Synergistic Security for the Industrial Internet of Things: Integrating Redundancy, Diversity, and Hardening

As the Industrial Internet of Things (IIot) becomes more prevalent in critical application domains, ensuring security and resilience in the face of cyber-attacks is becoming an issue of paramount importance. Cyber-attacks against critical infrastructures, for example, against smart water-distribution and transportation systems, pose serious threats to public health and safety. Owing to the severity of these threats, a variety of security techniques are available. However, no single technique can address the whole spectrum of cyber-attacks that may be launched by a determined and resourceful attacker. In light of this, we consider a multi-pronged approach for designing secure and resilient IIoT systems, which integrates redundancy, diversity, and hardening techniques. We introduce a framework for quantifying cyber-security risks and optimizing IIoT design by determining security investments in redundancy, diversity, and hardening. To demonstrate the applicability of our framework, we present a case study in water-distribution systems. Our numerical evaluation shows that integrating redundancy, diversity, and hardening can lead to reduced security risk at the same cost.

[1]  Nils Ole Tippenhauer,et al.  Taking Control: Design and Implementation of Botnets for Cyber-Physical Attacks with CPSBot , 2018, ArXiv.

[2]  Thomas P. von Hoff,et al.  Security for Industrial Communication Systems , 2005, Proceedings of the IEEE.

[3]  Jay Lee,et al.  A Cyber-Physical Systems architecture for Industry 4.0-based manufacturing systems , 2015 .

[4]  Prathyush P. Menon,et al.  Analysis of Automotive Cyber-Attacks on Highways Using Partial Differential Equation Models , 2018, IEEE Transactions on Control of Network Systems.

[5]  Saurabh Amin,et al.  A network interdiction model for analyzing the vulnerability of water distribution systems , 2014, HiCoNS.

[6]  Shihong Huang,et al.  Vulnerability of Traffic Control System Under Cyberattacks with Falsified Data , 2018 .

[7]  Harish Sethu,et al.  On achieving software diversity for improved network security using distributed coloring algorithms , 2004, CCS '04.

[8]  George Suciu,et al.  Unified Intelligent Water Management Using Cyberinfrastructures Based on Cloud Computing and IoT , 2017, 2017 21st International Conference on Control Systems and Computer Science (CSCS).

[9]  Saurabh Amin,et al.  Sensor placement for fault location identification in water networks: A minimum test cover approach , 2015, Autom..

[10]  Tobias Jeske Floating Car Data from Smartphones : What Google and Waze Know About You and How Hackers Can Control Traffic , 2013 .

[11]  D. John Morrow,et al.  Securing the Industrial Internet of Things for Critical Infrastructure (IIoT-CI) , 2019, 2019 IEEE 5th World Forum on Internet of Things (WF-IoT).

[12]  Dawn M. Tilbury,et al.  The Emergence of Industrial Control Networks for Manufacturing Control, Diagnostics, and Safety Data , 2007, Proceedings of the IEEE.

[13]  Okyay Kaynak,et al.  Industrial Cyberphysical Systems: A Backbone of the Fourth Industrial Revolution , 2017, IEEE Industrial Electronics Magazine.

[14]  Alan J. Michaels,et al.  Framework for Evaluating the Severity of Cybervulnerability of a Traffic Cabinet , 2017 .

[15]  M. Storey,et al.  Advances in on-line drinking water quality monitoring and early warning systems. , 2011, Water research.

[16]  Bo Fu,et al.  SCADA communication and security issues , 2014, Secur. Commun. Networks.

[17]  Gabor Karsai,et al.  SURE: A Modeling and Simulation Integration Platform for Evaluation of Secure and Resilient Cyber–Physical Systems , 2018, Proceedings of the IEEE.

[18]  Kun Yang,et al.  A Random Road Network Model for Mobility Modeling in Mobile Delay-Tolerant Networks , 2012, 2012 8th International Conference on Mobile Ad-hoc and Sensor Networks (MSN).

[19]  Athanasios K. Ziliaskopoulos,et al.  A Linear Programming Model for the Single Destination System Optimum Dynamic Traffic Assignment Problem , 2000, Transp. Sci..

