Biblio

The paper aims to discover vulnerabilities by application of supervisory control theory and to design a defensive supervisor against vulnerability attacks. Supervisory control restricts the system behavior to satisfy the control specifications. The existence condition of the supervisor, sometimes results in undesirable plant behavior, which can be regarded as a vulnerability of the control specifications. We aim to design a more robust supervisor against this vulnerability.

In control systems, the operation of the system after an incident occurs is important. This paper proposes to design a whitelist model that can detect anomalies and identify locations of anomalous actuators using finite automata during multiple actuators attack. By applying this model and comparing the whitelist model with the operation data, the monitoring system detects anomalies and identifies anomaly locations of actuator that deviate from normal operation. We propose to construct a whitelist model focusing on the order of the control system operation using binary search trees, which can grasp the state of the system when anomalies occur. We also apply combinatorial compression based on BDD (Binary Decision Diagram) to the model to speed up querying and identification of abnormalities. Based on the model designed in this study, we aim to construct a secured control system that selects and executes an appropriate fallback operation based on the state of the system when anomaly is detected.

Aiming at the problem that the traditional intrusion detection method can not effectively deal with the massive and high-dimensional network traffic data of industrial control system (ICS), an ICS intrusion detection strategy based on bidirectional generative adversarial network (BiGAN) is proposed in this paper. In order to improve the applicability of BiGAN model in ICS intrusion detection, the optimal model was obtained through the single variable principle and cross-validation. On this basis, the supervised control and data acquisition (SCADA) standard data set is used for comparative experiments to verify the performance of the optimized model on ICS intrusion detection. The results show that the ICS intrusion detection method based on optimized BiGAN has higher accuracy and shorter detection time than other methods.

The purpose of the work is a formalized description of the method determining numerical expression of the danger from actions potentially implemented by an information security violator. The implementation of such actions may lead to a disruption of the ordered functioning of multilevel distributed automated process control systems, which indicates the importance of developing new adequate solutions for predicting attacks consequences. The analysis of the largest destructive effects on information security systems of critical objects is carried out. The most common methods of obtaining the value of the hazard quotient of information security violators' destructive actions are considered. Based on the known methods for determining the possible damage from attacks implemented by a potential information security violator, a new, previously undetected in open sources method for determining the hazard quotient of destructive actions of an information security violator has been proposed. In order to carry out experimental calculations by the proposed method, the authors developed the required software. The calculations results are presented and indicate the possibility of using the proposed method for modeling threats and information security violators when designing an information security system for automated process control systems.

With the explosion of Industry 4.0, industrial facilities and critical infrastructures are transforming into “smart” systems that dynamically adapt to external events. The result is an ecosystem of heterogeneous physical and cyber components, such as programmable logic controllers, which are more and more exposed to cyber-physical attacks, i.e., security breaches in cyberspace that adversely affect the physical processes at the core of industrial control systems. We apply runtime enforcement techniques, based on an ad-hoc sub-class of Ligatti et al.'s edit automata, to enforce specification compliance in networks of potentially compromised controllers, formalised in Hennessy and Regan's Timed Process Language. We define a synthesis algorithm that, given an alphabet P of observable actions and an enforceable regular expression e capturing a timed property for controllers, returns a monitor that enforces the property e during the execution of any (potentially corrupted) controller with alphabet P and complying with the property e. Our monitors correct and suppress incorrect actions coming from corrupted controllers and emit actions in full autonomy when the controller under scrutiny is not able to do so in a correct manner. Besides classical properties, such as transparency and soundness, the proposed enforcement ensures non-obvious properties, such as polynomial complexity of the synthesis, deadlock- and diverge-freedom of monitored controllers, together with scalability when dealing with networks of controllers.

