Advertisement

Cybersecurity Threats, Vulnerability and Analysis in Safety Critical Industrial Control System (ICS)

  • Xinxin LouEmail author
  • Asmaa Tellabi
Chapter
  • 326 Downloads
Part of the Studies in Systems, Decision and Control book series (SSDC, volume 255)

Abstract

In this chapter, cybersecurity vulnerabilities and threats surrounding Industrial Control Systems (ICSs) are investigated. The main part is to investigate cybersecurity analysis approaches in safety critical Industrial Control Systems (ICSs). We taxonomy the selected representative cybersecurity analysis approaches, in a quantitative and qualitative way. The approaches are also classified based on the scope of the analysis, e.g. some approaches focus only on the system, while others also consider the organization structure. In the end, we propose a novel idea to perform the cybersecurity analysis logically by utilizing reverse engineering results. In addition, an idea of improving the system security by design, from the hardware level by considering Field Programmable Gate Arrays (FPGA) is proposed.

List of Abbreviation

BT

Bayesian Network

CFA

Casual Fault Analysis

CFG

Casual Fault Graph

CIA

Confidentiality, Integrity, and Availability

COBIT

Control Objectives for Information and Related Technology

CPU

Central Processing Unit

CPS

Cyber Physical System

CSRF

Cross-Site Request Forgery

CSRI

Cyber Security Risk Index

DoS

Denial of Service

DMZ

Demilitarized Zone

ET

Event Tree

HMI

Human Machine Interface

IACS

Industrial Automation Control System

ICS

Industrial Control System

IDS

Intrusion Detection system

IEC

International Electrotechnical Commission

ISO

International Organization for Standardization

IT

Information Technology

I&C

Instrumentation & Control

HTTP

HyperText Transfer Protocol

MSCs

Mixed Criticality Systems

NIST

National Institute of Standards and Technology

NPP(s)

Nuclear Power Plant(s)

OPC UA

OPC Unified Architecture

OT

Operational Technology

OS

Operating System

PG

(Programmiergerät in German)—Programming Device

SCADA

Supervisory Control and Data Acquisition

SIS

Safety Instrumented System

SMP

Semi Markov Process

STAMP

Systems-Theoretic Accident Model and Processes

STPA

Systems Theoretic Process Analysis

STPA-SafeSec

STPA and Security Analysis

XSS

Cross-Site Scripting

Notes

Acknowledgements

We appreciate the guidance of Prof. Ladkin, Dr, Karl Waedt, and Prof. Ruland. We also thank all reviewers.

