The more high risk components that can be compromised in an ICS, the greater the risk to the operator and value to the attacker. ICSs are not designed to ensure resilience against concerted attacks that intend to place components in dangerous operating states.
Most of the incidents were not malicious and most were not identified as being cyber. One of the first known cases of a cyberattack against ICSs in the critical infrastructure was the cyberattack against the Maroochy wastewater system in Australia in This attack was by a disgruntled employee, not a nation-state. It demonstrated several key points that were used in later nation-state attacks. It was an attack directly against the control systems not the IT network.
It was also done by a knowledgeable insider. Stuxnet and Aurora utilized these attributes.
Forget waiting for next-generation engineers. Digitalization, IIoT and…
Arguably the most famous ICS cyberattack was Stuxnet. Stuxnex was a sophisticated, nation-state cyberattack targeting the control systems in industrial infrastructure. Stuxnet bypassed the engineered protective components control and safety systems to execute unauthorized commands compromising the integrity of the system into a dangerous operational state.
Stuxnet was not malware in the normal sense and therefore would not have been detected by IT defenses. The Stuxnet code consisted of controller-generic software, software specific to Siemens, and software specific to the target centrifuges. Consequently, the underlying infrastructure of Stuxnet can be applied to any industrial process compromising any ICS vendor. It was ongoing for more than a year with the attack being masked before it was identified as being cyber-related.
- Log in to Wiley Online Library.
- Industrial Control System - Definition - Trend Micro USA.
- INDUSTRIAL CONTROL SYSTEM CYBER SECURITY AND THE CRITICAL INFRASTRUCTURES?
- How to protect industrial control systems from cyber attacks;
- Lesson Plans Shadow & Claw.
- The Ultimate Joe Montana Fun Fact And Trivia Book.
The electric engineering community has known for more than years that connecting Alternating Current AC equipment out-of-phase with the electric grid can cause damage to the equipment. The Aurora vulnerability is the name for a class of electric system power line attacks that manipulate physical forces to do damage through manipulation of substation protective relays. It is also not malware and therefore would not be detected by IT defenses.
Until the March test at the Idaho National Laboratory INL named Aurora," most people in industry felt that the out-of-phase condition could only be caused by accident not by malicious attacks. The INL Aurora test was an intentional cyberattack that destroyed a large diesel generator. The Aurora test was not a traditional hack, but a demonstration that cyberconditions could lead to physical equipment damage.
In the case of the Aurora demonstration, the relays were opened and closed using cybermeans to exploit the physical gap in protection of the electric grid. The Aurora vulnerability occurs when the substation protective relay devices think of your fuses in your home circuit box are opened and then reclosed out-of-phase that is, the sine waves do not line-up with the electric system. This out-of-phase condition results in physical damage to any Alternating Current AC rotating equipment such as generators and induction motors and potentially to transformers connected to the substation.
However, the North American electric utilities have been very slow to employ the appropriate hardware protection making the DHS disclosure even more disconcerting. Recent studies have demonstrated that many protective relays can be hacked leading to potential Aurora or other significant grid disturbances. In December , the Ukrainian electric grid was cyberattacked and more than , customers lost power. The power outage was caused by remotely opening the protective relays — step 1 of Aurora. The operation grid was restored within hours because the Ukrainian operators were still used to operating the grid in a manual manner.
The cyberattacker looks at the facility and its ICSs in a holistic way, identifying physical vulnerabilities of the controllers and the process and ways to exploit such vulnerabilities by digital manipulations. There are very few people with the expertise to understand the physical process being controlled, the control system domain with its unique design features, and the exploitation of IT vulnerabilities.
See a Problem?
Targeted ICS attacks such as Stuxnet and Aurora exploit the legitimate product or system design features. The culture gap that exists between the IT organization and the control system organizations exacerbate the physical threats in attempting to secure ICSs. This coordination is necessary in order to insure that the ICSs react to the faults that occur in their zone. However, cases occur where other ICSs affect not only their zone of equipment when they operate but other zones of equipment controlled by other ICSs causing cascading effects.
