A Recursive Watermark Method for Hard Real-Time Industrial Control System Cyber-Resilience Enhancement

Abstract

Cybersecurity is of vital importance to industrial control systems (ICSs), such as ship automation, manufacturing, building, and energy automation systems. Many control applications require hard real-time channels, where the delay and jitter are in the levels of milliseconds or less. To the best of our knowledge, no encryption algorithm is fast enough for hard real-time channels of existing industrial fieldbuses and, therefore, made mission-critical applications vulnerable to cyberattacks, e.g., delay and data injection attacks. In this article, we propose a novel recursive watermark (RWM) algorithm for hard real-time control system data integrity validation. Using a watermark key, a transmitter applies watermark noise to hard real-time signals and sends through the unencrypted hard real-time channel. The same key is transferred to the receiver by the encrypted nonreal-time channel. With the same key, the receiver can detect if the data have been modified by the attackers and take action to prevent catastrophic damages. We provide analysis and methods to design proper watermark keys to ensure reliable attack detection. We use a ship propulsion control system for the simulation-based case study, where our algorithm smoothly shuts down the system after attacks. We also evaluated the algorithm speed on a Siemens S7-1500 programmable logic controller (PLC). This hardware experiment demonstrated that the RWM algorithm takes about $2.8~\mu \text{s}$ to add or validate the watermark noise on one sample data point. As a comparison, common cryptic hashing algorithms can hardly process a small data set under 100 ms. The proposed RWM is about 32 to 1375 times faster than the standard approaches. Note to Practitioners —It is widely believed that the emerging Internet-of-Things (IoT) technologies will seamlessly connect countless smart devices, profoundly change the industry. Traditionally, field devices within the feedback control loops are isolated from the Internet by secure gateways. In the future, field devices will connect to the Internet in a more direct manner. To the best of our knowledge, no encryption algorithm is fast enough for hard real-time channels of existing industrial fieldbuses and, therefore, made mission-critical applications vulnerable to cyberattacks. We propose a novel recursive watermark (RWM) algorithm for hard real-time control system data integrity validation. This article serves industry practitioners in three ways. First, it is a timely caution to industrial IoT (IIoT) pilot users on the security challenges in real-time channels. Once a compromised edge device is connected to a field device, attackers have unlimited means to jeopardize valuable assets. In this article, we gave an example where attackers may damage shipboard assets by introducing millisecond-level delays. Second, since hard real-time encryption is not available, we propose a detour solution. With the proposed algorithm, even attackers may read the content in the real-time channel, and they cannot change it without being detected. We implemented the real-time RWM algorithms in structured control language (SCL) and tested on a Siemens S7-1500 programmable logic controller (PLC). Third, we provide theoretical analysis as design guidelines for practitioners to set up or customize the RWM algorithm per their specific applications.