Industrial Control Systems Research Articles

Quantized attack-resilient control for Markov jump systems with sensor and actuator attacks

With the networking of control systems, cyberattacks on industrial control systems are becoming more and more frequent. In this study, the quantized attack-resilient control problem for Markov jump systems with sensor and actuator attacks and partly unknown transition rates was investigated. In the existing work, the forms of attack signals are mostly assumed directly. In order to release these assumptions, the mode-dependent monitor and logarithmic quantizer are designed to obtain the forms of attack signals and their constraints. Based on the constraints of attack signals, an adaptive filter is proposed to estimate the real system outputs, which are attacked by cyberattacks. Then, the adaptive compensator and quantized attack-resilient controller are designed to guarantee stochastic stability and [Formula: see text] performance. Benefiting from the quantized attack-resilient control strategy, the proposed method can well combat the attacks, not only reducing the impact of the attacks, but also constraining the attack signals. Finally, an application example is presented to illustrate the obtained results.

Impact of ransomware on industrial control systems in the oil and gas sector: Security challenges and strategic mitigations

Impact of ransomware on industrial control systems in the oil and gas sector: Security challenges and strategic mitigations

Reconfigurable and Scalable Honeynet forCyber-physical Systems

Industrial Control Systems (ICS) constitute the backbone of contemporary industrial operations, ranging from modest heating, ventilation, and air conditioning systems to expansive national power grids. Given their pivotal role in critical infrastructure, there has been a concerted effort to enhance security measures and deepen our comprehension of potential cyber threats within this domain. To address these challenges, numerous implementations of Honeypots and Honeynets intended to detect and understand attacks have been employed for ICS. This approach diverges from conventional methods by focusing on making a scalable and reconfigurable honeynet for cyber-physical systems. It will also automatically generate attacks on the honeynet to test and validate it. With the development of a scalable and reconfigurable Honeynet and automatic attack generation tools, it is also expected that the system will serve as a basis for producing datasets for training algorithms for detecting and classifying attacks in cyberphysical honeynets.

Deep one-class classification model assisted by radius constraint for anomaly detection of industrial control systems

Anomaly detection of industrial control systems (ICS) based on sensor data analytic is of utmost importance because ICS may suffer from various attacks leading to anomaly behaviors and even equipment failures. As an emerging deep learning technique, deep support vector data description (DeSVDD) has been successfully applied to ICS anomaly detection. Its advantage lies in only requiring normal data to train one-class classifier, which is suitable for actual industrial scenarios with extremely data imbalance of abundant normal data and scare abnormal data. However, this also results in its shortcoming of ignoring the valuable classification information hidden in the abnormal data. In order to overcome this issue, this paper proposes an improved DeSVDD method, called radius constraint DeSVDD (RC-DeSVDD). The proposed model constructs an anomaly detection model framework of abnormal data assisted DeSVDD, where a radius constraint is designed by considering the difference between normal and abnormal data. Further, considering the limited amount of abnormal data, a bi-directional generative adversarial network (BiGAN) is introduced to generate abnormal data. Experimental results on three benchmark datasets demonstrate the superiority of the proposed RC-DeSVDD anomaly detection method.

Beyond botnets: Autonomous Firmware Zombie Attack in industrial control systems

Beyond botnets: Autonomous Firmware Zombie Attack in industrial control systems

Leveraging Swarm Intelligence for Invariant Rule Generation and Anomaly Detection in Industrial Control Systems

Industrial control systems (ICSs), which are fundamental to the operation of critical infrastructure, face increasingly sophisticated security threats due to the integration of information and operational technologies. Conventional anomaly detection techniques often lack the ability to provide clear explanations for their detection, and their inherent complexity can impede practical implementation in the resource-constrained environments typical of ICSs. To address these challenges, this paper proposes a novel approach that leverages swarm intelligence algorithms for the extraction of numerical association rules, specifically designed for anomaly detection in ICS. The proposed approach is designed to effectively identify and precisely localize anomalies by analyzing the states of sensors and actuators. Experimental validation using the Secure Water Treatment (SWaT) dataset demonstrates that the proposed approach can detect over 84% of attack instances, with precise anomaly localization achievable by examining as few as two to six sensor or actuator states. This significantly improves the efficiency and accuracy of anomaly detection. Furthermore, since the method is based on the general control dynamics of ICSs, it demonstrates robust generalization, making it applicable across a wide range of industrial control systems.

