![Page 1: Cyber Security Considerations for Industrial Control Systemsimpact on physical systems. Develop security solutions; system protection, intrusion detection, attack resilience Train](https://reader036.vdocuments.mx/reader036/viewer/2022081607/5ed37c3a847f87317f77bfc3/html5/thumbnails/1.jpg)
Weichao WangCollege of Computing and InformaticsUNC Charlotte
Cyber Security Considerations for Industrial Control Systems
![Page 2: Cyber Security Considerations for Industrial Control Systemsimpact on physical systems. Develop security solutions; system protection, intrusion detection, attack resilience Train](https://reader036.vdocuments.mx/reader036/viewer/2022081607/5ed37c3a847f87317f77bfc3/html5/thumbnails/2.jpg)
Common configuration
DMZ
Enterprise Network
Control Room
Outstation
WWW
![Page 3: Cyber Security Considerations for Industrial Control Systemsimpact on physical systems. Develop security solutions; system protection, intrusion detection, attack resilience Train](https://reader036.vdocuments.mx/reader036/viewer/2022081607/5ed37c3a847f87317f77bfc3/html5/thumbnails/3.jpg)
Can malware infect the control room or outstation?
DMZ
Enterprise Network
Control Room
Outstation
WWW
Yes
![Page 4: Cyber Security Considerations for Industrial Control Systemsimpact on physical systems. Develop security solutions; system protection, intrusion detection, attack resilience Train](https://reader036.vdocuments.mx/reader036/viewer/2022081607/5ed37c3a847f87317f77bfc3/html5/thumbnails/4.jpg)
Can malware infect the control room or outstation?
DMZ
Enterprise Network
Control Room
Outstation
WWW
Yes
![Page 5: Cyber Security Considerations for Industrial Control Systemsimpact on physical systems. Develop security solutions; system protection, intrusion detection, attack resilience Train](https://reader036.vdocuments.mx/reader036/viewer/2022081607/5ed37c3a847f87317f77bfc3/html5/thumbnails/5.jpg)
What about serial? RS-232/485
Stuxnet
![Page 6: Cyber Security Considerations for Industrial Control Systemsimpact on physical systems. Develop security solutions; system protection, intrusion detection, attack resilience Train](https://reader036.vdocuments.mx/reader036/viewer/2022081607/5ed37c3a847f87317f77bfc3/html5/thumbnails/6.jpg)
Take aways
Industrial control systems can be infected by malware.
An electronic security perimeter alone is insufficient protection.
Need a defense in depth approach.
![Page 7: Cyber Security Considerations for Industrial Control Systemsimpact on physical systems. Develop security solutions; system protection, intrusion detection, attack resilience Train](https://reader036.vdocuments.mx/reader036/viewer/2022081607/5ed37c3a847f87317f77bfc3/html5/thumbnails/7.jpg)
Risk Assessment
Should consider likelihood of attack cost of attack impact of attack
Compared to cost of prevention likelihood of prevention
![Page 8: Cyber Security Considerations for Industrial Control Systemsimpact on physical systems. Develop security solutions; system protection, intrusion detection, attack resilience Train](https://reader036.vdocuments.mx/reader036/viewer/2022081607/5ed37c3a847f87317f77bfc3/html5/thumbnails/8.jpg)
MSU ECE 8990 Smart Grid
Interruption (Denial of Service)
An asset of the system is destroyed of becomes unavailable or unusable
Attack on availability Disabling the file management system LonTalk protocol example May not be physical destruction. (mostly are
not) May be temporary.
![Page 9: Cyber Security Considerations for Industrial Control Systemsimpact on physical systems. Develop security solutions; system protection, intrusion detection, attack resilience Train](https://reader036.vdocuments.mx/reader036/viewer/2022081607/5ed37c3a847f87317f77bfc3/html5/thumbnails/9.jpg)
DOS Prevention
Defense at the protocol level Monitor the active connections
Monitor and react Monitor network traffic for DOS attacks Close offending ports Is it OK to close a network port in an ICS
network? Test devices for vulnerability
○ Protocol mutation (fuzzing)○ Known attacks○ Floods
![Page 10: Cyber Security Considerations for Industrial Control Systemsimpact on physical systems. Develop security solutions; system protection, intrusion detection, attack resilience Train](https://reader036.vdocuments.mx/reader036/viewer/2022081607/5ed37c3a847f87317f77bfc3/html5/thumbnails/10.jpg)
MSU ECE 8990 Smart Grid
Interception An unauthorized party gains access to an
asset Attack on confidentiality Wiretapping to capture data in a network Intercepting a password -> bad Intercepting a password file -> worse Intercepting ICS data -> what can the
attackers learn?
