Biblio

Industrial Control Security (ICS) plays an important role in protecting Industrial assets and processed from being tampered by attackers. Recent years witness the fast development of ICS technology. However there are still shortage of techniques and measures to verify the effectiveness of ICS approaches. In this paper, we propose a verification framework named vICS, for security measures in industrial environments. vICS does not requires installing any agent in industrial environments, and could be viewed as a non-intrusive way. We use vICS to evaluate the effectiveness of classic ICS techniques and measures through several experiments. The results shown that vICS provide an feasible solution for verifying the effectiveness of classic ICS techniques and measures for industrial environments.

Industrial Internet-of-Things has been touted as the next revolution in the industrial domain, offering interconnectivity, independence, real-time operation, and self-optimization. Integration of smart systems, however, bridges the gap between information and operation technology, creating new avenues for attacks from the cyber domain. The dismantling of this air-gap, in conjunction with the devices' long lifespan -in the range of 20-30 years-, motivates us to bring the attention of the community to emerging advanced persistent threats. We demonstrate a threat that bridges the air-gap by leaking data from memory to analog peripherals through Direct Memory Access (DMA), delivered as a firmware modification through the supply chain. The attack automatically adapts to a target device by leveraging the Device Tree and resides solely in the peripherals, completely transparent to the main CPU, by judiciously short-circuiting specific components. We implement this attack on a commercial Programmable Logic Controller, leaking information over the available LEDs. We evaluate the presented attack vector in terms of stealthiness, and demonstrate no observable overhead on both CPU performance and DMA transfer speed. Since traditional anomaly detection techniques would fail to detect this firmware trojan, this work highlights the need for industrial control system-appropriate techniques that can be applied promptly to installed devices.

In order to improve the information security level of intelligent substation, this paper proposes an intelligent substation information security assessment tool through the research and analysis of intelligent substation information security risk and information security assessment method, and proves that the tool can effectively detect it. It is of great significance to carry out research on industrial control systems, especially intelligent substation information security.

We address the need for security requirements to take into account risks arising from complex supply chains underpinning cyber-physical infrastructures such as industrial control systems (ICS). We present SEISMiC (SEcurity Industrial control SysteM supply Chains), a framework that takes into account the whole spectrum of security risks - from technical aspects through to human and organizational issues - across an ICS supply chain. We demonstrate the effectiveness of SEISMiC through a supply chain risk assessment of Natanz, Iran's nuclear facility that was the subject of the Stuxnet attack.

Nowadays, the industrial control systems (ICS) face many challenges, where security is becoming one of the most crucial. This fact is caused by new connected environment, which brings among new possibilities also new vulnerabilities, threats, or possible attacks. The criminal acts in the ICS area increased over the past years exponentially, which caused the loss of billions of dollars. This also caused classical Intrusion Detection Systems and Intrusion Prevention Systems to evolve in order to protect among IT also ICS networks. However, these systems need sufficient data such as traffic logs, protocol information, attack patterns, anomaly behavior marks and many others. To provide such data, the requirements for the test environment are summarized in this paper. Moreover, we also introduce more than twenty common vulnerabilities across the ICS together with information about possible risk, attack vector (point), possible detection methods and communication layer occurrence. Therefore, the paper might be used as a base-ground for building sufficient data generator for machine learning and artificial intelligence algorithms often used in ICS/IDS systems.

With the latest development of hydroelectric power generation system, the industrial control network system of hydroelectric power generation has undergone the transformation from the dedicated network, using proprietary protocols to an increasingly open network, adopting standard protocols, and increasing integration with hydroelectric power generation system. It generally believed that with the improvement of the smart grid, the future hydroelectric power generation system will rely more on the powerful network system. The general application of standardized communication protocol and intelligent electronic equipment in industrial control network provides a technical guarantee for realizing the intellectualization of hydroelectric power generation system but also brings about the network security problems that cannot be ignored. In order to solve the vulnerability of the system, we analyze and quantitatively evaluate the industrial control network of hydropower generation as a whole, and propose a set of attack and defense strategies. The method of vulnerability assessment with high diversity score proposed by us avoids the indifference of different vulnerability score to the greatest extent. At the same time, we propose an optimal attack and defense decision algorithm, which generates the optimal attack and defense strategy. The work of this paper can distinguish the actual hazards of vulnerable points more effectively.

