An Investigation into the Response of a Water Treatment System to Cyber Attacks

An experimental investigation was undertaken to understand the impact of single-point cyber attacks on a Secure Water Treatment (SWaT) system. Cyber attacks were launched on SWaT through its SCADA server that connects to the Programmable Logic Controllers (PLCs) that in turn are connected to sensors and actuators. Attacks were designed to meet attacker objectives selected from a novel attacker model. Outcome of the experiments led to a better understanding of (a) the propagation of an attack across the system measured in terms of the number of components affected and (b) the behavior of the water treatment process in SWaT in response to the attacks. The observed response to various attacks was then used to propose attack detection mechanisms based on various physical properties measured during the treatment process.

[1]  William H. Sanders,et al.  Go with the flow: toward workflow-oriented security assessment , 2013, NSPW '13.

[2]  Bruno Sinopoli,et al.  Robust detection in the presence of integrity attacks , 2012, 2012 American Control Conference (ACC).

[3]  Zubair A. Baig,et al.  Detecting Intrusive Activity in the Smart Grid Communications Infrastructure Using Self-Organizing Maps , 2013, 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications.

[4]  Alvaro A. Cárdenas,et al.  Attacks against process control systems: risk assessment, detection, and response , 2011, ASIACCS '11.

[5]  Geok See Ng,et al.  Experimental Evaluation of Stealthy Attack Detection in a Robot , 2015, 2015 IEEE 21st Pacific Rim International Symposium on Dependable Computing (PRDC).

[6]  Florian Dörfler,et al.  Cyber-physical attacks in power networks: Models, fundamental limitations and monitor design , 2011, IEEE Conference on Decision and Control and European Control Conference.

[7]  Weiyi Liu,et al.  Security analysis for Cyber-Physical Systems against stealthy deception attacks , 2013, 2013 American Control Conference.

[8]  Wei Gao,et al.  On SCADA control system command and response injection and intrusion detection , 2010, 2010 eCrime Researchers Summit.

[9]  Erland Jonsson,et al.  Using active learning in intrusion detection , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[10]  Thomas M. Chen,et al.  Petri Net Modeling of Cyber-Physical Attacks on Smart Grid , 2011, IEEE Transactions on Smart Grid.

[11]  Sushil Jajodia,et al.  Advanced Cyber Attack Modeling Analysis and Visualization , 2010 .

[12]  Bruno Sinopoli,et al.  Detecting integrity attacks on control systems using robust physical watermarking , 2014, 53rd IEEE Conference on Decision and Control.

[13]  Sharon Weinberger,et al.  Computer security: Is this the start of cyberwarfare? , 2011, Nature.

[14]  Mark Stamp,et al.  Information security - principles and practice , 2005 .

[15]  Jong-Ho Lee,et al.  Detection of replay attacks in smart grid systems , 2013, 2013 International Conference on Computing, Management and Telecommunications (ComManTel).