![Page 11: Cyber Security Considerations for Industrial Control Systemsimpact on physical systems. Develop security solutions; system protection, intrusion detection, attack resilience Train](https://reader036.vdocuments.mx/reader036/viewer/2022081607/5ed37c3a847f87317f77bfc3/html5/thumbnails/11.jpg)
MSU ECE 8990 Smart Grid
![Page 12: Cyber Security Considerations for Industrial Control Systemsimpact on physical systems. Develop security solutions; system protection, intrusion detection, attack resilience Train](https://reader036.vdocuments.mx/reader036/viewer/2022081607/5ed37c3a847f87317f77bfc3/html5/thumbnails/12.jpg)
You have to be really careful: encryption does not solve all problems Key distribution and update Forward and backward secrecy Pairwise key or group based communication
![Page 13: Cyber Security Considerations for Industrial Control Systemsimpact on physical systems. Develop security solutions; system protection, intrusion detection, attack resilience Train](https://reader036.vdocuments.mx/reader036/viewer/2022081607/5ed37c3a847f87317f77bfc3/html5/thumbnails/13.jpg)
MSU ECE 8990 Smart Grid
Modification An unauthorized party not only gains
access but tampers with an asset Attack on integrity Change values in a data file Alter a program to make it perform
differently Modify content of messages transmitted on
a network
man-in-the-middle (MITM)
![Page 14: Cyber Security Considerations for Industrial Control Systemsimpact on physical systems. Develop security solutions; system protection, intrusion detection, attack resilience Train](https://reader036.vdocuments.mx/reader036/viewer/2022081607/5ed37c3a847f87317f77bfc3/html5/thumbnails/14.jpg)
MSU ECE 8990 Smart Grid
Modification Modification in ICS -> very bad Feedback control uses ○ sensors to monitor physical process○ Controllers to control the physical process.
Modifying measured output, measured error, system input, or reference affects system output.
![Page 15: Cyber Security Considerations for Industrial Control Systemsimpact on physical systems. Develop security solutions; system protection, intrusion detection, attack resilience Train](https://reader036.vdocuments.mx/reader036/viewer/2022081607/5ed37c3a847f87317f77bfc3/html5/thumbnails/15.jpg)
MSU ECE 8990 Smart Grid
Modification Need to defend the sensor. Need to defend the device which
measures error. Need to defend the controller. Need to defend the communication
network.
![Page 16: Cyber Security Considerations for Industrial Control Systemsimpact on physical systems. Develop security solutions; system protection, intrusion detection, attack resilience Train](https://reader036.vdocuments.mx/reader036/viewer/2022081607/5ed37c3a847f87317f77bfc3/html5/thumbnails/16.jpg)
MSU ECE 8990 Smart Grid
![Page 17: Cyber Security Considerations for Industrial Control Systemsimpact on physical systems. Develop security solutions; system protection, intrusion detection, attack resilience Train](https://reader036.vdocuments.mx/reader036/viewer/2022081607/5ed37c3a847f87317f77bfc3/html5/thumbnails/17.jpg)
MSU ECE 8990 Smart Grid
Fabrication
Unauthorized party inserts counterfeit objects into the system
Attack on authenticity Insertion of spurious messages in a network Addition of records to a file ICS – insertion of
spurious/unwanted/unauthorized control ICS – adding data to a historian
![Page 18: Cyber Security Considerations for Industrial Control Systemsimpact on physical systems. Develop security solutions; system protection, intrusion detection, attack resilience Train](https://reader036.vdocuments.mx/reader036/viewer/2022081607/5ed37c3a847f87317f77bfc3/html5/thumbnails/18.jpg)
MSU ECE 8990 Smart Grid
![Page 19: Cyber Security Considerations for Industrial Control Systemsimpact on physical systems. Develop security solutions; system protection, intrusion detection, attack resilience Train](https://reader036.vdocuments.mx/reader036/viewer/2022081607/5ed37c3a847f87317f77bfc3/html5/thumbnails/19.jpg)
![Page 20: Cyber Security Considerations for Industrial Control Systemsimpact on physical systems. Develop security solutions; system protection, intrusion detection, attack resilience Train](https://reader036.vdocuments.mx/reader036/viewer/2022081607/5ed37c3a847f87317f77bfc3/html5/thumbnails/20.jpg)
![Page 21: Cyber Security Considerations for Industrial Control Systemsimpact on physical systems. Develop security solutions; system protection, intrusion detection, attack resilience Train](https://reader036.vdocuments.mx/reader036/viewer/2022081607/5ed37c3a847f87317f77bfc3/html5/thumbnails/21.jpg)
Cybersecurity Testing and Risk Assessment for Industrial Control Systems
Denial of Service
Known attacks
High volume traffic
Protocol mutation
Device Security
AssessmentSecurity features
Standards conformance
Port scan
Vulnerability scan
Confidentiality, Integrity
Password confidentiality
Password storage
Man-in-the-middle
•Many vulnerabilities identified and communicated to vendor and project partner.
![Page 22: Cyber Security Considerations for Industrial Control Systemsimpact on physical systems. Develop security solutions; system protection, intrusion detection, attack resilience Train](https://reader036.vdocuments.mx/reader036/viewer/2022081607/5ed37c3a847f87317f77bfc3/html5/thumbnails/22.jpg)
Identify vulnerabilities, implement attacks, investigate impact on physical systems.
Develop security solutions; system protection, intrusion detection, attack resilience
Train engineers and scientists for control systems security careers.
CyberSecurity
IndustrialControl
Systems
Critical Infrastructure Protection Center
![Page 23: Cyber Security Considerations for Industrial Control Systemsimpact on physical systems. Develop security solutions; system protection, intrusion detection, attack resilience Train](https://reader036.vdocuments.mx/reader036/viewer/2022081607/5ed37c3a847f87317f77bfc3/html5/thumbnails/23.jpg)