Richard Candell

Limiting the Impact of Stealthy Attacks on Industrial Control Systems

While attacks on information systems have for most practical purposes binary outcomes (information was manipulated/eavesdropped, or not), attacks manipulating the sensor or control signals of Industrial Control Systems (ICS) can be tuned by the attacker to cause a continuous spectrum in damages. Attackers that want to remain undetected can attempt to hide their manipulation of the system by following closely the expected behavior of the system, while injecting just enough false information at each time step to achieve their goals. In this work, we study if attack-detection can limit the impact of such stealthy attacks. We start with a comprehensive review of related work on attack detection schemes in the security and control systems community. We then show that many of those works use detection schemes that are not limiting the impact of stealthy attacks. We propose a new metric to measure the impact of stealthy attacks and how they relate to our selection on an upper bound on false alarms. We finally show that the impact of such attacks can be mitigated in several cases by the proper combination and configuration of detection schemes. We demonstrate the effectiveness of our algorithms through simulations and experiments using real ICS testbeds and real ICS systems.

Towards a systematic threat modeling approach for cyber-physical systems

Cyber-Physical Systems (CPS) are systems with seamless integration of physical, computational and networking components. These systems can potentially have an impact on the physical components, hence it is critical to safeguard them against a wide range of attacks. In this paper, it is argued that an effective approach to achieve this goal is to systematically identify the potential threats at the design phase of building such systems, commonly achieved via threat modeling. In this context, a tool to perform systematic analysis of threat modeling for CPS is proposed. A real-world wireless railway temperature monitoring system is used as a case study to validate the proposed approach. The threats identified in the system are subsequently mitigated using National Institute of Standards and Technology (NIST) standards.

A Survey of Physics-Based Attack Detection in Cyber-Physical Systems

Monitoring the “physics” of cyber-physical systems to detect attacks is a growing area of research. In its basic form, a security monitor creates time-series models of sensor readings for an industrial control system and identifies anomalies in these measurements to identify potentially false control commands or false sensor readings. In this article, we review previous work on physics-based anomaly detection based on a unified taxonomy that allows us to identify limitations and unexplored challenges and to propose new solutions.

Effects of wireless packet loss in industrial process control systems

Timely and reliable sensing and actuation control are essential in networked control. This depends on not only the precision/quality of the sensors and actuators used but also on how well the communications links between the field instruments and the controller have been designed. Wireless networking offers simple deployment, reconfigurability, scalability, and reduced operational expenditure, and is easier to upgrade than wired solutions. However, the adoption of wireless networking has been slow in industrial process control due to the stochastic and less than 100% reliable nature of wireless communications and lack of a model to evaluate the effects of such communications imperfections on the overall control performance. In this paper, we study how control performance is affected by wireless link quality, which in turn is adversely affected by severe propagation loss in harsh industrial environments, co-channel interference, and unintended interference from other devices. We select the Tennessee Eastman Challenge Model (TE) for our study. A decentralized process control system, first proposed by N. Ricker, is adopted that employs 41 sensors and 12 actuators to manage the production process in the TE plant. We consider the scenario where wireless links are used to periodically transmit essential sensor measurement data, such as pressure, temperature and chemical composition to the controller as well as control commands to manipulate the actuators according to predetermined setpoints. We consider two models for packet loss in the wireless links, namely, an independent and identically distributed (IID) packet loss model and the two-state Gilbert-Elliot (GE) channel model. While the former is a random loss model, the latter can model bursty losses. With each channel model, the performance of the simulated decentralized controller using wireless links is compared with the one using wired links providing instant and 100% reliable communications. The sensitivity of the controller to the burstiness of packet loss is also characterized in different process stages. The performance results indicate that wireless links with redundant bandwidth reservation can meet the requirements of the TE process model under normal operational conditions. When disturbances are introduced in the TE plant model, wireless packet loss during transitions between process stages need further protection in severely impaired links. Techniques such as retransmission scheduling, multipath routing and enhanced physical layer design are discussed and the latest industrial wireless protocols are compared.

