Security Challenges in Cyber-Physical Production Systems

Within the last decade, Security became a major focus in the traditional IT-Industry, mainly through the interconnection of systems and especially through the connection to the Internet. This opened up a huge new attack surface, which resulted in major takedowns of legitimate services and new forms of crime and destruction. This led to the development of a multitude of new defense mechanisms and strategies, as well as the establishing of Security procedures on both, organizational and technical level. Production systems have mostly remained in isolation during these past years, with security typically focused on the perimeter. Now, with the introduction of new paradigms like Industry 4.0, this isolation is questioned heavily with Physical Production Systems (PPSs) now connected to an IT-world resulting in cyber-physical systems sharing the attack surface of traditional web based interfaces while featuring completely different goals, parameters like lifetime and safety, as well as construction. In this work, we present an outline on the major security challenges faced by cyber-physical production systems. While many of these challenges harken back to issues also present in traditional web based IT, we will thoroughly analyze the differences. Still, many new attack vectors appeared in the past, either in practical attacks like Stuxnet, or in theoretical work. These attack vectors use specific features or design elements of cyber-physical systems to their advantage and are unparalleled in traditional IT. Furthermore, many mitigation strategies prevalent in traditional IT systems are not applicable in the industrial world, e.g., patching, thus rendering traditional strategies in IT-Security unfeasible. A thorough discussion of the major challenges in CPPS-Security is thus required in order to focus research on the most important targets.

[1]  U. Lindemann Methodische Entwicklung technischer Produkte , 2009 .

[2]  Christian Kreiner,et al.  Integrated design for tackling safety and security challenges of smart products and digital manufacturing , 2017 .

[3]  Johannes Diemer Sichere Industrie-4.0-Plattformen auf Basis von Community-Clouds , 2017, Handbuch Industrie 4.0.

[4]  J. Gausemeier,et al.  Die neue Richtlinie VDI 2206: Entwicklungsmethodik für mechatronische Systeme , 2003 .

[5]  Steve Lipner,et al.  Security development lifecycle , 2010, Datenschutz und Datensicherheit - DuD.

[6]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[7]  Emin Anarim,et al.  An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks , 2005, Expert Syst. Appl..

[8]  Zhao Yang Dong,et al.  The 2015 Ukraine Blackout: Implications for False Data Injection Attacks , 2017, IEEE Transactions on Power Systems.

[9]  С. В. Иванов,et al.  Анализ результатов лечения больных хроническим панкреатитом , 2016 .

[10]  Arndt Lüder,et al.  Development of a method for the implementation of interoperable tool chains applying mechatronical thinking — Use case engineering of logic control , 2012, Proceedings of 2012 IEEE 17th International Conference on Emerging Technologies & Factory Automation (ETFA 2012).

[11]  A. N. Zincir-Heywood,et al.  Intrusion Detection Systems , 2008 .

[12]  Eric Byres The air gap: SCADA's enduring security myth , 2013, CACM.

[13]  Peter Kieseberg,et al.  Humans forget, machines remember: Artificial intelligence and the Right to Be Forgotten , 2017, Comput. Law Secur. Rev..

[14]  Kristofer Hell,et al.  Wiederverwendung im Engineering , 2016 .

[15]  Stefan Katzenbeisser,et al.  Protecting Software through Obfuscation , 2016, ACM Comput. Surv..

[16]  Christian S. Collberg,et al.  Surreptitious Software - Obfuscation, Watermarking, and Tamperproofing for Software Protection , 2009, Addison-Wesley Software Security Series.

[17]  Gary Mcgraw Software security , 2004, IEEE Security & Privacy Magazine.

[18]  Mayuree K.Rathva,et al.  Watermarking Relational Databases , 2013 .

[19]  Edgar R. Weippl,et al.  An algorithm for collusion-resistant anonymization and fingerprinting of sensitive microdata , 2014, Electron. Mark..

[20]  Rakesh Agrawal,et al.  Watermarking Relational Databases , 2002, Very Large Data Bases Conference.

[21]  Sergey Bratus,et al.  Katana: A Hot Patching Framework for ELF Executables , 2010, 2010 International Conference on Availability, Reliability and Security.