Operation Of Industrial Control Systems Research Articles

Evaluating the Impact of Cyberattacks on PLC Performance: A Systematic Implementation and Empirical Investigation

Programmable Logic Controller plays a pivotal role in the operation of Industrial Control Systems, which are widely used to monitor and control critical infrastructure and manufacturing processes. However, the rise of Industry 4.0, coupled with the increasing sophistication of cyber threats poses a significant risk to the security of PLC. This study implements a wide range of attacks on a PLC, including Code Injection, Man in the Middle, and a Denial-of-Service attack. The study further scrutinizes the impact of these attacks on the performance of the PLC with a view to developing effective security measures to mitigate cyber risks in Operational Technology systems. The study employs throughput and round trip time as the key metrics to evaluate PLC performance under normal conditions and during cyberattacks. The results indicate a significant degradation in the PLC performance metrics during the attacks, with DoS having the highest impact followed by Man in the Middle attack. These results highlight the need for robust cybersecurity measures to secure PLC from potential cyber threats.

GRU-Based Interpretable Multivariate Time Series Anomaly Detection in Industrial Control System

Interpretable multivariate time series anomaly detection is an important technology to prevent accidents and ensure the reliable operation of Industrial Control Systems. A key limitation lies in the lack of a model to achieve better detection performance and more reliable interpretability, and keep a balance between performance efficiency and training optimization. In this paper, we propose GRN, an Interpretable Multivariate Time Series Anomaly Detection method based on neural graph networks and gated recurrent units (GRU). GRN can automatically learn potential correlations between sensors from multidimensional industrial control time series data, quickly mine long-term and short-term dependencies, to improve detection performance and help users to infer the root cause of detected anomalies. Based on GRU, GRN preserves the original advantages of processing the sequences and capturing the time series dependencies, moreover solves the problem of gradient disappearance and gradient explosion. We compare the performance of nine state-of-the-art algorithms on two real water treatment datasets (SWaT, WADI). GRN achieves better detection precision and recall. Meanwhile, the comparison of Area Under the Curve (AUC) demonstrates that GRN has the effect of maintaining balance between detection performance and training optimization. Compared with a Graph Deviation Network(GDN), GRN has achieved greater interpretability.

WITHDRAWN: Security of Railway Control Systems: A Survey, Research Issues and Challenges

With the rapid development of railway transporta- tion, higher requirements for capacity are increasing and amount of communication, computer and control technologies are applied in train control systems which is the popular method for train control. The application of 3 C brings the enhancement of railway transportation performance. However, the number of internal and external cyber security threats is rising, which could lead to some railway accidents. On the other hand, safety is the core of the design process for railway but security is rarely considered due to the closure of traditional railway systems. As cyber security is threatening the normal operation of industrial control systems and the critical infrastructure, security issues of train control systems should be paid more attention as railway transportation play an important role for society and economy. However, due to the safety-critical characteristics, safety assessment and analysis works have been performed for a long time, but cyber security related works are rarely considered. In the paper, we demonstrate the security situation of train control systems based on the inherent features and the experience of other industrial control systems, where the technical defects and potential threats are summarized. According to the practical engineering experience, the current security protection strategies are illustrated, which shows the popular security protection methods are limited and cannot realize the defense-in-depth. Finally, some research challenges of security issues of train control systems are identified.

Model verification of fallback control system under cyberattacks via UPPAAL

ABSTRACT Industrial control systems (ICS) are required to be operated safely under cyberattacks. Fallback control is necessary for the safe operation of ICS. As one of fallback control systems, we develop a resilient third-party monitoring system. This system consists of Programmable Logic Controllers (PLCs) for normal control and for fallback control. The normal PLC controls field devices, and the fallback PLC takes over the control after the normal PLC is attacked. The fallback control of this paper is the control takeover of a robot arm control system. To quickly transition to this fallback control, it is necessary to incorporate a supervisor function to manage each PLC function in an integrated manner. This paper aims to propose a modeling method of ICS functions and its analysis method to ensure that the supervisor can work properly under cyberattacks. For modeling, we use UPPAAL, specializing in formal verification by timed automata. We implement the models of each PLC and supervisor on UPPAAL. To quantitatively analyze whether the supervisor can really realize the incident response during cyberattacks, we give the specifications necessary for fallback control to the supervisor model using Timed Computation Tree Logic (TCTL) and verify its feasibility.

Dual Auto-Encoder GAN-Based Anomaly Detection for Industrial Control System

As a core tool, anomaly detection based on a generative adversarial network (GAN) is showing its powerful potential in protecting the safe and stable operation of industrial control systems (ICS) under the Internet of Things (IoT). However, due to the long-tailed distribution of operating data in ICS, existing GAN-based anomaly detection models are prone to misjudging an unseen marginal sample as an outlier. Moreover, it is difficult to collect abnormal samples from ICS. To solve these challenges, a dual auto-encoder GAN-based anomaly detection model is proposed for the industrial control system, simply called the DAGAN model, to achieve an accurate and efficient anomaly detection without any abnormal sample. First, an “encoder–decoder–encoder” architecture is used to build a dual GAN model for learning the latent data distribution without any anomalous sample. Then, a parameter-free dynamic strategy is proposed to robustly and accurately learn the marginal distribution of the training data through dynamic interaction between two GANs. Finally, based on the learned normal distribution and marginal distribution, an optimized anomaly score is used to measure whether a sample is an outlier, thereby reducing the probability of a marginal sample being misjudged. Extensive experiments on multiple datasets demonstrate the advantages of our DAGAN model.

