Article

Resilience of Process Control Systems to Cyber-Physical Attacks

Authors:

Marina Krotofil,

Alvaro A. CárdenasAuthors Info & Claims

NordSec 2013: Proceedings of the 18th Nordic Conference on Secure IT Systems - Volume 8208

Pages 166 - 182

https://doi.org/10.1007/978-3-642-41488-6_12

Published: 18 October 2013 Publication History

Abstract

In this work we investigate the matter of "secure control" --- a novel research direction capturing security objectives specific to Industrial Control Systems ICS. We provide an empirical analysis of the well known Tennessee Eastman process control challenge problem to gain insights into the behavior of a physical process when confronted with cyber-physical attacks. In particular, we investigate the impact of integrity and DoS attacks on sensors which measure physical phenomena. We also demonstrate how the results of process-aware security analysis can be applied to improve process resilience to cyber-physical attacks.

References

[1]

Abnormal Situation Management ASM Consortium: Official website, https://www.asmconsortium.net/ retrieved: June 2013

[2]

Anderson, R., Fuloria, S.: Security economics and critical national infrastructure. In: Economics of Information Security and Privacy, pp. 55---66 2010

[3]

U.S. Chemical Safety Board: Runaway: Explosion at T2 laboratories 2007, http://www.youtube.com/watch?v=C561PCq5E1g 2009 retrieved: May 2013

[4]

Cárdenas, A.A., Amin, S., Lin, Z.S., Huang, Y.L., Huang, C.Y., Sastry, S.: Attacks against process control systems: risk assessment, detection, and response. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2011, pp. 355---366 2011

Digital Library

[5]

Chabukswar, R., Sinopoli, B., Karsai, G., Giani, A., Neema, H., Davis, A.: Simulation of network attacks on SCADA systems. In: First Workshop on Secure Control Systems 2010

[6]

Chien, E., O'Gorman, G.: The Nitro attacks: Stealing secrets from the chemical industry. Tech. rep., Symantec 2011

[7]

Downs, J.J., Vogel, E.F.: A plant-wide industrial process control problem. Computers & Chemical Engineering 173, 245---255 1993

[8]

Genge, B., Siaterlis, C., Hohenadell, M.: Impact of network infrastructure parameters to the effectiveness of cyber attacks against industrial control systems. International Journal of Computers, Communications & Control 74, 673---686 2012

[9]

Genge, B., Siaterlis, C.: An experimental study on the impact of network segmentation to the resilience of physical processes. In: Bestak, R., Kencl, L., Li, L.E., Widmer, J., Yin, H. eds. NETWORKING 2012, Part I. LNCS, vol. 7289, pp. 121---134. Springer, Heidelberg 2012

Digital Library

[10]

Gollmann, D.: Veracity, plausibility, and reputation. In: Askoxylakis, I., Pöhls, H.C., Posegga, J. eds. WISTP 2012. LNCS, vol. 7322, pp. 20---28. Springer, Heidelberg 2012

Digital Library

[11]

Huang, Y., Cárdenas, A., Amin, S., Lin, S.Z., Tsai, H.Y., Sastry, S.S.: Understanding the physical and economic consequences of attacks against control systems. International Journal of Critical Infrastructure Protection 23, 72---83 2009

[12]

libmodbus Project: Official website, http://libmodbus.org/ retrieved: June 2013

[13]

Liptak, B.G.: Instrument Engineers' Handbook. Process Control and Optimizatiol, vol. 2. CRC Press 2005

[14]

Luyben, W.L., Tyreus, B.D., Luyben, M.L.: PlantwideProcess Control. McGraw-Hill 1998

[15]

McAvoy, T., Ye, N.: Base control for the Tennessee Eastman problem. Computers & Chemical Engineering 185, 383---413 1994

[16]

McEvoy, T., Wolthusen, S.: A plant-wide industrial process control security problem. In: Critical Infrastructure Protection V, vol. 367, pp. 47---56 2011

[17]

McIntyrel, C.: Using Smart Instrumentation. Plant Engineering 2011

[18]

Ricker, N.L.: Tennessee Eastman Challenge Archive, http://depts.washington.edu/control/LARRY/TE/download.html retrieved: May 2013

[19]

Ricker, N.L.: Model predictive control of a continuous, nonlinear, two-phase reactor. Journal of Process Control 32, 109---123 1993

[20]

Ricker, N.: Optimal steady-state operation of the Tennessee Eastman challenge process. Computers & Chemical Engineering 199, 949---959 1995

[21]

Ricker, N., Lee, J.: Nonlinear model predictive control of the Tennessee Eastman challenge process. Computers & Chemical Engineering 199, 961---981 1995