The goal of this document is to provide knowledge of Security for Industrial Control Systems (ICS,) such as supervisory control and data acquisition (SCADA) which is implemented in power transmission network, power stations, power distribution grids and other big infrastructures that affect large number of persons and security of nations. A distinction between IT and ICS security is given to make a difference between the two disciplines. In order to avoid intrusion and destruction of industrials plants, some recommendations are given to preserve their security.

Supervisory control and data acquisition system is an important part of the country's critical infrastructure, but its inherent network characteristics are vulnerable to attack by intruders. The vulnerability of supervisory control and data acquisition system was analyzed, combining common attacks such as information scanning, response injection, command injection and denial of service in industrial control systems, and proposed an intrusion detection model based on graphical features. The time series of message transmission were visualized, extracting the vertex coordinates and various graphic area features to constitute a new data set, and obtained classification model of intrusion detection through training. An intrusion detection experiment environment was built using tools such as MATLAB and power protocol testers. IEC 60870-5-104 protocol which is widely used in power systems had been taken as an example. The results of tests have good effectiveness.

The intelligent power grid is composed of a large number of industrial control equipment, and most of the industrial control equipment has security holes, which are vulnerable to malicious attacks and affect the normal operation of the power grid. By analyzing the security vulnerability of the firmware of industrial control equipment, the vulnerability can be detected in advance and the power grid's ability to resist attack can be improved. In this paper, a kind of industrial control device firmware protocol vulnerabilities associated technology, through the technology of information extraction from the mass grid device firmware device attributes and extract the industrial control system, the characteristics of the construction of industrial control system device firmware and published vulnerability information correlation, faster in the industrial control equipment safety inspection found vulnerabilities.

Cyber-Physical Systems (CPSs) are engineered systems seamlessly integrating computational algorithms and physical components. CPS advances offer numerous benefits to domains such as health, transportation, smart homes and manufacturing. Despite these advances, the overall cybersecurity posture of CPS devices remains unclear. In this paper, we provide knowledge on how to improve CPS resiliency by evaluating and comparing the accuracy, and scalability of two popular vulnerability assessment tools, Nessus and OpenVAS. Accuracy and suitability are evaluated with a diverse sample of pre-defined vulnerabilities in Industrial Control Systems (ICS), smart cars, smart home devices, and a smart water system. Scalability is evaluated using a large-scale vulnerability assessment of 1,000 Internet accessible CPS devices found on Shodan, the search engine for the Internet of Things (IoT). Assessment results indicate several CPS devices from major vendors suffer from critical vulnerabilities such as unsupported operating systems, OpenSSH vulnerabilities allowing unauthorized information disclosure, and PHP vulnerabilities susceptible to denial of service attacks.

Industrial control systems (ICS) are systems used in critical infrastructures for supervisory control, data acquisition, and industrial automation. ICS systems have complex, component-based architectures with many different hardware, software, and human factors interacting in real time. Despite the importance of security concerns in industrial control systems, there has not been a comprehensive study that examined common security architectural weaknesses in this domain. Therefore, this paper presents the first in-depth analysis of 988 vulnerability advisory reports for Industrial Control Systems developed by 277 vendors. We performed a detailed analysis of the vulnerability reports to measure which components of ICS have been affected the most by known vulnerabilities, which security tactics were affected most often in ICS and what are the common architectural security weaknesses in these systems. Our key findings were: (1) Human-Machine Interfaces, SCADA configurations, and PLCs were the most affected components, (2) 62.86% of vulnerability disclosures in ICS had an architectural root cause, (3) the most common architectural weaknesses were “Improper Input Validation”, followed by “Im-proper Neutralization of Input During Web Page Generation” and “Improper Authentication”, and (4) most tactic-related vulnerabilities were related to the tactics “Validate Inputs”, “Authenticate Actors” and “Authorize Actors”.

