Detection and Mitigation of Time Delay Injection Attacks on Industrial Control Systems with PLCs

National security agencies are increasingly concerned about cyber threats to Industrial Control Systems (ICS). For this reason, the detection and mitigation of cyber-attacks on ICS, as well as addressing the consequences of these attacks, are extensively researched. This paper describes the efforts of the cyber research team at Binghamton University that created an experimental cyber research testbed, designed as a power station equipped with low-watt electric machinery and industrial control and sensory systems, common in modern ICS. This paper presents a comprehensive study of time delay injection attacks on networked control systems, in which an attacker injects extra time delays into the feedback and forward channels of control systems. These attacks enable the adversary to interfere with the control system and create system instability, causing anomalous operational regimes and potentially forcing the system to crash. A technology based on an online recursive estimation of network time delays is proposed and validated by simulation studies and experiments on the testbed to mitigate any time delay injection attacks.

[1]  Wim Michiels,et al.  Stability, Control, and Computation for Time-Delay Systems: An Eigenvalue-Based Approach, Second Edition , 2014 .

[2]  Dieter Gollmann,et al.  Vulnerabilities of cyber-physical systems to stale data - Determining the optimal time to launch attacks , 2014, Int. J. Crit. Infrastructure Prot..

[3]  Guo-Ping Liu,et al.  Predictive Output Feedback Control for Networked Control Systems , 2014, IEEE Transactions on Industrial Electronics.

[4]  Yuanqing Xia,et al.  Networked Predictive Control of Systems With Random Network Delays in Both Forward and Feedback Channels , 2007, IEEE Transactions on Industrial Electronics.

[5]  Luigi Rizzo,et al.  Dummynet: a simple approach to the evaluation of network protocols , 1997, CCRV.

[6]  Yih-Chun Hu,et al.  Wormhole attacks in wireless networks , 2006, IEEE Journal on Selected Areas in Communications.

[7]  Luigi Rizzo,et al.  Dummynet revisited , 2010, CCRV.

[8]  Victor A. Skormin Introduction to Process Control , 2016 .

[9]  Jun Hu,et al.  Robust Sliding Mode Control for Discrete Stochastic Systems With Mixed Time Delays, Randomly Occurring Uncertainties, and Randomly Occurring Nonlinearities , 2012, IEEE Transactions on Industrial Electronics.

[10]  Hu Wei-li,et al.  Stability of Networked Control Systems with Time-delay and Data Packet Dropout , 2004 .

[11]  Derong Liu,et al.  Networked Control Systems: Theory and Applications , 2008 .

[12]  Radha Poovendran,et al.  A Passivity Framework for Modeling and Mitigating Wormhole Attacks on Networked Control Systems , 2013, IEEE Transactions on Automatic Control.

[13]  Arman Sargolzaei,et al.  Preventing Time-Delay Switch Attack on Load Frequency Control in Distributed Power Systems , 2016, IEEE Transactions on Smart Grid.

[14]  Nils Ole Tippenhauer,et al.  MiniCPS: A Toolkit for Security Research on CPS Networks , 2015, CPS-SPC@CCS.

[15]  Mo-Yuen Chow,et al.  Performance assessment and compensation for secure networked control systems , 2008, 2008 34th Annual Conference of IEEE Industrial Electronics.

[16]  A. Hassibi,et al.  Control with random communication delays via a discrete-time jump system approach , 2000, Proceedings of the 2000 American Control Conference. ACC (IEEE Cat. No.00CH36334).

[17]  Siddharth Sridhar,et al.  Cyber–Physical System Security for the Electric Power Grid , 2012, Proceedings of the IEEE.

[18]  Sunwon Park,et al.  PID controller tuning for integrating and unstable processes with time delay , 2000 .

[19]  Arman Sargolzaei,et al.  Time-Delay Switch Attack on Load Frequency Control in Smart Grid , 2013 .

[20]  Stefano Panzieri,et al.  Improving network security monitoring for industrial control systems , 2015, 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM).