Impact of Network Infrastructure Parameters to the Effectiveness of Cyber Attacks Against Industrial Control Systems

Authors

  • Béla Genge Institute for the Protection and Security of the Citizen European Commission, Joint Research Centre
  • Christos Siaterlis Institute for the Protection and Security of the Citizen European Commission, Joint Research Centre Via E. Fermi, 21027, Ispra (VA), Italy
  • Marc Hohenadel Institute for the Protection and Security of the Citizen European Commission, Joint Research Centre Via E. Fermi, 21027, Ispra (VA), Italy

Keywords:

cyber attacks, Industrial Control Systems, SCADA, security

Abstract

The fact that modern Networked Industrial Control Systems (NICS) depend on Information and Communication Technologies (ICT), is well known. Although many studies have focused on the security of SCADA systems, today we still lack the proper understanding of the effects that cyber attacks have on NICS. In this paper we identify the communication and control logic implementation parameters that influence the outcome of attacks against NICS and that could be used as effective measures for increasing the resilience of industrial installations. The implemented scenario involves a powerful attacker that is able to send legitimate Modbus packets/commands to control hardware in order to bring the physical process into a critical state, i.e. dangerous, or more generally unwanted state of the system. The analysis uses a Boiling Water Power Plant to show that the outcome of cyber attacks is influenced by network delays, packet losses, background traffic and control logic scheduling time. The main goal of this paper is to start an exploration of cyber-physical effects in particular scenarios. This study is the first of its kind to analyze cyber-physical systems and provides insight to the way that the cyber realm affects the physical realm.

Author Biography

Béla Genge, Institute for the Protection and Security of the Citizen European Commission, Joint Research Centre

Department of Mathematics and Computer Science

References

S. East, J. Butts, M. Papa, S. Shenoi, A Taxonomy of Attacks on the DNP3 Protocol, in Proceedings of IFIP Advances in Information and Communication Technology, 311:67-81, 2009.

T.C. Aseri, N. Singla, Enhanced Security Protocol in Wireless Sensor Networks, International Journal of Computers Communications & Control, 6(2):214-221, 2011.

The Symantec Stuxnet Dossier, 2010, http://www.wired.com/images_blogs/threatlevel/2010/11/w32_stuxnet_dossier.pdf

A.S. Brown, SCADA vs. the Hackers - Can Freebie Software and a Can of Pringles Bring Down the U.S. Power Grid?, Mechanical Engineering, 124(12), 2002.

I. Nai Fovino, M. Masera, L. Guidi, G. Carpi, An Experimental Platform for Assessing SCADA Vulnerabilities and Countermeasures in Power Plants, in Proceedings of Human System Interactions, pp. 679-686, 2010.

I. Nai Fovino, A. Carcano, T. De Lacheze Murel, M. Masera, A. Trombetta, Distributed Critical State Detection System for Industrial Protocols, in Proceedings of IFIP International Conference on Critical Infrastructure Protection, pp. 95-110, 2010.

B. Genge, C. Siaterlis, I. Nai Fovino, M. Masera, A Cyber-Physical Experimentation Environment for the Security Analysis of Networked Industrial Control Systems, Computers & Electrical Engineering, In Press, 2012. http://dx.doi.org/10.1016/j.compeleceng.2012.06.015

B. White, J. Lepreau, L. Stoller, R. Ricci, S. Guruprasad, M. Newbold, M. Hibler, C. Barb, A. Joglekar, An Integrated Experimental Environment for Distributed Systems and Networks, in Proceedings of the 5th symposium on Operating systems design and implementation, pp. 255-270, 2002. http://dx.doi.org/10.1145/1060289.1060313

C. Siaterlis, A. Garcia, B. Genge, On the Use of Emulab Testbeds for Scientifically Rigorous Experiments, IEEE Communications Surveys & Tutorials, PP(99):1-14, 2012.

R.D. Bell, K.J. Åström, Dynamic Models for Boiler-Turbine Alternator Units: Data Logs and Parameter Estimation for a 160MW Unit, Lundt Institute of Technology, Report TFRT- 3192, Sweden, 1987.

L. Rizzo, Dummynet: A Simple Approach to the Evaluation of Network Protocols, ACM Computer Communication Review, 27(1):31-41, 1997. http://dx.doi.org/10.1145/251007.251012

M Carbone, L. Rizzo, Dummynet Revisited, ACM SIGCOMM Computer Communication Review, 40(2):12-20, 2010. http://dx.doi.org/10.1145/1764873.1764876

NLANR/DAST, Iperf: The TCP/UDP Bandwidth Measurement Tool, http://sourceforge.net/projects/iperf/

W. Tan, H.J. Marquez, T. Chen, J. Liu, Analysis and Control of a Nonlinear Boiler-Turbine Unit, Journal of Process Control, Elsevier, 15(8):883-891, 2005. http://dx.doi.org/10.1016/j.jprocont.2005.03.007

C. Queiroz, A. Mahmood, J. Hu, Z. Tari, X. Yu, Building a SCADA Security Testbed, in Proceedings of the International Conference on Network and System Security, pp. 357-364, 2009.

C.M. Davis, J.E. Tate, H. Okhravi, C. Grier, T.J. Overbye, D. Nicol, SCADA Cyber Security Testbed Development, in Proceedings of the North American Power Symposium, pp. 483-488, 2006.

R. Chabukswar, B. Sinopoli, G. Karsai, A. Giani, H. Neema, A. Davis, Simulation of Network Attacks on SCADA Systems, First Workshop on Secure Control Systems, April, 2010.

A. Cárdenas, S. Amin, Z.S. Lin, Y.L. Huang, Chi-Y. Huang, S. Sastry, Attacks Against Process Control Systems: Risk Assessment, Detection, and Response, in Proceedings of the ACM Symposium on Information, Computer and Communications Security, pp. 355-366, 2011.

Published

2014-09-16

Most read articles by the same author(s)

Obs.: This plugin requires at least one statistics/report plugin to be enabled. If your statistics plugins provide more than one metric then please also select a main metric on the admin's site settings page and/or on the journal manager's settings pages.