Safe and Policy Oriented Secure Android-Based Industrial Embedded Control System

Android is gaining popularity as the operating system of embedded systems and recent demands of its application on industrial control are steadily increasing. However, its feasibility is still in question due to two major drawbacks: safety and security. In particular, ensuring the safe operation of industrial control systems requires the system to be governed by stringent temporal constraints and should satisfy real-time requirements. In this sense, we explore the real-time characteristics of Xenomai to guarantee strict temporal deadlines, and provide a viable method integrating Android processes to real-time tasks. Security is another issue that affects safety due to the increased connectivity in industrial systems provoking a higher risk of cyber and hardware attacks. Herein, we adopted a hardware copy protection chip and enforced administrative security policies in the booting process and the Android application layer. These policies ensure that the developed system is protected from physical tampering and unwanted Android applications. The articulacy of the administrative policies is demonstrated through experiments. The developed embedded system is connected to an industrial EtherCAT motion device network exhibiting operability on an actual industrial application. Real-time performance was evaluated in terms of schedulability and responsiveness, which are critical in determining the safety and reliability of the control system.

Unsupervised Anomaly Detection for Network Data Streams in Industrial Control Systems

The development and integration of information technology and industrial control networks have expanded the magnitude of new data; detecting anomalies or discovering other valid information from them is of vital importance to the stable operation of industrial control systems. This paper proposes an incremental unsupervised anomaly detection method that can quickly analyze and process large-scale real-time data. Our evaluation on the Secure Water Treatment dataset shows that the method is converging to its offline counterpart for infinitely growing data streams.

Comparative analysis of the security of configuration protocols for industrial control devices

Industrial control systems present security challenges, especially protocols that do not have security features and legacy systems that are often unpatched. Although the security of open standard protocols such as Modbus TCP has been extensively researched, relatively few efforts have focused on the security aspects of vendor-specific protocols and protocol extensions. These protocols, which also lack security measures like their standard counterparts, are used to configure and manage programmable logic controllers – they are, therefore, critical to the safe and secure operation of industrial control systems and the critical infrastructure assets they manage. Indeed, an adversary who exploits one of these protocols could perform actions such as starting and stopping programmable logic controllers, and modifying their configurations and their programs (i.e., their behavior).This paper analyzes the security of programmable logic controller configuration protocols. The comparative analysis leverages a testbed that includes programmable logic controllers from different manufacturers. The results include structured descriptions of feasible attacks and possible countermeasures.

Cybersecurity training in control systems using real equipment

The relevance of cybersecurity in the field of critical infrastructures has been reinforced in the last years, as a result of the increased number of incidents. The European Union has developed policies oriented to promote research and education in security and critical infrastructure protection. It is widely recognized that there is a shortage of qualified cybersecurity professionals due to the increasing demand. The situation is even more serious in the area of cybersecurity of critical infrastructures, due to the special characteristics of the control and monitoring systems needed for their operation. Furthermore, there is a knowledge gap between the industrial control experts, who generally have not received training in computer security, and the cybersecurity experts, who ignore the operation of industrial control systems. It is therefore necessary to create educational environments that support training and research oriented to bridge this gap without. For that reason, this paper presents a Laboratory of Critical Infrastructures Cybersecurity (CICLab) that is flexible enough to create different settings that simulate real situations on the critical infrastructure control systems. For that purpose, the laboratory includes different field, control and monitoring technologies that are widely used in four sectors: industry, energy management, building management and smart cities. Some educational activities are presented in the framework of this laboratory.

Using timing-based side channels for anomaly detection in industrial control systems

The critical infrastructure, which includes the electric power grid, railroads and water treatment facilities, is dependent on the proper operation of industrial control systems. However, malware such as Stuxnet has demonstrated the ability to alter industrial control system parameters to create physical effects. Of particular concern is malware that targets embedded devices that monitor and control system functionality, while masking the actions from plant operators and security analysts. Indeed, system security relies on guarantees that the assurance of these devices can be maintained throughout their lifetimes. This paper presents a novel approach that uses timing-based side channel analysis to establish a unique device fingerprint that helps detect unauthorized modifications of the device. The approach is applied to an Allen Bradley ControlLogix programmable logic controller where execution time measurements are collected and analyzed by a custom anomaly detection system to detect abnormal behavior. The anomaly detection system achieves true positive rates of 0.978–1.000 with false positive rates of 0.033–0.044. The test results demonstrate the feasibility of using timing-based side channel analysis to detect anomalous behavior in programmable logic controllers.

NERD—middleware for IoT human machine interfaces

Industrial control systems (ICS), such as smart grid systems, are frequently composed of hundreds of devices distributed over a large geographic area. While mobile applications have been used with good success in managing ICSs, traditional methods of distributing applications (e.g., app stores) are not well suited to the task of discovering, distributing, and building human machine interfaces (HMIs) for ICS, as the highly individualized and often proprietary individual components of ICSs have vastly different interfaces leading to a need to download hundreds of applications. We propose the No Effort Rapid Development (NERD) middleware framework to address the challenges of in-field HMI discovery, provisioning, communication, and co-evolution with related ICSs. Middleware services offer the ability to simplify on-demand HMI distribution and operation of ICSs. NERD leverages existing ICS device-markers (e.g., QR-codes or RFID tags) or Bluetooth low-energy protocols for rapid cyber-physical discovery and provisioning of HMIs in the field. Device-markers and Bluetooth low-energy protocols have a very limited data capacity and transmission speed, and to achieve on-device storage of HMIs, we propose using a compact data-driven domain-specific language that emphasizes data sources and sinks between the HMI and IC.