Fig 1 - uploaded by Marina Krotofil
Content may be subject to copyright.
Initial terminology: ICS-Industrial Control System(s); SCADASupervisory Control and Data Acquisition; DCS: Distributed Control System; PCS-Process Control System
Source publication
Increasing awareness of ICS security issues has brought about a growing body of work in this area, including pioneering contributions based on realistic control system logs and network traces. This paper surveys the state of the art in ICS security research, including efforts of industrial researchers, highlighting the most interesting works. Resea...
Context in source publication
Similar publications
Increasing awareness of ICS security issues has brought about a growing body of work in this area, including pioneering contributions based on realistic control system logs and network traces. This paper surveys the state of the art in ICS security research, including efforts of industrial researchers, highlighting the most interesting works. Resea...
Citations
... An overview of ICS security and protocol-related (Modbus/TCP, DNP3, IEC 61850) and sensor/actuator vulnerabilities is presented, along with recommended security solutions to mitigate their risk [72]. ...
... In comparison with previous works about PQC cited before, this manuscript aims to provide a perspective on the problem of implementing PQC algorithms in CI and OT environments. In the literature there are many works regarding the importance of cybersecurity and cryptography in OT [27], [28], [31], [37], [38], [39], [40], [41], [42]. As PQC algorithms were traditionally conceived from the point of view of IT communications, there are some requirements in industrial environments that are usually not fulfilled by those. ...
The machinery of industrial environments was connected to the Internet years ago with the scope of increasing their performance. However, this change made such environments vulnerable against cyber-attacks that can compromise their correct functioning resulting in economic or social problems. Moreover, implementing cryptosystems in the communications between operational technology (OT) devices is a more challenging task than for information technology (IT) environments since the OT networks are generally composed of legacy elements, characterized by low-computational capabilities. Consequently, implementing cryptosystems in industrial communication networks faces a trade-off between the security of the communications and the amortization of the industrial infrastructure. Critical Infrastructure (CI) refers to the industries which provide key resources for the daily social and economical development, e.g. electricity. Furthermore, a new threat to cybersecurity has arisen with the theoretical proposal of quantum computers, due to their potential ability of breaking state-of-the-art cryptography protocols, such as RSA or ECC. Many global agents have become aware that transitioning their secure communications to a quantum secure paradigm is a priority that should be established before the arrival of fault-tolerance. In this paper, we aim to describe the problematic of implementing post-quantum cryptography (PQC) to CI environments. For doing so, we describe the requirements for these scenarios and how they differ against IT. We also introduce classical cryptography and how quantum computers pose a threat to such security protocols. Furthermore, we introduce state-of-the-art proposals of PQC protocols and present their characteristics. We conclude by discussing the problematic of integrating PQC in industrial environments.
... In [38], they provided a testbed for identifying SCADA protocol flaws. [39] provides an overview of ICS protocoland sensor/actuator-related security vulnerabilities (Modbus/TCP, DNP3, IEC 61850), as well as suggested security solutions to reduce the risk. The O&G sector is actively encouraged to follow the rules. ...
... Spichkova in [82] introduces a development methodology for CPSs focusing on the abstraction levels of the system model, based on the idea of refinement-based development of complex, interactive systems. Krotofil and Gollmann describe the layered structure of CPSs [83]. ...
Cyber-Physical Systems (CPS) are physical systems whose operations are coordinated, monitored, and controlled by computing and communication functions. These systems are typically heterogeneous, including Internet of Things and information technology subsystems, and can present a myriad of implementation details, making them very complex systems. An important type of CPS is a maritime container terminal (cargo port), which is a facility where cargo containers are transported between ships and land vehicles for onward transportation and vice versa. A cargo port performs four basic functions: receiving, storing, staging, and loading for both import and export containers. We present here process patterns that describe the functional aspects of cargo ports and a pattern that describes their structural properties (patterns are encapsulated solutions to recurrent problems). These patterns describe semantic aspects found in any cargo port and can be adapted to describe other CPSs. We decompose these process patterns into use cases that describe their interactions with the system. We then integrate the process patterns with structural patterns to assemble a partial reference architecture (RA) that shows the interactions of all the patterns while also indicating the typical stakeholders found in all ports. We validate the proposed reference architecture, highlighting its theoretical and practical value. Software and system designers of cargo ports need to start from a conceptual and abstract view that is subsequently refined to add more details. The use of reference architectures and patterns is an effective way to organize and describe the functional and non-functional aspects of a system, as well as to unify the design of all its aspects. This is, until now, the only published RA for cargo ports, and it can be a useful guideline for the designers of any type of cargo port.