The cyber threat landscape is a constantly morphing surface; the need for cyber defenders to develop and create proactive threat intelligence is on the rise, especially on critical infrastructure environments. It is commonly voiced that Supervisory Control and Data Acquisition (SCADA) systems and Industrial Control Systems (ICS) are vulnerable to the same classes of threats as other networked computer systems. However, cyber defense in operational ICS is difficult, often introducing unacceptable risks of disruption to critical physical processes. This is exacerbated by the notion that hardware used in ICS is often expensive, making full-scale mock-up systems for testing and/or cyber defense impractical. New paradigms in cyber security have focused heavily on using deception to not only protect assets, but also gather insight into adversary motives and tools. Much of the work that we see in today's literature is focused on creating deception environments for traditional IT enterprise networks; however, leveraging our prior work in the domain, we explore the opportunities, challenges and feasibility of doing deception in ICS networks.

Industrial control systems are changing from monolithic to distributed and interconnected architectures, entering the era of industrial IoT. One fundamental issue is that security properties of such distributed control systems are typically only verified empirically, during development and after system deployment. We propose a novel modelling framework for the security verification of distributed industrial control systems, with the goal of moving towards early design stage formal verification. In our framework we model industrial IoT infrastructures, attack patterns, and mitigation strategies for countering attacks. We conduct model checking-based formal analysis of system security through scenario execution, where the analysed system is exposed to attacks and implement mitigation strategies. We study the applicability of our framework for large systems using a scalability analysis.

Modern industrial control systems (ICS) act as victims of cyber attacks more often in last years. These attacks are hard to detect and their consequences can be catastrophic. Cyber attacks can cause anomalies in the work of the ICS and its technological equipment. The presence of mutual interference and noises in this equipment significantly complicates anomaly detection. Moreover, the traditional means of protection, which used in corporate solutions, require updating with each change in the structure of the industrial process. An approach based on the machine learning for anomaly detection was used to overcome these problems. It complements traditional methods and allows one to detect signal correlations and use them for anomaly detection. Additional Tennessee Eastman Process Simulation Data for Anomaly Detection Evaluation dataset was analyzed as example of industrial process. In the course of the research, correlations between the signals of the sensors were detected and preliminary data processing was carried out. Algorithms from the most common techniques of machine learning (decision trees, linear algorithms, support vector machines) and deep learning models (neural networks) were investigated for industrial process anomaly detection task. It's shown that linear algorithms are least demanding on computational resources, but they don't achieve an acceptable result and allow a significant number of errors. Decision tree-based algorithms provided an acceptable accuracy, but the amount of RAM, required for their operations, relates polynomially with the training sample volume. The deep neural networks provided the greatest accuracy, but they require considerable computing power for internal calculations.

The safety of industrial control systems (ICS) depends not only on comprehensive solutions for protecting information, but also on the timing and closure of vulnerabilities in the software of the ICS. The investigation of security incidents in the ICS is often greatly complicated by the fact that malicious software functions only within the computer's volatile memory. Obtaining the contents of the volatile memory of an attacked computer is difficult to perform with a guaranteed reliability, since the data collection procedure must be based on a reliable code (the operating system or applications running in its environment). The paper proposes a new instrumental method for obtaining the contents of volatile memory, general rules for implementing the means of collecting information stored in memory. Unlike software methods, the proposed method has two advantages: firstly, there is no problem in terms of reading the parts of memory, blocked by the operating system, and secondly, the resulting contents are not compromised by such malicious software. The proposed method is relevant for investigating security incidents of ICS and can be used in continuous monitoring systems for the security of ICS.

