Cyber Security Of Control Systems Research Articles

A Survey of Cyber Security and Safety in Industrial Control Systems

A Survey of Cyber Security and Safety in Industrial Control Systems

Securing Industrial Control Systems: A Deep Dive into AI Approaches

In the era of increasingly interconnected infrastructures and the emergence of the Internet of Things (IoT), industrial control systems (ICS) are encountering a growing susceptibility to cyber threats. This paper delves into the growing adoption of artificial intelligence (AI) as a means to mitigate cybersecurity risks for ICS. AI-driven solutions play a pivotal role in detecting anomalies, pinpointing potential threats, and executing real-time responses to curtail risks. The authors extensively discuss the application of AI-based cybersecurity measures for ICS, encompassing techniques like anomaly detection, intrusion detection, and behavioral analysis. Furthermore, the narrative explores the challenges associated with implementing AI-centric cybersecurity solutions, such as concerns related to data privacy, system intricacies, and the imperative for continuous monitoring and updates. The authors draw upon case studies showcasing successful deployments of AI-driven cybersecurity solutions in industrial settings. Concluding the discussion, the authors propose a novel hybrid machine learning approach designed for anomaly detection in ICSs. This chapter serves as a comprehensive resource, shedding light on the role of AI in fortifying cybersecurity for industrial control systems. Its insights aim to enhance resilience against cyber-attacks, minimize the potential for system disruptions, and mitigate the risk of data breaches.

Bridging the Cybersecurity Gap: A Comprehensive Analysis of Threats to Power Systems, Water Storage, and Gas Network Industrial Control and Automation Systems

This research addresses the dearth of real-world data required for effective neural network model building, delving into the crucial field of industrial control and automation system (ICS) cybersecurity. Cyberattacks against ICS are first identified and then generated in an effort to raise awareness of vulnerabilities and improve security. This research aims to fill a need in the existing literature by examining the effectiveness of a novel approach to ICS cybersecurity that draws on data from real industrial settings. Real-world data from a variety of commercial sectors is used in this study to produce a complete dataset. These sectors include power systems, freshwater tanks, and gas pipelines, which together provide a wide range of commercial scenarios where anomaly detection and attack classification approaches are critical. The generated data are shown to considerably improve the models’ precision. An amazing 71% accuracy rate is achieved in power system models, and incorporating generated data reliably increases network speed. Using generated data, the machine learning system achieves an impressive 99% accuracy in a number of trials. In addition, the system shows about 90% accuracy in most studies when applied to the setting of gas pipelines. In conclusion, this article stresses the need to improve cybersecurity in vital industrial sectors by addressing the dearth of real-world ICS data. To better understand and defend against cyberattacks on industrial machinery and automation systems, it demonstrates how generative data can improve the precision and dependability of neural network models.

There Is No Chilling When Your Control System Cybersecurity Is Unfulfilling

There Is No Chilling When Your Control System Cybersecurity Is Unfulfilling

Software and Systems Engineers in ICS Security

The introduction of Industry 4.0 and IIoT has enabled the interconnection of information technology (IT) and operational technology (OT) and exposed industrial control systems to cyber threats. Industrial cybersecurity requires knowledge, skill, and collaboration between IT and OT. A comparison of graduate curricula of software engineering and systems engineering identifies competencies related to industrial control systems cybersecurity. Industry experts are interviewed to identify needs for cybersecurity skills and competencies. Results from the mapping are discussed in the context of software and systems engineering challenges in ICS cybersecurity and leveraged against industry experiences and needs expressed through interviews with three OT and IT industry professionals. The curricula mapping reveals variations in both how they are organised and expressed to the extent that subjective interpretation is required for evaluation and comparison. The interviews with the industry experts indicate a gap between graduate competence from the curricula and industry needs.

Cybersecurity for industrial automation and control systems

Cybersecurity for industrial automation and control systems

Security Baseline for Substation Automation Systems.

