Upload
arnold-cooper
View
215
Download
0
Tags:
Embed Size (px)
Citation preview
WHAT IS IT?
• Normally a system that monitors behaviour of physical
processes and takes actions to correct those behaviors.
• Two Major Components
Cyber Process
• Network of tiny devices (like sensors)
• Can sense, compute, and communicate (wireless)
Physical Process
• Monitored by the cyber system
• Could be
i. naturally occurring phenomenon
ii. Man-made
iii. Combination of the two
Example Cyber-Physical Systems
• Temperature/Humidity Controlled Labs
• Sense Temperature
• Sense Humidity
• Act accordingly
ATTACKING
Areas to Attack• Physical and control (Physical)• Communication and Network
(Cyber)• Supervisory and Management
(Human)
Attack Types• Actuator • State• Data
Insert picture of six layer of hierarchical system
Green Lights Forever
• broadcast on a similar protocol as 802.11 (WLAN)• unencrypted• Controller setting may be configured in person or
cyber• default usernames and passwords
Drone Attacks
• Drones are basically flying computers
• Incredibly hard to detect drones
• Drone crash in Texas
STUXNET WORM
• targeting highly specialized industrial systems in critical high-security
infrastructures (at least 14 sites were infected).
• Modifying the code running in PLCs in order to make them deviate from
their expected behavior.
• Believed to had sponsorship from a nation-state, it has been suggested it
was United States and Israel
DETECTING AN ATTACK
• Cross-correlator
• technique to detect False Data Injection Attacks
• Intelligent Checker
• Layer 1: basic process control system
• Layer 2: alarm and operators
• Layer 3: safety instrumented systems
REFERENCESIEEE Control Systems Magazine Feb 2015 - Cyberphysical Security
Stuxnet Worm Impact on Industrial Cyber-Physical System Security, Stamatis Karnouskos SAP Research, Germany, IEEE 2011
The Real Story of Stuxnet, spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet Feb 2013
Countermeasures to Enhance Cyber-Physical System Security and Safety, Giedre Sabaliaukaite and Aditya P. Mathur, 2014 IEEE
Green Lights Forever: Analyzing the Security of Traffic Infrastructure, Branden Ghena, William Beyer, Allen Hillaker, Jonathan
Pevarnek, and J. Alex Halderman, 2014 Proceedings of the 8th USENIX Workshop on Offensive Technologies (WOOT)
REFERENCESSecurity Issues and Challenges for Cyber Physical System, Eric Ke Wang, Yunming Ye, Xiaofei Xu, S.M. Yiu, L.C.K. HUI, K.P.Chow,
2010 IEEE
Cyber-Physical Security via Geometric Control: Distributed Monitoring and Malicious Attacks, Fabio Pasqualetti, Florian Dörfler, and
Francesco Bullo, 2012 IEEE
Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon, Kim Zetter, 2014
http://www.brookings.edu/research/papers/2011/07/05-drones-villasenor