Given a network with a set of vulnerable actuators (and sensors), the security index of an actuator equals the minimum number of sensors and actuators that needs to be compromised so as to conduct a perfectly undetectable attack using the said actuator. This paper deals with the problem of computing actuator security indices for discrete-time LTI network systems, using a structured systems framework. We show that the actuator security index is generic, that is for almost all realizations the actuator security index remains the same. We refer to such an index as generic security index (generic index) of an actuator. Given that the security index quantifies the vulnerability of a network, the generic index is quite valuable for large scale energy systems. Our second contribution is to provide graph-theoretic conditions for computing the generic index. The said conditions are in terms of existence of linkings on appropriately-defined directed (sub)graphs. Based on these conditions, we present an algorithm for computing the generic index.

The paper presents a comprehensive model of cybersecurity threats for a system of autonomous and remotely controlled vehicles (AV) in the environment of a smart city. The main focus in the security context is given to the “integrity” property. That property is of higher importance for industrial control systems in comparison with other security properties (availability and confidentiality). The security graph, which is part of the model, is dynamic, and, in real cases, its analysis may require significant computing resources for AV systems with a large number of assets and connections. The simplified example of the security graph for the AV system is presented.

In this paper, we formulate a combinatorial optimization problem that aims to maximize the accuracy of a lower bound estimate of the probability of security of a multi-robot system (MRS), while minimizing the computational complexity involved in its calculation. Security of an MRS is defined using the well-known control theoretic notion of left invertiblility, and the probability of security of an MRS can be calculated using binary decision diagrams (BDDs). The complexity of a BDD depends on the number of disjoint path sets considered during its construction. Taking into account all possible disjoint paths results in an exact probability of security, however, selecting an optimal subset of disjoint paths leads to a good estimate of the probability while significantly reducing computation. To deal with the dynamic nature of MRSs, we introduce two methods: (1) multi-point optimization, a technique that requires some a priori knowledge of the topology of the MRS over time, and (2) online optimization, a technique that does not require a priori knowledge, but must construct BDDs while the MRS is operating. Finally, our approach is validated on an MRS performing a rendezvous objective while exchanging information according to a noisy state agreement process.

According to the information security requirements of the industrial control system and the technical features of the existing defense measures, a dynamic security control strategy based on trusted computing is proposed. According to the strategy, the Industrial Cyber-Physical System system information security solution is proposed, and the linkage verification mechanism between the internal fire control wall of the industrial control system, the intrusion detection system and the trusted connection server is provided. The information exchange of multiple network security devices is realized, which improves the comprehensive defense capability of the industrial control system, and because the trusted platform module is based on the hardware encryption, storage, and control protection mode, It overcomes the common problem that the traditional repairing and stitching technique based on pure software leads to easy breakage, and achieves the goal of significantly improving the safety of the industrial control system . At the end of the paper, the system analyzes the implementation of the proposed secure industrial control information security system based on the trustworthy calculation.

Control systems for critical infrastructure are becoming increasingly interconnected while cyber threats against critical infrastructure are becoming more sophisticated and difficult to defend against. Historically, cyber security has emphasized building defenses to prevent loss of confidentiality, integrity, and availability in digital information and systems, but in recent years cyber attacks have demonstrated that no system is impenetrable and that control system operation may be detrimentally impacted. Cyber resilience has emerged as a complementary priority that seeks to ensure that digital systems can maintain essential performance levels, even while capabilities are degraded by a cyber attack. This paper examines how cyber security and cyber resilience may be measured and quantified in a control system environment. Load Frequency Control is used as an illustrative example to demonstrate how cyber attacks may be represented within mathematical models of control systems, to demonstrate how these events may be quantitatively measured in terms of cyber security or cyber resilience, and the differences and similarities between the two mindsets. These results demonstrate how various metrics are applied, the extent of their usability, and how it is important to analyze cyber-physical systems in a comprehensive manner that accounts for all the various parts of the system.

The problems of random numbers application to the information security of data, communication lines, computer units and automated driving systems are considered. The possibilities for making up quantum generators of random numbers and existing solutions for acquiring of sufficiently random sequences are analyzed. The authors found out the method for the creation of quantum generators on the basis of semiconductor electronic components. The electron-quantum generator based on electrons tunneling is experimentally demonstrated. It is shown that it is able to create random sequences of high security level and satisfying known NIST statistical tests (P-Value\textbackslashtextgreater0.9). The generator created can be used for formation of both closed and open cryptographic keys in computer systems and other platforms and has great potential for realization of random walks and probabilistic computing on the basis of neural nets and other IT problems.

