In today's world, power plants, chemical plants, and manufacturing systems are all managed by computer systems called Industrial Control Systems (ICS). These consist of sensors (e.g. thermostats, level sensors) that measure important properties of the plant, actuators (e.g. valves, pumps) that change the state of the plant and computer systems that in real time use the sensor data to make decisions about to operate the actuators. Like other computer systems industrial control systems have been shown to be vulnerable to cyber attacks; what is unique to ICS is that cyber attacks can result in physical effects. It is completely possible that a cyber attack on an ICS could result in major power blackouts, disruption of supply, or the release of dangerous chemicals. The IIot (Industrial Internet of Things) is a rapidly emerging new type of ICS in which the sensors, actuators and the computer that control them communicate through the Internet. There is a serious worry that these new IIoT systems are being deployed before we understand how to protect them from internet based cyber attacks. This effort is intended to develop new technologies that can prevent such attacks. The goal is the project is to develop a set of architectural principles governing the design of IIoT systems such that if these principles are adhered to, the design is guaranteed to behave in a safe manner in the face of cyber attacks. The project will illustrate these architectural principles by prototyping simple IIoT systems built in accordance with them and then demonstrating that the prototypes are resilient in the presence of cyber attacks. The first principle is that the actual control system must be coupled with a computational model of how it is intended to behave. These two are executed in tandem; when the actual system's behavior differs from that sanctioned by the model, this is a system of a partially successful cyber attack. The monitor then must diagnose the cause of the failure and take corrective action. A second principle is that the control system must be accompanied by a library of multi-step attack plans and must be able to recognize the early steps so that it can mitigate the effects of the attack while it is still unfolding and before the most serious consequences have happened. A final set of architectural principles requires the use of low cost cryptographic techniques to guarantee authorization, authentication and non-tampering in all communications between the sensors, actuators, and the control computers.
EAGER: Securing ICS Systems in the IIoT