Cybersecurity Analysis of Industrial Control System Functionality

The cybersecurity issue becomes increasingly important with the development of the Industrial IoT (IIoT) and Industrial 4.0 architectures. The instance of cyberattacks against infrastructures and Industrial Control System (ICS) in safety critical domains is increasing every year. How to alleviate this situation is a challenging topic. In many cases, threats to cybersecurity are only discovered after they have led to a disaster. In this paper, we are going to analyze those cybersecurity issues from the system functionality, before an attack happens. Except for considering confidentiality and availability, functional integrity and information integrity are involved as well. This allows a precise determination of cybersecurity issues during the analysis process (from the system function perspective). A safety critical ICS in a Nuclear Power Plant (NPP) is used as an example to show how to conduct the cybersecurity analysis step by step. The final analysis result is presented in Casual Fault Graph (CFG), which is illustrated by using the YBT (Why-Because-Toolkit). The attack models are illustrated to show the possible attack vectors in our analysis. Further, feasibility is provided based on these attack models for our specific system.

[1]  Salvatore J. Stolfo,et al.  When Firmware Modifications Attack: A Case Study of Embedded Exploitation , 2013, NDSS.

[2]  Arturo M Garcia,et al.  Firmware Modification Analysis in Programmable Logic Controllers , 2014 .

[3]  Volker Roth,et al.  Internet-facing PLCs as a network backdoor , 2015, 2015 IEEE Conference on Communications and Network Security (CNS).

[4]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[5]  Ran Dubin,et al.  Analyzing HTTPS encrypted traffic to identify user's operating system, browser and application , 2016, 2017 14th IEEE Annual Consumer Communications & Networking Conference (CCNC).

[6]  Takamichi Saito,et al.  On Compromising Password-Based Authentication over HTTPS , 2006, 20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06).

[7]  Liang Cheng,et al.  Detecting Payload Attacks on Programmable Logic Controllers (PLCs) , 2018, 2018 IEEE Conference on Communications and Network Security (CNS).

[8]  Lucas Davi Code-reuse attacks and defenses , 2015 .

[9]  D. Pinto Secrets and Lies: Digital Security in a Networked World , 2003 .

[10]  Herbert Bos,et al.  Off-the-shelf Embedded Devices as Platforms for Security Research , 2017, EUROSEC.

[11]  C. A. R. HOARE,et al.  An axiomatic basis for computer programming , 1969, CACM.

[12]  Junita Mohamad-Saleh,et al.  Review on Firmware , 2017, ICISPC 2017.

[13]  Ralph Langner To Kill a Centrifuge A Technical Analysis of What Stuxnet ’ s Creators Tried to Achieve , 2013 .

[14]  Wang Banyue,et al.  Chapter 5 , 2003 .

[15]  Ryan K. L. Ko,et al.  Taxonomy of Man-in-the-Middle Attacks on HTTPS , 2016, 2016 IEEE Trustcom/BigDataSE/ISPA.

[16]  G. Padmavathi,et al.  A Survey on Various Cyber Attacks and their Classification , 2013, Int. J. Netw. Secur..

[17]  Nong Ye,et al.  A System-Fault-Risk Framework for cyber attack classification , 2006, Inf. Knowl. Syst. Manag..

[18]  Majid Hashemi,et al.  Ghost in the PLC: Designing an Undetectable Programmable Logic Controller Rootkit via Pin Control Attack , 2016 .

[19]  Meng Gao,et al.  Analysis and Research on HTTPS Hijacking Attacks , 2010, 2010 Second International Conference on Networks Security, Wireless Communications and Trusted Computing.

[20]  Karl Waedt,et al.  Combining Artificial Intelligence planning advantages to assist preliminary formal analysis on Industrial Control System cybersecurity vulnerabilities , 2018, 2018 10th International Conference on Electronics, Computers and Artificial Intelligence (ECAI).

[21]  Osama A. Mohammed,et al.  Hey, My Malware Knows Physics! Attacking PLCs with Physical Model Aware Rootkit , 2017, NDSS.

[22]  Imad H. Elhajj,et al.  Internal security attacks on SCADA systems , 2013, 2013 Third International Conference on Communications and Information Technology (ICCIT).

[23]  Zhenkai Liang,et al.  Jump-oriented programming: a new class of code-reuse attack , 2011, ASIACCS '11.

[24]  郑滔,et al.  Runtime Code Reuse Attacks: A Dynamic Framework Bypassing Fine-Grained Address Space Layout Randomization , 2014 .

[25]  Patrick D. McDaniel,et al.  Programmable Logic Controllers , 2012 .

[26]  Matthew Johnson,et al.  Covert Channel Using Man-in-the-Middle over HTTPS , 2016, 2016 International Conference on Computational Science and Computational Intelligence (CSCI).

[27]  David Livingstone Mbe Dsc,et al.  Cyber Security at Civil Nuclear Facilities: Understanding the Risks , 2016 .

[28]  S. Shankar Sastry,et al.  A Taxonomy of Cyber Attacks on SCADA Systems , 2011, 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing.