Cascading effects of cyber-attacks on interconnected critical infrastructure

Cybersecurity - 2021
Venkata Reddy Palleti1, Sridhar Adepu2, Vishrut Kumar Mishra2, Aditya P. Mathur2
1Indian Institute of Petroleum and Energy, Visakhapatnam, India
2Singapore University of Technology and Design, Singapore, Singapore

Tóm tắt

AbstractModern critical infrastructure, such as a water treatment plant, water distribution system, and power grid, are representative of Cyber Physical Systems (CPSs) in which the physical processes are monitored and controlled in real time. One source of complexity in such systems is due to the intra-system interactions and inter-dependencies. Consequently, these systems are a potential target for attackers. When one or more of these infrastructure are attacked, the connected systems may also be affected due to potential cascading effects. In this paper, we report a study to investigate the cascading effects of cyber-attacks on two interdependent critical infrastructure namely, a Secure water treatment plant (SWaT) and a Water Distribution System (WADI).

Từ khóa


Tài liệu tham khảo

Adepu, S, Mathur A (2016a) Distributed detection of single-stage multipoint cyber attacks in a water treatment plant In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, 449–460.. Association for Computing Machinery, New York.

Adepu, S, Mathur A (2016b) Generalized attacker and attack models for Cyber-Physical Systems In: Proc. of the 40th IEEE COMPSAC.. IEEE, Atlanta.

Adepu, S, Mishra G, Mathur A (2017) Access control in water distribution networks: A case study In: 2017 IEEE International Conference on Software Quality, Reliability and Security (QRS), 184–191.. IEEE, Prague.

Adepu, S, Palleti VR, Mishra G, Mathur A (2020) Investigation of cyber attacks on a water distribution system In: Applied Cryptography and Network Security Workshops, 274–291.. Springer International Publishing, Cham. arXiv preprint arXiv:1906.02279.

Adepu, S, Prakash J, Mathur A (2017) Waterjam: An experimental case study of jamming attacks on a water treatment system In: 2017 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C), 341–347.. IEEE.

Ahmed, CM, Murguia C, Ruths J (2017) Model-based attack detection scheme for smart water distribution networks In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security (ASIA CCS ’17), 101–113.. ACM, New York.

Ahmed, CM, Palleti VR, Mathur AP (2017) Wadi: A water distribution testbed for research in the design of secure cyber physical systems In: Proceedings of the 3rd International Workshop on Cyber-Physical Systems for Smart Water Networks (CySWATER ’17), 25–28.. Association for Computing Machinery, New York.

Ahmed, CM, Zhou J, Mathur AP (2018) Noise matters: Using sensor and process noise fingerprint to detect stealthy cyber attacks and authenticate sensors in cps In: Proceedings of the 34th Annual Computer Security Applications Conference, 566–581.

Amin, S, Cardenas AA, Sastry SS (2009) Safe and secure networked control systems under denial-of-service attacks In: Hybrid Systems: Computation and Control. Proc. 12th Intl. Conf. (HSCC), LNCS, Vol. 5469, Springer-Verlag, 31–45.. Springer Berlin Heidelberg, Berlin.

Amin, S, Schwartz GA, Sastry SS (2013) Security of interdependent and identical networked control systems. Automatica 49(1):186–192.

Berman, D, Butts J (2012) Towards characterization of cyber attacks on industrial control systems: emulating field devices using gumstix technology In: 2012 5th International Symposium on Resilient Control Systems, 63–68.. IEEE press, Salt Lake City.

Biondi, P (2010) Scapy documentation (!). Release. https://scapy.readthedocs.io/en/latest/backmatter.html. Accessed 23 Feb 2020.

Caire, R, Sanchez J, Hadjsaid N (2013) Vulnerability analysis of coupled heterogeneous critical infrastructures: A co-simulation approach with a testbed validation In: IEEE PES ISGT Europe 2013, 1–5.. IEEE, PES ISGT Europe.

Cardenas, A, Amin S, Lin Z, Huang Y, Huang C, Sastry S (2011) Attacks against process control systems: Risk assessment, detection, and response In: 6th ACM Symposium on Information, Computer and Communications Security, 355–366.. Association for Computing Machinery, New York.