Industrial control systems are the fundamental infrastructures of a country. Since the intrusion attack methods for industrial control systems have become complex and concealed, the traditional protection methods, such as vulnerability database, virus database and rule matching cannot cope with the attacks hidden inside the terminals of industrial control systems. In this work, we propose a control flow anomaly detection algorithm based on the control flow of the business programs. First, a basic group partition method based on key paths is proposed to reduce the performance burden caused by tabbed-assert control flow analysis method through expanding basic research units. Second, the algorithm phases of standard path set acquisition and path matching are introduced. By judging whether the current control flow path is deviating from the standard set or not, the abnormal operating conditions of industrial control can be detected. Finally, the effectiveness of a control flow anomaly detection (checking) algorithm based on Path Matching (CFCPM) is demonstrated by anomaly detection ability analysis and experiments.

The paper is devoted to analysis of condition of executing devices and sensors of Industrial Control Systems information security. The work contains structures of industrial control systems divided into groups depending on system's layer. The article contains the analysis of analog interfaces work and work features of data transmission protocols in industrial control system field layer. Questions about relevance of industrial control systems information security, both from the point of view of the information security occurring incidents, and from the point of view of regulators' reaction in the form of normative legal acts, are described. During the analysis of the information security systems of industrial control systems a possibility of leakage through technical channels of information leakage at the field layer was found. Potential vectors of the attacks on devices of field layer and data transmission network of an industrial control system are outlined in the article. The relevance analysis of the threats connected with the attacks at the field layer of an industrial control system is carried out, feature of this layer and attractiveness of this kind of attacks is observed.

The authors have proposed the Fallback Control System (FCS) as a countermeasure after cyber-attacks happen in Industrial Control Systems (ICSs). For increased robustness against cyber-attacks, introducing multiple countermeasures is desirable. Then, an appropriate collaboration is essential. This paper introduces two FCSs in ICS: field network signal is driven FCS and analog signal driven FCS. This paper also implements a collaborative FCS by a collaboration function of the two FCSs. The collaboration function is that the analog signal driven FCS estimates the state of the other FCS. The collaborative FCS decides the countermeasure based on the result of the estimation after cyber-attacks happen. Finally, we show practical experiment results to analyze the effectiveness of the proposed method.

Aiming at the problem that there is little research on firmware vulnerability mining and the traditional method of vulnerability mining based on fuzzing test is inefficient, this paper proposed a new method of mining vulnerabilities in industrial control system firmware. Based on taint analysis technology, this method can construct test cases specifically for the variables that may trigger vulnerabilities, thus reducing the number of invalid test cases and improving the test efficiency. Experiment result shows that this method can reduce about 23 % of test cases and can effectively improve test efficiency.

Due to the wide implementation of communication networks, industrial control systems are vulnerable to malicious attacks, which could cause potentially devastating results. Adversaries launch integrity attacks by injecting false data into systems to create fake events or cover up the plan of damaging the systems. In addition, the complexity and nonlinearity of control systems make it more difficult to detect attacks and defense it. Therefore, a novel security situation awareness framework based on particle filtering, which has good ability in estimating state for nonlinear systems, is proposed to provide an accuracy understanding of system situation. First, a system state estimation based on particle filtering is presented to estimate nodes state. Then, a voting scheme is introduced into hazard situation detection to identify the malicious nodes and a local estimator is constructed to estimate the actual system state by removing the identified malicious nodes. Finally, based on the estimated actual state, the actual measurements of the compromised nodes are predicted by using the situation prediction algorithm. At the end of this paper, a simulation of a continuous stirred tank is conducted to verify the efficiency of the proposed framework and algorithms.

In recent years, there has been progress in applying information technology to industrial control systems (ICS), which is expected to make the development cost of control devices and systems lower. On the other hand, the security threats are becoming important problems. In 2017, a command injection issue on a data logger was reported. In this paper, we focus on the risk assessment in security design for data loggers used in industrial control systems. Our aim is to provide a risk assessment method optimized for control devices and systems in such a way that one can prioritize threats more preciously, that would lead work resource (time and budget) can be assigned for more important threats than others. We discuss problems with application of the automotive-security guideline of JASO TP15002 to ICS risk assessment. Consequently, we propose a three-phase risk assessment method with a novel Risk Scoring Systems (RSS) for quantitative risk assessment, RSS-CWSS. The idea behind this method is to apply CWSS scoring systems to RSS by fixing values for some of CWSS metrics, considering what the designers can evaluate during the concept phase. Our case study with ICS employing a data logger clarifies that RSS-CWSS can offer an interesting property that it has better risk-score dispersion than the TP15002-specified RSS.

