testing , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[19]  Stuart E. Schechter,et al.  Fast Detection of Scanning Worm Infections , 2004, RAID.