Insider attacks are one of the most serious threats for cyber-physical systems, they have potentials to inflict destructive damages on physical processes while remaining stealthy. This study dissects several insider attacks by examining their modes of data tampering. To set the scene, a general framework of a cyber-physical system is constructed, a pattern characterising insider attacks is introduced in the form of attack goals, resources, constraints, modes, and attack paths. The conditions under which the attackers can maintain stealthy are examined in both temporal and spatial domains. With the inside knowledge, an attacker can use an attack graph to exploit system vulnerabilities and determine the high impact targets. To demonstrate the effectiveness of this analysis, a cyber-physical system is constructed by using networks and a nuclear process control test facility with ports deliberately left open for attackers. Two attack scenarios are staged, and their characteristics and impacts are examined. This case study demonstrates how an insider attacker might mount an attack by using data tampering and how they can maintain stealthy before major damages are done to the physical system. The significance of this study is to uncover the techniques of insider attackers so that vulnerabilities can be mended.
Read full abstract