The use of information technology and the automation of control systems in the energy sector enables a more efficient transmission and distribution of electricity. However, in addition to the many benefits that the deployment of intelligent and largely autonomous systems brings, it also carries risks associated with information and cyber security breaches. Technology systems form a specific and critical communication infrastructure, in which powerful control elements integrating IoT principles and IED devices are present. It also contains intelligent access control systems such as RTU, IDE, HMI, and SCADA systems that provide communication with the data and control center on the outer perimeter. Therefore, the key question is how to comprehensively protect these specialized systems and how to approach security implementation projects in this area. To establish rules, procedures, and techniques to ensure the cyber security of smart grid control systems in the energy sector, it is necessary to understand the security threats and bring appropriate measures to ensure the security of energy distribution. Given the use of a wide range of information and industrial technologies, it is difficult to protect energy distribution systems using standard constraints to protect common IT technologies and business processes. Therefore, as part of a comprehensive approach to cyber security, specifics such as legislative framework, technological constraints, international standards, specialized protocols or company processes, and many others need to be considered. Therefore, the key question is how to comprehensively protect these specialized systems and how to approach security implementation projects in this area. In this article, a basic security concept for control systems of power stations, which are part of the power transmission and distribution system, is presented based on the Smart Grid domain model with emphasis on substation intelligence, according to the Purdue model. The main contribution of the paper is the comprehensive design of mitigation measures divided into mandatory and recommended implementation based on the standards defined within the MITRE ATT&CK matrix specified, concerning the specifications of intelligent distribution substations. The proposed and industry-tested solution is mapped to meet the international security standards ISO 27001 and national legislation reflecting the requirements of NIS2. This ensures that the security requirements will be met when implementing the proposed Security Baseline.

Orchestrator for ensuring interdependency between safety and cybersecurity in railway control systems

ABSTRACT Nowadays, more and more cyber-attacks are documented in transportation systems and this impacts human and environment. Thus, it is important to consider the integration of safety and cybersecurity in both industry and academia. This brings many advantages such as virtualization technologies, but it also creates new vulnerabilities. However, a safety orchestrator that is able to address a variety of safety anomalies that come from safety-related properties and to avoid conflicts with the functionalities of a cybersecurity orchestrator is not found in the literature. To reply to this need, in this paper we propose a new safety architecture for the railway systems. The core of this architecture is STELAC, the first safety orchestrator. This orchestrator covers reliability, availability, maintainability, and integrity-related anomalies as they are the properties which interact and influence safety according to RAMS. This orchestrator is also able to prevent functionality violations between safety and cybersecurity, in order to handle their interdependency. According to the results of the implementation, it is shown that STELAC ensures safety affected by the rest of the aforementioned properties and has little impact on decision-making time, which makes it an effective methodology for using the NFV architecture in railway systems safely and securely.

Clustered ensemble feature selection with M-GRU classification for efficient intrusion detection system of industrial systems

Industrial Control Systems (ICS) are susceptible to threats or attacks, and even minor changes or manipulation could cause major damage to industrial operations. Industrial control system cybersecurity is vital owing to the severe negative effects it could have on the economy, the environment, people, and politics. Therefore, it’s also crucial to design intrusion detection systems for industrial control systems. In this paper, an efficient intrusion detection system with clustered ensemble feature selection and a Multi-Level Modified Gated Recurrent Unit (M-GRU) classification model is proposed. This intrusion detection system with a general framework for clustered ensemble feature ranking approach is proposed to effectively find the best feature subset in network packet traffic data. The features designated are fed into a multi class classification algorithm Multi-Level Modified Gated Recurrent Unit (M-GRU) to efficiently detect the cyberattacks. Evaluation criteria including precision, accuracy, recall and F1 score are assessed and compared to other cutting-edge algorithms to assess the performance of the proposed model. The proposed model attained an average accuracy of 98.21 %. Results show that the suggested model increased the attack detection accuracy by an average of 5.935% and 0.116% when compared to the Gated Recurrent Unit, Long Short Term Memory, random forest and naïve bayes models.

Models and Methods of Information and Control System Cyber–security for Smart Buildings

Smart building management systems today employ the architectural multi-level creation of a system of unified components. Such a market is dynamic and always expanding, and sometimes the developers of such components stop maintaining their products or even collapse and vanish. It's not always possible to use professional-level components from proven developers when a building automation system (BAS) project budget is limited. The construction and analysis of models that consider the dependability and cyber security aspects of maintenance as well as ways of validating the selection of components, strategies, and service parameters are both necessary steps in finding compromises between the BAS architecture's value and quality. Use of information technology to determine maintenance parameters based on a model and model development approach.