[20]  Sehwan Kim,et al.  Remote structural health monitoring systems for next generation SCADA , 2013 .

[21]  Adriano Valenzano,et al.  Review of Security Issues in Industrial Networks , 2013, IEEE Transactions on Industrial Informatics.

[22]  Xavier Litrico,et al.  Cyber Security of Water SCADA Systems—Part I: Analysis and Experimentation of Stealthy Deception Attacks , 2013, IEEE Transactions on Control Systems Technology.

[23]  C. Daganzo THE CELL TRANSMISSION MODEL.. , 1994 .

[24]  Alexandre M. Bayen,et al.  Creating complex congestion patterns via multi-objective optimal freeway traffic control with application to cyber-security , 2016 .

[25]  Athanasios V. Vasilakos,et al.  Security of the Internet of Things: perspectives and challenges , 2014, Wireless Networks.

[26]  Wu He,et al.  Internet of Things in Industries: A Survey , 2014, IEEE Transactions on Industrial Informatics.

[27]  Kun Yang,et al.  A Random Road Network Model and Its Effects on Topological Characteristics of Mobile Delay-Tolerant Networks , 2014, IEEE Transactions on Mobile Computing.

[28]  Ivan Stoianov,et al.  SENSOR NETWORKS FOR MONITORING WATER SUPPLY AND SEWER SYSTEMS: LESSONS FROM BOSTON , 2008 .

[29]  Fatiha Nejjari,et al.  Leak Localization in Water Networks: A Model-Based Methodology Using Pressure Sensors Applied to a Real Network in Barcelona [Applications of Control] , 2014, IEEE Control Systems.

[30]  Kevin Jones,et al.  A review of cyber security risk assessment methods for SCADA systems , 2016, Comput. Secur..

[31]  Avi Ostfeld,et al.  Characterizing Cyber-Physical Attacks on Water Distribution Systems , 2017 .

[32]  Saurabh Amin,et al.  Vulnerability of Transportation Networks to Traffic-Signal Tampering , 2016, 2016 ACM/IEEE 7th International Conference on Cyber-Physical Systems (ICCPS).

[33]  Amanda D. Lothes,et al.  Research Database of Water Distribution System Models , 2014 .

[34]  Zheng Liu,et al.  Computational Intelligence for Urban Infrastructure Condition Assessment: Water Transmission and Distribution Systems , 2014, IEEE Sensors Journal.

[35]  Jiafu Wan,et al.  Security in the Internet of Things: A Review , 2012, 2012 International Conference on Computer Science and Electronics Engineering.

[36]  Katherine A. Klise,et al.  Detecting Changes in Water Quality Data , 2008 .

[37]  L. Nachman,et al.  PIPENET: A Wireless Sensor Network for Pipeline Monitoring , 2007, 2007 6th International Symposium on Information Processing in Sensor Networks.

[38]  J. Alex Halderman,et al.  Green Lights Forever: Analyzing the Security of Traffic Infrastructure , 2014, WOOT.

[39]  Sokratis Kartakis Next generation cyber-physical water distribution systems , 2016 .

[40]  Carlos F. Daganzo,et al.  THE CELL TRANSMISSION MODEL, PART II: NETWORK TRAFFIC , 1995 .

[41]  Aditya P. Mathur,et al.  WADI: a water distribution testbed for research in the design of secure cyber physical systems , 2017, CySWATER@CPSWeek.

[42]  Jill Slay,et al.  Lessons Learned from the Maroochy Water Breach , 2007, Critical Infrastructure Protection.

[43]  John S. Heidemann,et al.  SWATS: Wireless sensor networks for steamflood and waterflood pipeline monitoring , 2011, IEEE Network.

[44]  Ahmad-Reza Sadeghi,et al.  Security and privacy challenges in industrial Internet of Things , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[45]  Alagan Anpalagan,et al.  Network Challenges for Cyber Physical Systems with Tiny Wireless Devices: A Case Study on Reliable Pipeline Condition Monitoring , 2015, Sensors.