Winning the battle with cyber risk identification tools in industrial control systems: A review

AbstractThe modern Industrial Control System (ICS) environment now combines information technology (IT), operational technology, and physical processes. This digital transformation enhances operational efficiency, service quality, and physical system capabilities enabling systems to measure and control the physical world. However, it also exposes ICS to new and evolving cybersecurity threats that were once confined to the IT domain. As a result, identifying cyber risks in ICS has become more critical, leading to the development of new methods and tools to tackle these emerging threats. This study reviews some of the latest tools for cyber‐risk identification in ICS. It empirically analyses each tool based on specific attributes: focus, application domain, core risk management concepts, and how they address current cybersecurity concerns in ICS.

Minimising cybersecurity risk exposures in industrial control system environments: a techno-human vulnerability analysis approach

ABSTRACT Organisations operating IoT-enabled industrial control systems (ICSs) are concerned about growing cybersecurity risks and impacts to their systems. Cyber-attacks on ICSs demonstrate that technology alone is neither a problem nor a solution to the growing cybersecurity issues affecting these systems. As socio-technical systems, ICSs encompass the functions and interactions of social and technological system elements to enable and/or sustain industrial processes. Thus, a more effective cybersecurity risk management process needs to consider human and technology factors, especially for high-value industrial process targets. Combining critical reviews and gap analysis of existing vulnerability assessment methods with conceptual modelling, a Vulnerability Analysis Critical Impact Point Process (VACIP) methodology is proposed which considers both human and technological vulnerabilities within a cyber-physical system environment to inform an improved insight about attack criticality and impacts. VACIP is validated using a simulated industrial mini testbed; showing that it can enable practicable support for security vulnerability discovery, impact criticality analysis, weak link identification, and prioritised controls. Its novelty is demonstrated in its combination of technology and human vulnerability evaluations in the minimisation of system security exposures. It provides a useful guide for adopting effective cybersecurity risk assessment and exposure reduction strategies.

Adaptive Industrial Control Systems via IEC 61499 and Runtime Enforcement

This work envisions industrial control systems that can reliably adapt to requirements. We rely on the international standard IEC 61499 to achieve this goal. The standard allows downtimeless system evolution such that an application can be modified at runtime to satisfy the requirements. However, an IEC 61499 application consisting of multiple Function Blocks (FBs) can be modified in many different ways, such as inserting or deleting FBs, creating new FBs with their respective internal behaviours and adjusting the connections between FBs. These changes require considerable effort and cost, and there is no guarantee to satisfy the requirements. This article applies runtime enforcement techniques for supporting adaptive IEC 61499 applications. This set of techniques can modify the runtime behaviour of a system according to specific requirements. Our approach begins with specifying the requirements as a state machine-based notation called contract automaton. This automaton is then used to synthesise an enforcer as an FB. Finally, the new FB is integrated into the application to execute according to the requirements. A tool support is developed to automate the approach. Experiments were performed to evaluate the performance of enforcers by measuring the execution time of several applications before and after the integration of enforcers.

Network-Based Intrusion Detection for Industrial and Robotics Systems: A Comprehensive Survey

In the face of rapidly evolving cyber threats, network-based intrusion detection systems (NIDS) have become critical to the security of industrial and robotic systems. This survey explores the specialized requirements, advancements, and challenges unique to deploying NIDS within these environments, where traditional intrusion detection systems (IDS) often fall short. This paper discusses NIDS methodologies, including machine learning, deep learning, and hybrid systems, which aim to improve detection accuracy, adaptability, and real-time response. Additionally, this paper addresses the complexity of industrial settings, limitations in current datasets, and the cybersecurity needs of cyber–physical Systems (CPS) and Industrial Control Systems (ICS). The survey provides a comprehensive overview of modern approaches and their suitability for industrial applications by reviewing relevant datasets, emerging technologies, and sector-specific challenges. This underscores the importance of innovative solutions, such as federated learning, blockchain, and digital twins, to enhance the security and resilience of NIDS in safeguarding industrial and robotic systems.

A Reconfigurable Architecture for Industrial Control Systems: Overview and Challenges

The closed architecture and stand-alone operation model of traditional industrial control systems limit their ability to leverage ubiquitous infrastructure resources for more flexible and intelligent development. This restriction hinders their ability to rapidly, economically, and sustainably respond to mass customization demands. Existing proposals for open and networked architectures have failed to break the vicious cycle of closed architectures and stand-alone operation models because they do not address the core issue: the tight coupling among the control, infrastructure, and actuator domains. This paper proposes a reconfigurable architecture that decouples these domains, structuring the control system across three planes: control, infrastructure, and actuator. The computer numerical control (CNC) system serves as a primary example to illustrate this reconfigurable architecture. After reviewing open and networked architectures and discussing the characteristics of this reconfigurable architecture, this paper identifies three key challenges: deterministic control functionality, the decoupling of control modules from infrastructures, and the management of control modules, infrastructures, and actuators. Each challenge is examined in detail, and potential solutions are proposed based on emerging technologies.