In order to evaluate the network security risks and implement effective defenses in industrial control system, a risk assessment method for industrial control systems based on attack graphs is proposed. Use the concept of network security elements to translate network attacks into network state migration problems and build an industrial control network attack graph model. In view of the current subjective evaluation of expert experience, the atomic attack probability assignment method and the CVSS evaluation system were introduced to evaluate the security status of the industrial control system. Finally, taking the centralized control system of the thermal power plant as the experimental background, the case analysis is performed. The experimental results show that the method can comprehensively analyze the potential safety hazards in the industrial control system and provide basis for the safety management personnel to take effective defense measures.

Cyber-Physical Systems (CPS), such as Water Distribution Networks (WDNs), deploy digital devices to monitor and control the behavior of physical processes. These digital devices, however, are susceptible to cyber and physical attacks, that may alter their functionality, and therefore the integrity of their measurements/actions. In practice, industrial control systems utilize simple control laws, which rely on various sensor measurements and algorithms which are expected to operate normally. To reduce the impact of a potential failure, operators may deploy redundant components; this however may not be useful, e.g., when a cyber attack at a PLC component occurs. In this work, we address the problem of reducing vulnerability to cyber-physical attacks in water distribution networks. This is achieved by augmenting the graph which describes the information flow from sensors to actuators, by adding new connections and algorithms, to increase the number of redundant cyber components. These, in turn, increase the \textitcyber-physical security level, which is defined in the present paper as the number of malicious attacks a CPS may sustain before becoming unable to satisfy the control requirements. A proof-of-concept of the approach is demonstrated over a simple WDN, with intuition on how this can be used to increase the cyber-physical security level of the system.

A long time ago Industrial Control Systems were in a safe place due to the use of proprietary technology and physical isolation. This situation has changed dramatically and the systems are nowadays often prone to severe attacks executed from remote locations. In many cases, intrusions remain undetected for a long time and this allows the adversary to meticulously prepare an attack and maximize its destructiveness. The ability to detect an attack in its early stages thus has a high potential to significantly reduce its impact. To this end, we propose a holistic, multi-layered, security monitoring and mitigation framework spanning the physical- and cyber domain. The comprehensiveness of the approach demands for scalability measures built-in by design. In this paper we present how scalability is addressed by an architecture that enforces geographically decentralized data reduction approaches that can be dynamically adjusted to the currently perceived context. A specific focus is put on a robust and resilient solution to orchestrate dynamic configuration updates. Experimental results based on a prototype implementation show the feasibility of the approach.

Cyber-attacks and intrusions in cyber-physical control systems are, currently, difficult to reliably prevent. Knowing a system's vulnerabilities and implementing static mitigations is not enough, since threats are advancing faster than the pace at which static cyber solutions can counteract. Accordingly, the practice of cybersecurity needs to ensure that intrusion and compromise do not result in system or environment damage or loss. In a previous paper [2], we described the Cyberspace Security Econometrics System (CSES), which is a stakeholder-aware and economics-based risk assessment method for cybersecurity. CSES allows an analyst to assess a system in terms of estimated loss resulting from security breakdowns. In this paper, we describe two new related contributions: 1) We map the Cyberspace Security Econometrics System (CSES) method to the evaluation and mitigation steps described by the NIST Guide to Industrial Control Systems (ICS) Security, Special Publication 800-82r2. Hence, presenting an economics-based and stakeholder-aware risk evaluation method for the implementation of the NIST-SP-800-82 guide; and 2) We describe the application of this tailored method through the use of a fictitious example of a critical infrastructure system of an electric and gas utility.