Urban traffic signal control robust optimization against Risk-averse and Worst-case cyberattacks

Ensuring the cybersecurity of urban traffic signal control systems has become increasingly important in the digital age. This study proposes a passive countermeasure by designing robust signal control plans to mitigate the risks of worst-case and risk-averse cyberattacks. To achieve this objective, the study develops two bi-level simulation-based optimization (SO) models and solves them using an improved biobjective robust simulation-based optimization (IBORSO) algorithm. The attack-defense process is formulated as a Stackelberg game, where the lower level attacker aims to find optimal attack plans to degrade traffic efficiency and safety indices, while the upper level defender adjusts the signal control plan to compensate for the effects of the attack on traffic efficiency and safety indices. The proposed approach is evaluated on an urban road network in Changsha, China. The results show that the developed robust signal control plans can withstand risk-averse and worst-case attacks and perform better than the counterpart ones in terms of biobjective performance. The proposed bi-level modeling framework and solution algorithm can be used to build robust traffic signal control systems that are resilient to cyberattacks.

Secure Control Using Homomorphic Encryption and Efficiency Analysis

In order to enhance the cyber-security of networked control systems, Kogiso and Fujita (2015) proposed a concept of controller encryption using homomorphic encryption for the first time. Encrypted linear controllers using a homomorphic encryption scheme could conceal the information processed inside the controller device and maintain the original functions of controllers. In this paper, we propose a scheme to encrypt the linear controller using the BGN encryption, which supports homomorphic addition and multiplication. We also compare the efficiency of this scheme with the scheme with an encrypted controller using RSA encryption and Paillier encryption.

RADICL CTF

To address the nationwide workforce shortage of skilled and educated cyber-informed engineers, we must develop low-cost and highly effective resources for industrial control systems education and training. College curricula in technology management, cybersecurity, and computer science aim to build students’ computational and adversarial thinking abilities but are often done only through theory and abstracted concepts [1]. To better a student’s understanding of industrial control system applications, post-secondary institutions can use gamification to increase student interest through an interactive, user-friendly, hands-on experience. RADICL CTF can provide post-secondary institutions with new opportunities for low-cost, guided exercises for industrial control system (ICS) education to help students master adversarial thinking. Based on an extension to picoCTF, RADICL CTF is a platform for students to design, implement and evaluate exercises that test their understanding of core concepts in industrial control systems cybersecurity, answering the need for more interactive education methods. The main contributions of this paper are the improvement of the cyber-security curriculum through extending the picoCTF platform to promote the gamification of industrial control system concepts with consideration to the Purdue Reference Architecture.

Controller Cyber-Attack Detection and Isolation

This article deals with the cyber security of industrial control systems. Methods for detecting and isolating process faults and cyber-attacks, consisting of elementary actions named "cybernetic faults" that penetrate the control system and destructively affect its operation, are analysed. FDI fault detection and isolation methods and the assessment of control loop performance methods developed in the automation community are used to diagnose these anomalies. An integration of both approaches is proposed, which consists of checking the correct functioning of the control algorithm based on its model and tracking changes in the values of selected control loop performance indicators to supervise the control circuit. A binary diagnostic matrix was used to isolate anomalies. The presented approach requires only standard operating data (process variable (PV), setpoint (SP), and control signal (CV). The proposed concept was tested using the example of a control system for superheaters in a steam line of a power unit boiler. Cyber-attacks targeting other parts of the process were also included in the study to test the proposed approach's applicability, effectiveness, and limitations and identify further research directions.

A Robust Stackelberg Game for Cyber-Security Investment in Networked Control Systems

We present a resource-planning game for cyber-security of networked control systems (NCSs). The NCS is assumed to be operating in closed loop using a linear state feedback <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\mathcal {H}_{2}$ </tex-math></inline-formula> -controller. A zero-sum, two-player Stackelberg game (SG) is developed between an attacker and a defender for this NCS. The attacker aims to disable communication of selected nodes and thereby render the feedback gain matrix to be sparse, leading to degradation of closed-loop performance, while the defender aims to prevent this loss by investing in the protection of targeted nodes. Both the players trade their <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\mathcal {H}_{2}$ </tex-math></inline-formula> -performance objectives for the costs of their actions. The standard backward induction (BI) method is modified to determine a cost-based Stackelberg equilibrium (CBSE) that saves the players’ costs without degrading the control performance. We analyze the dependence of a CBSE on the relative budgets of the players and on the node “importance” order. Moreover, a robust defense (RD) method is developed for the realistic case when the defender is not informed about the attacker’s resources. The proposed algorithms are validated using examples from wide-area control of electric power systems. It is demonstrated that reliable and RD is feasible unless the defender’s resources are severely limited relative to the attacker’s resources. We also show that the proposed methods are robust to time-varying model uncertainties and thus are suitable for long-term security investment in realistic NCSs. Finally, we use computationally efficient genetic algorithms (GAs) to compute the optimal strategies of the attacker and the defender in realistic large power systems.