... As industrial organizations are increasingly connecting their operational (OT) network with the corporate network to improve business and operational efficiency, ICSs are more and more exposed to sophisticated cyber attacks. Indeed, in the last years, several cyber-physical attacks [13,20,23] have targeted ICSs to take control of national critical infrastructures. Some notorious examples are: (i) the STUXnet worm, which reprogrammed Siemens PLCs of nuclear centrifuges in the nuclear facility of Natanz in Iran [10]; (ii) the CRASHOVERRIDE attack on the Ukrainian power grid, otherwise known as Industroyer [31]; (iii) the recent attack to a water treatment plant of Oldsmar, Florida, where hackers boosted the level of sodium hydroxide to 100 times higher than normal [3]. ...
In the last years, Industrial Control Systems (ICSs) have been the target of an increasing number of cyber-physical attacks, i.e., security breaches in cyberspace that adversely alter the physical processes. The main challenge attackers face in the development of cyber-physical attacks with a precise goal is obtaining an adequate level of process comprehension. Process comprehension is defined as "the understanding of system characteristics and components responsible for the safe delivery of service" (Green et al. 2017). While there exist a number of tools (Nmap, PLCScan, Xprobe, etc) one can use to develop a level of process comprehension through the targeting of controllers alone, they are limited by functionality, scope, and detectability. Thus, to support the execution of realistic cyber-physical attack scenario with adequate level of physical process comprehension, we propose a black-box dynamic analysis reverse engineering tool to derive from scans of memory registers of exposed controllers an approximated model of the controlled physical process. Such an approximated model is developed by inferring statistical properties, business processes and, in particular, system invariants whose knowledge might be crucial to build up stealthy (i.e., undetectable) attacks. We test the proposed methodology on a non-trivial case study, taken from the context of industrial water treatment systems.
... Due to limited capabilities, a viable non-intrusive option would be to concentrate on detecting cyber-attacks rather than on prevention. A significant effort focuses on anomaly detection solutions (Yang et al., 2006;Krotofil and Gollmann, 2013;Zhou and Gu,2018;Yang et al., 2019;Martinez et al., 2019); however, previous solutions rarely address non-IP network cases. ...
... In general, detection systems use detection algorithms classified as signature-based, statistical-based, knowledgebased, anomaly-based, and machine-learning-based. Knowledge-based and signature-based techniques perform well over highly on periodic and predictable network behavior (Krotofil and Gollmann, 2013). However, they are limited to unknown attacks based on known standards (Gao and Morris, 2014). ...
... An anomaly detection system should consider the behavior of both parts of the telegram. The predictable and repeatable nature of ICS traffic and relatively static network topology can be leveraged to detect anomalies, whereas known legitimate control sequences/codes and unsafe states make them suitable for several detection algorithms (Krotofil and Gollmann, 2013). This traffic behavior reduces the anomaly detection complexity because it can sense the minimum difference from the expected behavior. ...
This paper describes a system to detect anomalies in non-IP (Internet Protocol) industrial networks on Industrial Control Systems (ICS). Non-IP industrial networks are widely applied in ICS to connect sensors and actuators to control systems or business networks. They were designed to be in an air-gapped security environment and therefore contain almost no cyber security features and are vulnerable to various attacks. Even though they are part of the communication layers, a few external cyber security controls are applied in this crucial tier. As an extension of the work by De Moura et al. (2021), this study proposes and tests the proof-of-concept of an agnostic anomaly detection system (AADS) to detect anomalies on any non-IP industrial network (e.g., DeviceNet, CANBus) as an additional cyber security measure working at the physical network layer. The proof-of-concept is comprised of three modules, including hardware and software components: data gathering (sniffer), parser, and detection. Testing the proof-of-concept in an industrial lab network (i.e., a Profibus-DP lab network) showed the proposal's feasibility with a detection rate above 99% (overall accuracy: 99.59%; F1-Score: 99.18%).
... Industrial Control System is the broad category of control systems and accompanying instruments employed for industrial process control. Control systems can be as little as very few discrete panel-mounted controllers or as large as massive linked and interactive distributed control systems with hundreds of field connections [1]. Regulate organizations collect data from remote sensors that measure process variables, compare the received data to desired set points, and create command functions used to control a process via final control devices such as control valves [2]. ...
The adjustment of a control parameter to produce a sufficient response to the processing system is known as tuning a control loop. Control procedures are frequently tweaked during running conditions rather than startup conditions to ensure that the process variable is stable at an operating point. Proportional Integral Derivative (PID) are the extensively used controllers to compensate for a wide range of industrial processes due to their simplicity and resilience. The effectiveness of tuning procedures has been compared using time response characteristics. This study shows how to adjust the gains of the Proportional Integral (PI), Proportional Integral Derivative (PID) and Fractional Order Proportional Integral (FOPI) controllers by using various tuning methodologies. The method involves calculating the Controller Gain (KC), Integral Time Constant (TI), and Derivative Time constant (TD) for a PID-controlled system with a First-Order Plus Time Delay (FOPTD) process. MATLAB / SIMULINK platform is used to investigate and evaluate the performance of various PID tuning procedures in this study.
... With the development of the Internet of Things (IoT) technology and the development needs of the industrial control system itself, the industrial control network has greatly developed. 1,2 An industrial control network is a communication component deployed on various heterogeneous industrial control systems, and its core is various network communication protocols. The reliability of these protocols will directly affect the safety of the entire industrial control system. ...
With the improvement of industrial informatization, various industrial control system network protocols have also been widely used. The reliability of these protocols will directly affect the safety of industrial control systems. As an effective method that can automatically analyze system reliability, model checking has been widely used in the verification of various safety‐critical systems. In this paper, we propose a modeling design method for industrial control network protocol based on time semantic reconstruction of time state transition matrix (TSTM). In addition, we provide a TSTM model checking method based on linear temporal logic (LTL). In order to effectively alleviate the state space explosion, the method adopts bounded model checking (BMC) technology. Furthermore, we implement a TSTM model verification tool called ICPV. Finally, we apply the above method to the modeling and verification of the industrial control network protocol Powerlink and through a comparison experiment with UPPAAL to illustrate the effectiveness of the method proposed in this paper. This paper reconstructs the time semantics of TSTM to make it more suitable for modeling and verification of industrial control network protocols. On this basis, the corresponding modeling design method, model verification method, and verification tool called ICPV are proposed. Finally, the effectiveness of the method is illustrated by a complete case study of an actual industrial control network protocol.
... For example, the software can be copied by the insiders. Insiders are one of the key threats, whether intentional or not, that can cause direct security violations [30]. Poor coding could cause weak software protection. ...
The digital twin is based on integrated technologies such as the Internet of Things (IoT), Cloud Computing, Machine Learning, and Artificial Intelligence. The digital twin has become an important method of the digital manufacturing processes for the fourth industrial revolution. The digital twin is driven by increased intelligence, digitization, and reliability of smart manufacturing assets. It has potential usage areas such as construction, smart cities, and healthcare. It could be used to increase the overall performance of the potential systems and to support the physical world. Although extensive benefits are recognized, the security risks for using the digital twin have yet to be explored. The physical world of various nodes communicates with the digital twin. The digital twins also communicate with each other in the near future. This study investigates the risks and threats which target the components of digital twin and data communication. Potential countermeasures and also future work is given.
... Current approaches use safety PLCs for mission critical applications and formal failure mode and effects analysis approaches to analyze system hardware, but no existing formal technique can assess complete systems for functional safety. The need for a theoretical basis for formally modeling and assessing IAS for security requirements such as availability, integrity, confidentiality, graceful degradation, and detection is highlighted in [82]. The authors note the high modeling overheads that prevent the widespread use of formal modeling for this purpose. ...
Industrial automation systems (IAS) need to be highly dependable; they should not merely function as expected but also do so in a reliable, safe, and secure manner. Formal methods are mathematical techniques that can greatly aid in developing dependable systems and can be used across all phases of the system development life cycle (SDLC), including requirements engineering, system design and implementation, verification and validation (testing), maintenance, and even documentation. This state-of-the-art survey reports existing formal approaches for creating more dependable IAS, focusing on static formal methods that are used before a system is completely implemented. We categorize surveyed works based on the phases of the SDLC, allowing us to identify research gaps and promising future directions for each phase.