A Security Situation Prediction Model for Industrial Control Network Based on Explainable Belief Rule Base

Industrial Control Systems (ICSs) are vital components of industrial production, and their security posture significantly impacts operational safety. Given that ICSs frequently interact with external networks, cyberattacks can disrupt system symmetry, thereby affecting industrial processes. This paper aims to predict the network security posture of ICSs to ensure system symmetry. A prediction model for the network security posture of ICSs was established utilizing Evidence Reasoning (ER) and Explainable Belief Rule Base (BRB-e) technologies. Initially, an evaluation framework for the ICS architecture was constructed, integrating data from various layers using ER. The development of the BRB prediction model requires input from domain experts to set initial parameters; however, the subjective nature of these settings may reduce prediction accuracy. To address this issue, an ICS network security posture prediction model based on the Explainable Belief Rule Base (BRB-e) was proposed. The modeling criteria for explainability were defined based on the characteristics of the ICS network, followed by the design of the inference process for the BRB-e prediction model to enhance accuracy and precision. Additionally, a parameter optimization method for the explainable BRB-e prediction model is presented using a constrained Projection Equilibrium Optimization (P-EO) algorithm. Experiments utilizing industrial datasets were conducted to validate the reliability and effectiveness of the prediction model. Comparative analyses indicated that the BRB-e model demonstrates distinct advantages in both prediction accuracy and explainability when compared to other algorithms.

Using machine learning to detect network intrusions in industrial control systems: a survey

Using machine learning to detect network intrusions in industrial control systems: a survey

A Security Posture Assessment of Industrial Control Systems Based on Evidential Reasoning and Belief Rule Base.

With the rapid advancements in information technology and industrialization, the sustainability of industrial production has garnered significant attention. Industrial control systems (ICS), which encompass various facets of industrial production, are deeply integrated with the Internet, resulting in enhanced efficiency and quality. However, this integration also introduces challenges to the continuous operation of industrial processes. This paper presents a novel security assessment model for ICS, which is based on evidence-based reasoning and a library of belief rules. The model consolidates diverse information within ICS, enhancing the accuracy of assessments while addressing challenges such as uncertainty in ICS data. The proposed model employs evidential reasoning (ER) to fuse various influencing factors and derive security assessment values. Subsequently, a belief rule base is used to construct an assessment framework, grounded in expert-defined initial parameters. To mitigate the potential unreliability of expert knowledge, the chaotic mapping adaptive whale optimization algorithm is incorporated to enhance the model's accuracy in assessing the security posture of industrial control networks. Finally, the model's effectiveness in security assessment was validated through experimental results. Comparative analysis with other assessment models demonstrates that the proposed model exhibits superior performance in ICS security assessment.

Smart Grids Excellence – Cybersecurity in Empowering Digital Transformation

This paper is intended to elaborate on the 4th Industrial Revolution (Industry 4.0) that will alter and shift technologies and the utilities sector. Alongside advanced Cybersecurity technologies to be aligned with the need for more resilience and secured environments that empower digital transformation. Where we explore the drivers and applications of Cybersecurity considering 4thIR as an engine of digital transformation, that is governed and measured by complying with digital transformation rules, flowing from modern technology to the evolution where the quality of life is measured by its speed, energy, and security. As such, Industrial Control Systems (ICS) are a solid infrastructure for such a digital transformation. As the acceleration of cyberattacks are becoming more sophisticated, a well Cybersecurity strategies must be applied. Furthermore, we propose advanced Cybersecurity solutions for the smart grid that can be addressed by the efficiency of the Next Generation (SOC) and the utilization of Distributed Ledger Technology (DLT).

The combustion biased dual cross-limited control strategy for industrial boiler furnaces

Abstract The combustion process in boilers is a crucial aspect of industrial boiler operation, and the quality of this process is closely related to the industrial boiler’s operational efficiency and pollutant emissions. This paper focuses on furnace combustion control within the industrial boiler control system and proposes an improved variable bias control method to address the issues associated with over-oxygen and oxygen-deficient combustion, which are prevalent in current double-closed-loop cascade proportional control technologies. First, the working principle of the variable bias double cross-limit combustion process is analyzed, and the variable bias cross-limit combustion control system is designed. Second, by introducing a bias variable, the paper addresses the problem that fixed bias parameters in the double cross-limit control system cannot accommodate the variable loading and rapid response requirements. Finally, the range of bias coefficients is estimated using the trial-and-error method. Experimental results demonstrate that the variable bias double cross-limit control strategy resolves the issues of oxygen deficiency and over-oxygen combustion, along with the slow response speed of conventional combustion control modes, enhances fuel heat utilization efficiency, and reduces pollutant and harmful gas emissions.