A Framework Design to Improve the Operation Capability of Cyber Security for Electric Power Dispatching and Control Systems based on the Concept of SOC

Benefiting from the vision of the Security Operation Center (SOC), this paper proposes a construction plan for a cyber security operation center for the electric power dispatching and control system. This solution integrates and analyzes various data such as ledger database, knowledge database, and historical alarm database in the power dispatching and control system, and realizes the functions of alarm handling, risk assessment, and emergency response for the existing security management platform. Through the risk evaluation experiment, it is verified that our scheme has the function of overall interacted active security defense, and can effectively improve the cyber security risk resistance of the power dispatching and control system.

Design of a Novel Information System for Semi-automated Management of Cybersecurity in Industrial Control Systems

There is an urgent need in many critical infrastructure sectors, including the energy sector, for attaining detailed insights into cybersecurity features and compliance with cybersecurity requirements related to their Operational Technology (OT) deployments. Frequent feature changes of OT devices interfere with this need, posing a great risk to customers. One effective way to address this challenge is via a semi-automated cyber-physical security assurance approach, which enables verification and validation of the OT device cybersecurity claims against actual capabilities, both pre- and post-deployment. To realize this approach, this article presents new methodology and algorithms to automatically identify cybersecurity-related claims expressed in natural language form in ICS device documents. We developed an identification process that employs natural language processing (NLP) techniques with the goal of semi-automated vetting of detected claims against their device implementation. We also present our novel NLP components for verifying feature claims against relevant cybersecurity requirements. The verification pipeline includes components such as automated vendor identification, device document curation, feature claim identification utilizing sentiment analysis for conflict resolution, and reporting of features that are claimed to be supported or indicated as unsupported. Our novel matching engine represents the first automated information system available in the cybersecurity domain that directly aids the generation of ICS compliance reports.

Directions for improving cybersecurity of mobile technology control systems

Directions for improving cybersecurity of mobile technology control systems

Development of directed randomization for discussing a minimal security architecture

Strategies for mitigating the impacts of cyberattacks on control systems using a control-oriented perspective have become of greater interest in recent years. Our group has contributed to this trend by developing several methods for detecting cyberattacks on process sensors, actuators, or both sensors and actuators simultaneously using an advanced optimization-based control strategy known as Lyapunov-based economic model predictive control (LEMPC). However, each technique comes with benefits and limitations, both with respect to one another and with respect to traditional information technology and computer science-type approaches to cybersecurity. An important question to ask, therefore, is what the goal should be of the development of new control-based techniques for handling cyberattacks on control systems, and how we will be able to benchmark these as “successful” compared to other techniques to drive development or signal when the research in this direction has reached maturity. In this paper, we propose that the goal of research in control system cybersecurity for next-generation manufacturing should be the development of a security architecture that provides flexibility and safety with lowest cost, and seek to clarify this concept by re-analyzing some of the security techniques from our prior work in such a context. We also show how new methods can be developed and analyzed within this “minimum security architecture” context by proposing a technique which we term “directed randomization” that may require less sensors to be secured in a system than some of our prior methods, potentially adding flexibility to the system while still maintaining security. Directed randomization seeks to utilize the existence of two possible stabilizing inputs at every sampling time to attempt to create a challenge for an attacker for setting up an arbitrary sensor attack policy without being detected within a finite number of sampling periods. We discuss benefits and limitations of this technique with respect to our prior cybersecurity strategies and also with respect to extended versions of these prior concepts, such as image-based control and distributed control, to provide further insights into the minimum security concept.

DURESS SCADA: A simulation platform to study user interface design for cybersecurity of industrial control systems

Supervisory Control and Data Acquisition (SCADA) systems are widely adopted in critical infrastructures and prime targets of cyberattacks. Ecological Interface Design (EID) is postulated to be an invaluable framework for supporting operators to cope with cyber intrusions, particularly zero-day attacks because prior research has demonstrated effectiveness of ecological interfaces during unanticipated events. However, a suitable research platform is absent for studying user interface in cybersecurity of SCADA systems. This paper presents a SCADA system simulation being designed and implemented for the DURESS thermohydraulic process control simulation common in EID studies. Based on the open literature and industrial standards to ensure representativeness of industrial SCADA systems, the simulation includes two programable logical controllers, seven routers, and a server in a wired communication network. These components should be sufficient to study human response to common cyberattacks on SCADA systems and support future work in prototyping and evaluating user interfaces for SCADA cybersecurity.