In this paper, we consider the problem of designing system parameters to improve detection of attacks in control systems. Specifically, we study control systems which are vulnerable to integrity attacks on sensors and actuators. We aim to defend against strong model aware adversaries that can read and modify all sensors and actuators. Previous work has proposed a moving target defense for detecting integrity attacks on control systems. Here, an authenticating subsystem with time-varying dynamics coupled to the original plant is introduced. Due to this coupling, an attack on the original system will affect the authenticating subsystem and in turn be revealed by a set of sensors measuring the extended plant. Moreover, the time-varying dynamics of the extended plant act as a moving target, preventing an adversary from developing an effective adaptive attack strategy. Previous work has failed to consider the design of the time-varying system matrices and as such provides little in terms of guidelines for implementation in real systems. This paper proposes two optimization problems for designing these matrices. The first designs the auxiliary actuators to maximize detection performance while the second designs the coupling matrices to maximize system estimation performance. Numerical examples are presented that validate our approach.

We address the need for security requirements to take into account risks arising from complex supply chains underpinning cyber-physical infrastructures such as industrial control systems (ICS). We present SEISMiC (SEcurity Industrial control SysteM supply Chains), a framework that takes into account the whole spectrum of security risks - from technical aspects through to human and organizational issues - across an ICS supply chain. We demonstrate the effectiveness of SEISMiC through a supply chain risk assessment of Natanz, Iran's nuclear facility that was the subject of the Stuxnet attack.

Proposed an approach for information security breaches detection in distributed control systems based on prediction of multidimensional time series formed of sensor and actuator data.

A long time ago Industrial Control Systems were in a safe place due to the use of proprietary technology and physical isolation. This situation has changed dramatically and the systems are nowadays often prone to severe attacks executed from remote locations. In many cases, intrusions remain undetected for a long time and this allows the adversary to meticulously prepare an attack and maximize its destructiveness. The ability to detect an attack in its early stages thus has a high potential to significantly reduce its impact. To this end, we propose a holistic, multi-layered, security monitoring and mitigation framework spanning the physical- and cyber domain. The comprehensiveness of the approach demands for scalability measures built-in by design. In this paper we present how scalability is addressed by an architecture that enforces geographically decentralized data reduction approaches that can be dynamically adjusted to the currently perceived context. A specific focus is put on a robust and resilient solution to orchestrate dynamic configuration updates. Experimental results based on a prototype implementation show the feasibility of the approach.

Zero dynamics attack is lethal to cyber-physical systems in the sense that it is stealthy and there is no way to detect it. Fortunately, if the given continuous-time physical system is of minimum phase, the effect of the attack is negligible even if it is not detected. However, the situation becomes unfavorable again if one uses digital control by sampling the sensor measurement and using the zero-order-hold for actuation because of the `sampling zeros.' When the continuous-time system has relative degree greater than two and the sampling period is small, the sampled-data system must have unstable zeros (even if the continuous-time system is of minimum phase), so that the cyber-physical system becomes vulnerable to `sampling zero dynamics attack.' In this paper, we begin with its demonstration by a few examples. Then, we present an idea to protect the system by allocating those discrete-time zeros into stable ones. This idea is realized by employing the so-called `generalized hold' which replaces the zero-order-hold.

In this paper, we propose a novel adaptive control architecture for addressing security and safety in cyber-physical systems subject to exogenous disturbances. Specifically, we develop an adaptive controller for time-invariant, state-dependent adversarial sensor and actuator attacks in the face of stochastic exogenous disturbances. We show that the proposed controller guarantees uniform ultimate boundedness of the closed-loop dynamical system in a mean-square sense. We further discuss the practicality of the proposed approach and provide a numerical example involving the lateral directional dynamics of an aircraft to illustrate the efficacy of the proposed adaptive control architecture.