Integrated physical safety–cyber security risk assessment based on layers of protection analysis

The extensive application of information technology in process industries has increased production efficiency but has also introduced new risks. Therefore, it is necessary to systematically analyse the risks within factories to ensure the stable operation of their production systems. This study proposes an integrated risk assessment method based on layers of protection analysis (LOPA), which combines physical safety and cyber security analyses to provide comprehensive risk assessments for the process industry. The method first identifies the hazardous scenarios and protection layers relevant to a process facility. It then identifies potential cyberattack types and existing countermeasures. Subsequently, the functional impacts of attacks on protection layers and potential coupling relationships are discussed. Using common vulnerability scoring system (CVSS) and semi-quantitative methods, the probability of attack is determined to optimize the probability of failure on demand (PFD) of the protection layers. Finally, a case study of a steam separator in a catalytic cracking unit is used to quantitatively explore the potential attacks and risks of coupled protection layers. The application of Bayesian network (BN) is used for further validation of the method. This study offers a novel quantitative tool for risk assessment in the process industry, which can enhance the security and reliability of industrial production and control systems.

Cybersecurity Fundamentals Are Not Just for Industrial Control Systems: Guidance and Direction Are Available

Cybersecurity Fundamentals Are Not Just for Industrial Control Systems: Guidance and Direction Are Available

БЕЗПЕЧНИЙ ДОСТУП ДО СЕРВЕРІВ ІНФОРМАЦІЙНИХ СИСТЕМ, ЗАБЕЗПЕЧЕНИЙ ML-МОДЕЛЛЮ ДЛЯ БЛОКУВАННЯ ШКІДЛИВИХ ЗАПИТІВ

The article presents a detailed exploration of using the k-Nearest Neighbors (KNN) algorithm to classify and identify various types of cyberattacks, particularly SQL Injection (SQLi) attacks, within SCADA (Supervisory Control and Data Acquisition) systems. This work addresses the need to enhance server infrastructure security in SCADA systems by mitigating the risks posed by harmful requests, such as SQL injections. SCADA systems are crucial in managing industrial processes, making their servers prime cyberattack targets. Attackers often exploit vulnerabilities in server applications by injecting malicious requests through input fields or URLs, potentially gaining access to sensitive data or disrupting system operations. To address this issue, the study proposes a machine learning-based approach using the k-nearest neighbors (KNN) algorithm to detect and block harmful SQL requests. The KNN algorithm is employed to classify and identify different types of cyberattacks by comparing new attack attempts with previously observed attack patterns. By analyzing specific attributes related to each attack, the KNN method evaluates the level of threat based on proximity metrics. The proposed approach helps classify SQL injection attempts, which involve manipulating SQL code to bypass authentication or extract unauthorized data. The study demonstrates how KNN can effectively distinguish harmful SQL requests from benign ones by calculating the Euclidean distance between the new attack and historical cases. Furthermore, the article emphasizes the importance of implementing rapid and accurate detection methods for protecting server infrastructure in industrial environments. The KNN algorithm, in this context, offers a flexible and efficient solution as it adapts to various attack scenarios, improving the overall resilience of SCADA systems to cyber threats. The study’s findings contribute to the ongoing efforts in cybersecurity, focusing on integrating machine learning models to strengthen the protection of critical assets in industrial control systems. This work aims to develop protection tools for server-based industrial control systems used in SCADA systems against dangerous requests based on SQL injections, using an ML-trained model for blocking harmful requests through the k-nearest neighbors method.

A Comprehensive Threat Modelling Analysis for Distributed Energy Resources

The exponential rise in popularity of distributed energy resources (DERs) is attributed to their numerous benefits within the power sector. However, the risks that new DERs pose to the power grid have not yet been closely assessed, exposing a gap in the literature. This article addresses this gap by presenting a comprehensive threat model of the DER architecture, combining the MITRE ATT&CK catalogue for industrial control systems (ICS), and the IDDIL/ATC threat model, to create a hybrid approach. Our first contribution is to propose criteria derived from seven metrics to evaluate and compare the efficacy and usability of threat modelling frameworks for DER systems, allowing more informed framework selection. Our second contribution is to develop a comprehensive hybrid threat modelling approach based on IDDIL/ATC and MITRE ATT&CK and organise attack paths chronologically using the cyber kill chain methodology to categorise attacker techniques. Our third contribution is to perform a comprehensive DER architecture system decomposition, elaborating assets, trust levels, entry points, data, protocols, and entity relations to identify the threat landscape. Our final contribution is to apply the proposed approach to the distribution system operator (DSO), mapping potential attacker techniques and illustrating a ransomware attack chain on the DSO's Energy Management System, with proposed mitigations.