Chen, Y, Poskitt C, Sun J (2018) Learning from mutants: Using code mutation to learn and monitor invariants of a cyber-physical system:648–660. https://doi.org/10.1109/SP.2018.00016.

Chen, Y, Poskitt CM, Sun J, Adepu S, Zhang F (2019) Learning-guided network fuzzing for testing cyber-physical system defences In: 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), 962–973.. IEEE press, San Diego.

Chen, TM, Sanchez-Aarnoutse JC, Buford J (2011) Petri net modeling of cyber-physical attacks on smart grid. IEEE Trans Smart Grid 2(4):741–749.

Feng, C, Palleti VR, Mathur A, Chana D (2019) A systematic framework to generate invariants for anomaly detection in industrial control systems In: NDSS.. The Internet Society, San Diego.

Gadewar, SB, Doherty MF, Malone MF (2001) A systematic method for reaction invariants and mole balances for complex chemistries. Comput Chem Eng 25(9):1199–1217.

Gadewar, SB, Doherty MF, Malone MF (2002) Reaction invariants and mole balances for plant complexes. Ind Eng Chem Res 41(16):3771–3783.

Gamage, TT, McMillin BM, Roth TP (2010) Enforcing information flow security properties in cyber-physical systems: A generalized framework based on compensation In: Computer Software and Applications Conference Workshops (COMPSACW), IEEE 34th Annual, 158–163.. IEEE, Seoul.

Ghaeini, HR, Tippenhauer NO, Zhou J (2019) Zero residual attacks on industrial control systems and stateful countermeasures In: Proceedings of the 14th International Conference on Availability, Reliability and Security, 1–10.

Hau, Z, Castellanos JH, Zhou J2020. Evaluating Cascading Impact of Attacks on Resilience of Industrial Control Systems: A Design-Centric Modeling Approach. Association for Computing Machinery, New York.

Heracleous, C, Keliris C, Panayiotou CG, Polycarpou MM (2018) Centralized fault detection of complex uncertain hybrid systems. IFAC-PapersOnLine 51(7):76–81.

Heracleous, C, Kolios P, Panayiotou CG, Ellinas G, Polycarpou MM (2017) Hybrid systems modeling for critical infrastructures interdependency analysis. Reliab Eng Syst Saf 165:89–101. https://doi.org/10.1016/j.ress.2017.03.028.

Howser, G, McMillin B (2014) A modal model of stuxnet attacks on cyber-physical systems: A matter of trust In: 2014 Eighth International Conference on Software Security and Reliability (SERE), 225–234.. IEEE press, San Francisco.

Kang, E, Adepu S, Jackson D, Mathur AP (2016) Model-based security analysis of a water treatment system In: In Proceedings of 2nd International Workshop on Software Engineering for Smart Cyber-Physical Systems (in Press; SEsCPS’16).. IEEE, Austin.

Kumar, V, Kaistha N (2019) Invariants for optimal operation of a reactor-separator-recycle process. J Process Control 82:1–12.

Kwon, C, Liu W, Hwang I (2013) Security analysis for cyber-physical systems against stealthy deception attacks In: American Control Conference (ACC), 2013, 3344–3349.. IEEE press, Washington, DC.

LabVIEW (2019). http://www.ni.com/labview/. Accessed 15 Mar 2020.

Lee, EE, Mitchell JE, Wallace WA (2004) Assessing vulnerability of proposed designs for interdependent infrastructure systems In: Proceedings of the 37th Annual Hawaii International Conference on System Sciences, 2004, 8.. IEEE Computer Society, Los Alamitos.

Liu, Y, Ning P, Reiter MK (2011) False data injection attacks against state estimation in electric power grids. ACM Trans Inf Syst Secur (TISSEC) 14(1):13.

Liu, J, Zeng F (2012) Research on Conceptual Design Method for Marine Power Plant Based on QFD In: Computational Intelligence and Design (ISCID), 2012 Fifth International Symposium On, vol. 1, 246–249.. Hangzhou.

Mathur, AP, Tippenhauer NO (2016) SWaT: A water treatment testbed for research and training on ICS security In: International Workshop on Cyber-physical Systems for Smart Water Networks (CySWater), 31–36.. IEEE, USA.

Mulder, J, Schwartz M, Berg M, Van Houten JR, Mario J, Urrea MAK, Clements AA, Jacob J (2013) Weaselboard: Zero-day exploit detection for Programmable Logic Controllers. Technical report, SAND2013-8274, Sandia National Laboratories.

Ouyang, M, Wang Z (2015) Resilience assessment of interdependent infrastructure systems: With a focus on joint restoration modeling and analysis. Reliab Eng Syst Saf 141:74–82.

Pasqualetti, F, Dörfler F, Bullo F (2011) Cyber-physical attacks in power networks: Models, fundamental limitations and monitor design In: 2011 50th IEEE Conference on Decision and Control and European Control Conference, 2195–2201.. IEEE press, Orlando.

Paul, T, Kimball JW, Zawodniok M, Roth TP, McMillin B (2011) Invariants as a unified knowledge model for cyber-physical systems In: IEEE International Conference on Service-Oriented Computing and Applications (SOCA), 1–8.. IEEE, Irvine.

Rinaldi, SM, Peerenboom J, Kelly TK (2002) Identifying, understanding, and analyzing critical infrastructure interdependencies. Control Syst IEEE 21:11–25.

Rosich, A, Voos H, Darouach M (2014) Cyber-attack detection based on controlled invariant sets In: European Control Conference (ECC), 2176–2181.. IEEE, Strasbourg.

Rozel, B, Viziteu M, Caire R, Hadjsaid N, Rognon J-P (2008) Towards a common model for studying critical infrastructure interdependencies In: 2008 IEEE Power and Energy Society General Meeting - Conversion and Delivery of Electrical Energy in the 21st Century, 1–6.. IEEE, Pittsburgh.

Rueda, DF, Calle E (2017) Using interdependency matrices to mitigate targeted attacks on interdependent networks: A case study involving a power grid and backbone telecommunications networks. Int J Crit Infrastruct Prot 16:3–12. https://doi.org/10.1016/j.ijcip.2016.11.004.

Sabaliauskaite, G, Adepu S (2017) Integrating six-step model with information flow diagrams for comprehensive analysis of cyber-physical system safety and security In: 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE), 41–48.. IEEE press, Singapore.

Stamp, M (2011) Information Security: Principles and Practice. Wiley Publishing, San Jose.

Teixeira, A, Pérez D, Sandberg H, Johansson KH (2012) Attack models and scenarios for networked control systems In: Proceedings of the 1st International Conference on High Confidence Networked Systems, 55–64.. Association for Computing Machinery, New York.

U.S.-Canada, Power System Outage, Task Force (2004) Final Report on the August 14, 2003 Blackout in the United States and Canada: Causes and Recommendations. https://www.energy.gov/oe/downloads/us-canada-power-system-outage-taskforce-final-report-implementation-task-force. Accessed 14 Mar 2020.

Urbina, D, Giraldo J, Tippenhauer N, Cardenas A (2016a) Attacking fieldbus communications in ICS: applications to the SWaT testbed In: Proceedings of the Singapore Cyber-Security Conference (SG-CRC). vol. 14, 75–89.. IOS press, Singapore.

Urbina, DI, et al. (2016b) Limiting the impact of stealthy attacks on industrial control systems In: Proceedings of the 2016 ACM CCS, 1092–1105.. Association for Computing Machinery, New York.

Vaidya, B, Makrakis D, Mouftah HT (2011) Security mechanism for multi-domain vehicle-to-grid infrastructure In: 2011 IEEE Global Telecommunications Conference - GLOBECOM 2011, 1–5.. IEEE, Houston.

Wasicek, A2013. Attack modeling in Ptolemy: Towards a secure design for Cyber-Physical systems. http://chess.eecs.berkeley.edu/pubs/1039/wasicek_AttackModeling_PtolemyMiniConf2013.pdf.

Zhang, Y, Yagan O (2018) Modeling and Analysis of Cascading Failures in Interdependent Cyber-Physical Systems. arXiv e-prints:4731–4738. Miami Beach.

Thông tin
Thông tin xuất bản

Cybersecurity

Thông tin tác giả