Cited By

Esquivel-Vargas HCastellanos JCaselli MTippenhauer NPeter A(2022)Identifying Near-Optimal Single-Shot Attacks on ICSs with Limited Process KnowledgeApplied Cryptography and Network Security10.1007/978-3-031-09234-3_9(170-192)Online publication date: 20-Jun-2022
https://dl.acm.org/doi/10.1007/978-3-031-09234-3_9
Hau ZCastellanos JZhou JKatsikas SAlcaraz C(2020)Evaluating Cascading Impact of Attacks on Resilience of Industrial Control Systems: A Design-Centric Modeling ApproachProceedings of the 6th ACM on Cyber-Physical System Security Workshop10.1145/3384941.3409587(42-53)Online publication date: 6-Oct-2020
https://dl.acm.org/doi/10.1145/3384941.3409587
Damodaran SRowe PKoutsoukos XCardenas AAl-Shaer E(2019)Limitations on observability of effects in cyber-physical systemsProceedings of the 6th Annual Symposium on Hot Topics in the Science of Security10.1145/3314058.3314065(1-10)Online publication date: 1-Apr-2019
https://dl.acm.org/doi/10.1145/3314058.3314065
Show More Cited By

Index Terms

Resilience of Process Control Systems to Cyber-Physical Attacks
1. Information systems
  1. Information systems applications
    1. Process control systems

Recommendations

Modeling and control of Cyber-Physical Systems subject to cyber attacks: A survey of recent advances and challenges
Highlights
- In general, the cyber-attacks in the literature can be classified into three main types: denial of service (DoS) attacks, deception attacks, and replay ...
Abstract
Cyber Physical Systems (CPS) are almost everywhere; they can be accessed and controlled remotely. These features make them more vulnerable to cyber attacks. Since these systems provide critical services, having them under attack would ...
Evaluating Resilience of Gas Pipeline Systems Under Cyber-Physical Attacks: A Function-Based Methodology
CPS-SPC '16: Proceedings of the 2nd ACM Workshop on Cyber-Physical Systems Security and Privacy

In this research paper, we present a function-based methodology to evaluate the resilience of gas pipeline systems under two different cyber-physical attack scenarios. The first attack scenario is the pressure integrity attack on the natural gas high-...
Security analysis for cyber-physical systems against stealthy cyber attacks
CERIAS '13: Proceedings of the 14th Annual Information Security Symposium

Security of Cyber-Physical Systems (CPS) against cyber attacks is an important yet challenging problem. Since most cyber attacks happen in erratic ways, it is difficult to describe them systematically. In this paper, instead of identifying a specific ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

NordSec 2013: Proceedings of the 18th Nordic Conference on Secure IT Systems - Volume 8208

October 2013

320 pages

ISBN:9783642414879

Editors:
Hanne Riis Nielson
Department of Applied Mathematics and Computer Science, DTU Compute, Technical University of Denmark, Lyngby, Denmark
,
Dieter Gollmann
Institut für Sicherheit in verteilten Anwendungen, Technische Universität Hamburg-Harburg, Hamburg, Germany

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 18 October 2013

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 13 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Esquivel-Vargas HCastellanos JCaselli MTippenhauer NPeter A(2022)Identifying Near-Optimal Single-Shot Attacks on ICSs with Limited Process KnowledgeApplied Cryptography and Network Security10.1007/978-3-031-09234-3_9(170-192)Online publication date: 20-Jun-2022
https://dl.acm.org/doi/10.1007/978-3-031-09234-3_9
Hau ZCastellanos JZhou JKatsikas SAlcaraz C(2020)Evaluating Cascading Impact of Attacks on Resilience of Industrial Control Systems: A Design-Centric Modeling ApproachProceedings of the 6th ACM on Cyber-Physical System Security Workshop10.1145/3384941.3409587(42-53)Online publication date: 6-Oct-2020
https://dl.acm.org/doi/10.1145/3384941.3409587
Damodaran SRowe PKoutsoukos XCardenas AAl-Shaer E(2019)Limitations on observability of effects in cyber-physical systemsProceedings of the 6th Annual Symposium on Hot Topics in the Science of Security10.1145/3314058.3314065(1-10)Online publication date: 1-Apr-2019
https://dl.acm.org/doi/10.1145/3314058.3314065
Esquivel-Vargas HCaselli MTews EBucur DPeter A(2019)BACRank: Ranking Building Automation and Control System Components by Business Continuity ImpactComputer Safety, Reliability, and Security10.1007/978-3-030-26601-1_13(183-199)Online publication date: 10-Sep-2019
https://dl.acm.org/doi/10.1007/978-3-030-26601-1_13
Castellanos JZhou J(2019)A Modular Hybrid Learning Approach for Black-Box Security Testing of CPSApplied Cryptography and Network Security10.1007/978-3-030-21568-2_10(196-216)Online publication date: 5-Jun-2019
https://dl.acm.org/doi/10.1007/978-3-030-21568-2_10
Aoudi WIturbe MAlmgren MLie DMannan MBackes MWang X(2018)Truth Will OutProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security10.1145/3243734.3243781(817-831)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3243734.3243781

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents