Deceptive Patch Solutions for Protecting Industrial Control Systems Based on Discovered Vulnerabilities

Abstract

An increase has been observed in concerns about cyber security threats in smart energy management on a global scale. Industrial Control Systems, or simply ICSs, are frequently present in industries and essential infrastructures, e.g., water treatment facilities, nuclear and thermal plants, heavy industries, power production, and distribution systems. ICS devices are high-risk targets for attacks and exploitation with significant security difficulties for ICS vendors and asset owners. Like many consumer electronics, industrial systems are susceptible to a bevy of vulnerabilities that hackers can exploit to launch cyber attacks. Extensive use of ICSs in Critical Infrastructures (CI) increases the vulnerability of CI to cyber attacks and makes their protection a critical subject. This study first contributes to a novel line of research considering how deception can be used by defenders in strategic terms with the objective of introducing uncertainty into an adversary’s perception of a system patch management process in order to protect ICSs. Thus, we mention the advantages of patch models to improve the vulnerabilities of ICSs. We explore deceptive patch management models for the purpose of providing better insight into developing future cyber security techniques for ICS attacks. We propose deceptive patch management solutions as case studies for common ICS attacks.