Another aspect of ICSs is their connection to communication equipment that sends and receives information and commands to operate the ICSs. SCADA equipment usually resides at an operation center where system operators monitor the ICSs and operate them when system conditions warrant it. This condition would allow the attacker the ability to operate all ICSs causing a broader and more far reaching effect on system operations.
Modern industrial systems operate with standard ICSs from a few vendors roughly half internationally-based and half US-based with similar architectures, similar training, and often even the same default passwords.
- Gibbons Gables!
- Sallys Australian Journal 2009!
- Fast Food Eddy: The Collection (Stories 1 to 4)?
- Industrial Control Systems Security Solutions in Manufacturing Quadrant.
- Industrial Control System;
This has implications that are much more important than the increasing network connectivity that is often identified as the biggest ICS security problem. Additionally, the control system designs generally lack the cybersecurity requirements and engineering hardware and software to be able to protect against the many failure modes related to attacks by hackers, unintentional failures due to increased complexity.
Although Stuxnet was only designed to attack certain systems, it is the design approach Stuxnet used that is novel and long lasting. As mentioned previously, much of the Stuxnet approach is generic and can be applied to any ICS from any manufacturer against any process. As the same ICSs are used across multiple industries, it means that a compromise of the ICS features in systems in one facility or industry can affect all facilities or industries that utilize those systems and devices. More often than not, physical vulnerabilities for a production process and plant configuration have been known for a long time.
To target specific damage or destruction, it is necessary to understand the process. I gave a presentation at a major petrochemical organization and asked their ICS experts what they could do if they wanted to create damage. The looks on their faces ranged from blank stares, to looks of horror, to snide grins as this question was not what they were taught to consider.
Instead, the attacker can be confident that those vulnerabilities i. To create significant physical damage, it generally takes compromising both the ICS that optimizes the process and the safety systems which are used to prevent damage to equipment and people.
However, these features were not designed to withstand a cyberattack. The Stuxnet attack bypassed the automated safety systems and prevented the manual safety systems from being initiated.
Survey of Industrial Control Systems Security
Aurora uses the safety systems to produce the targeted attack. Critical infrastructure systems such as turbine and substation controls and their vulnerabilities are much more well-known than the centrifuges attacked by Stuxnet. One other point is that cascading failures of the electric grid were viewed as a worst case. An example of a cascading outage was the Northeast Blackout that lasted two to three days.
Cyberthreats, however, provide the ability to both damage equipment and attack multiple locations leading to extended long-term outages with the need to replace or repair long-lead time equipment. While ICS security has discussed the insider threat for many years, insiders who unwittingly create cybervulnerabilities or deploy cyberweapons generally have not been addressed. Obviously, they play a much more important role than the very small subset of insiders that may have malicious intentions. There is very little guidance available to others such as system integrators.
However, system integrators are often used to implement new designs and to upgrade older legacy designs. This becomes a very important issue with older legacy systems where the original vendor is no longer supporting its products and consequently is unaware of how its systems are being reconfigured.
Cyber Security: Securing of Industrial Control Systems
Unintentional cases include implementing network interfaces with other networks that were supposed to be isolated; connecting IT systems to ICSs that were not previously identified as being connected; implementing dial-up or wireless access to ICSs that were supposed to be isolated; connecting compromised laptops or USB devices also known as thumb drives to ICS networks.
Three examples where insiders unknowingly created cybervulnerabilities resulting in significant impacts were the Plant Hatch nuclear plant shutdown, the Florida outage, and the San Bruno, Calif. Stuxnet itself is a case where the system integrator is thought to have unintentionally inserted the malicious malware. Protecting ICSs requires a combination of appropriate cybersecurity technologies, segmented architecture, and detailed understanding of the overall systems at any point in time.
However, improving cyber security remains a constant and evolving challenge. A cyber attack can result in significant loss through production or process downtime or disruption, as well as damage to equipment and infrastructure. Most agencies and end users have taken some steps to protect against cyber attacks, but eliminating vulnerabilities requires overcoming various obstacles, such as:. To help address these barriers, many agencies are partnering with solutions providers to help improve security in both new and existing systems. How to protect industrial control systems from cyber attacks.