Industrial wireless: Problem space, success considerations, technologies, and future direction

The use of wireless technologies within factories demands a comprehensive understanding of the problems and potential solutions associated with the rigors of the manufacturing environment. A clearly defined problem space would significantly ease the selection and deployment of appropriate wireless solutions to connected factory systems. A mapping of potential technologies to classes of use cases within the problem space will be useful to factory operators, system integrators, and wireless systems manufacturers. Identification of use cases, not addressed by existing technologies, may be used to spur targeted innovation where reliability, resilience, latency, and scalability are joint concerns. Motivated by the industry need for independent practical guidelines and solutions to difficult wireless control problems, this paper provides a classification of the problem categories where networking technologies may be deployed. It then maps specific technologies that may serve as interim or terminal solutions for those use cases identified within the problem space taxonomy.

Performance evaluation of secure industrial control system design: A railway control system case study

Industrial control systems (ICS) are composed of sensors, actuators, control processing units, and communication devices all interconnected to provide monitoring and control capabilities. Due to the integral role of the networking infrastructure, such systems are vulnerable to cyber attacks. Indepth consideration of security and resilience and their effects to system performance are very important. This paper focuses on railway control systems (RCS), an important and potentially vulnerable class of ICS, and presents a simulation integration platform that enables (1) Modeling and simulation including realistic models of cyber and physical components and their interactions, as well as operational scenarios that can be used for evaluations of cybersecurity risks and mitigation measures and (2) Evaluation of performance impact and security assessment of mitigation mechanisms focusing on authentication mechanisms and firewalls. The approach is demonstrated using simulation results from a realistic RCS case study.

A simulation framework for industrial wireless networks and process control systems

Factory and process automation systems are increasingly employing information and communications technologies to facilitate data sharing and analysis in integrated control operations. Wireless connections provide flexible access to a variety of field instruments and reduce network installation and maintenance costs. This serves as an incentive for the adoption of industrial wireless networks based on standards such as the WirelessHART and ISA100.11a in factory control systems. However, process control systems vary greatly and have diverse wireless networking requirements in different applications. These requirements include deterministic transmissions in the shared wireless bandwidth, low-cost operation, long-term durability, and high reliability in the harsh radio propagation environment. It is an open question whether a generic wireless technology would meet the requirements of industrial process control. In this paper, we propose a novel simulation framework for performance evaluation of wireless networks in factory and process automation systems. We select a typical process control plant model, specifically the Tennessee Eastman Challenge (TE) Model, and define the interfaces between the process simulator and the wireless network simulator. We develop a model of the protocol stack of the WirelessHART specification in the OMNET++ simulation engine as a typical industrial wireless network. We present simulation results that validate the prospect of using WirelessHART in the TE plant, and we evaluate the impact of various wireless network configurations on the plant operation. Given its modular design, the proposed simulation framework can be easily used to evaluate the performance of other industrial wireless networks in conjunction with a variety of process control systems.

Software-defined radio based measurement platform for wireless networks

End-to-end latency is critical to many distributed applications and services that are based on computer networks. There has been a dramatic push to adopt wireless networking technologies and protocols (such as WiFi, ZigBee, WirelessHART, Bluetooth, ISA100.11a, etc.) into time-critical applications. Examples of such applications include industrial automation, telecommunications, power utility, and financial services. While performance measurement of wired networks has been extensively studied, measuring and quantifying the performance of wireless networks face new challenges and demand different approaches and techniques. In this paper, we describe our work in progress of designing a measurement platform based on the technologies of software-defined radio (SDR) and IEEE 1588 Precision Time Protocol (PTP) for evaluating the performance of wireless networks.

Channel modeling and performance of Zigbee radios in an industrial environment

In this paper we describe measurements of wireless propagation characteristics to develop path loss models in industrial environments. The models for path loss we develop are two-slope models in which the path loss is a piecewise linear relation with the log distance. That is, the path loss is a inverse power law with two regions, two exponents and a break point, that are optimized to find the best fit to the measured data. Second, the multipath power delay profile is determined. We use a reference measurement and the CLEAN algorithm for processing the measurements in order to determine an estimate for the impulse response of the channel. From this the delay spread of the channel can be determined. Finally we discuss the performance of Zigbee receivers. We compare the performance of different receiver structures for the O-QPSK type of modulation used as one Zigbee physical layer.

Events for the application of measurement science to evaluate ground, aerial, and aquatic robots

This paper reports on three measurement science field exercises for evaluating ground, aerial, and aquatic robots. These events, conducted from February to June 2017, were conducted in close co-ordination with the responder community, standards organizations, manufacturers, and academia. Test data from a wide variety of robot platforms were gathered in a wide variety of standard and prototypical test methods ranging from mobility and manipulation to sensors and endurance.