References

  1. 1.
    Langner, R.: To kill a centrifuge. Langer. https://www.langner.com/wp-content/uploads/2017/03/to-kill-a-centrifuge.pdf (2013). Accessed 4 July 2019
  2. 2.
    Dragos Inc.: TRISIS malware-analysis of safety system targeted malware. https://dragos.com/wp-content/uploads/TRISIS-01.pdf(2017). Accessed 4 July 2019
  3. 3.
  4. 4.
    Lee, R.M., Assante, M.J., Conway, T.: SNAS ICS. Analysis of the cyber attack on the Ukrainian power grid. https://ics.sans.org/media/E-ISAC_SANS_Ukraine_DUC_5.pdf (2016). Accessed 4 July 2019
  5. 5.
    Kaspersky: Traffic Lights are Easy to Exploit. https://www.kaspersky.com/blog/traffic-light-attacks/5830/ (2014). Accessed on 31 Mar 2019
  6. 6.
    IEC Technical Specification: IEC 62443 Industrial communication networks. In: Network and System Security—Part 1-1: Terminology, Concepts and Models (2014)Google Scholar
  7. 7.
    Stouffer, K., Stouffer, K., Abrams, M.: NIST SP 800-82 r2: Guide to Industrial Control Systems (ICS) Security. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r2.pdf (2015). Accessed 4 July 2019
  8. 8.
    Walter, T.: IEC62859: Nuclear power plants instrumentation and control systems. In: Requirements for Coordinating Safety and Cybersecurity, p. 10 (2016)Google Scholar
  9. 9.
    Ladkin, P.B.: Chapter 5: Integrity. In: A Critical-System Assurance Manifesto: Issues Arising from IEC 61508. RVS Group, Bielefeld. https://rvs-bi.de/publications/RVS-Bk-17-01.html (2017). Accessed 7 July 2019
  10. 10.
    Venezuelanalysis: Venezuela: New Widespread Power Outage as Gov’t Denounces Alleged Attacks. https://venezuelanalysis.com/news/14404 (2019). Accessed on 31 Mar 2019
  11. 11.
    Irmak, E., Erkek, I.: An overview of cyber-attack vectors on SCADA systems. In: 2018 6th International Symposium on Digital Forensic and Security (ISDFS), Antalya, Turkey, March 2018. pp. 1–5, IEEE (2018)Google Scholar
  12. 12.
    European Telecommunications Standards Institute: ETSI-TR 102 893-V1.1.1—ETSI TR 102. Intelligent Transport Systems (ITS); Security; Threat, Vulnerability and Risk Analysis (TVRA). https://www.etsi.org/deliver/etsi_TR/102800_102899/102893/01.01.01_60/tr_102893v010101p.pdf (2010). Accessed 4 July 2019
  13. 13.
    Conteh, N.Y., Schmick, P.J.: Cybersecurity: risks, vulnerabilities and countermeasures to prevent social engineering attacks. Int. J. Adv. Comput. Res. 6(23), 31–38 (2016)CrossRefGoogle Scholar
  14. 14.
    Baylon, C., Brunt, R., Livingstone, D.: Cyber security at civil nuclear facilities understanding the risks. Chatham House Report. https://www.chathamhouse.org/sites/default/files/field/field_document/20151005CyberSecurityNuclearBaylonBruntLivingstone.pdf (2015). Accessed 7 July 2019
  15. 15.
    Babu, B. et al.: Security issues in SCADA based industrial control systems. In: 2nd International Conference on Anti-cyber Crimes (ICACC), Abha, Saudi Arabia, March 2017. pp. 47–51, IEEE (2017)Google Scholar
  16. 16.
    CVE Online Vulnerability Database: CVE-2015-2822. https://www.cvedetails.com/cve/CVE-2015-2822/ (2015). Accessed 31 Mar 2019
  17. 17.
    CVE Online Vulnerability Database: CVE-2016-5743. https://www.cvedetails.com/cve/CVE-2016-5743/ (2016). Accessed 31 Mar 2019
  18. 18.
    CVE Online Vulnerability Database: CVE-2013-0672. https://www.cvedetails.com/cve/CVE-2013-0672/ (2013). Accessed 31 Mar 2019
  19. 19.
    CVE Online Vulnerability Database: CVE-2013-4911. https://www.cvedetails.com/cve/CVE-2013-4911/ (2013). Accessed 31 Mar 2019
  20. 20.
    CVE Online Vulnerability Database: CVE-2011-4508. https://www.cvedetails.com/cve/CVE-2011-4508/ (2011). Accessed 31 Mar 2019
  21. 21.
    CVE Online Vulnerability Database: CVE-2013-0671. https://www.cvedetails.com/cve/CVE-2013-0671/ (2013). Accessed 31 Mar 2019
  22. 22.
    NIST NVD Online Vulnerability Database. CVE-2017-12069. https://nvd.nist.gov/vuln/detail/CVE-2017-12069#vulnCurrentDescriptionTitle (2017). Accessed 31 Mar 2019
  23. 23.
    CVE Online Vulnerability Database: CVE-2014-1697. https://www.cvedetails.com/cve/CVE-2014-1697/ (2014). Accessed 31 Mar 2019
  24. 24.
    CVE Online Vulnerability Database: CVE-2014-2246. https://www.cvedetails.com/cve/CVE-2014-2246/ (2014). Accessed 31 Mar 2019
  25. 25.
    CVE Online Vulnerability Database: CVE-2016-2200. https://www.cvedetails.com/cve/CVE-2016-2200/ (2016), Accessed 31 Mar 2019
  26. 26.
    CVE Online Vulnerability Database: CVE-2014-2256. https://www.cvedetails.com/cve/CVE-2014-2256/ (2014). Accessed 31 Mar 2019
  27. 27.
    CVE Online Vulnerability Database: CVE-2016-2846. https://www.cvedetails.com/cve/CVE-2016-2846/(2016). Accessed 31 Mar 2019
  28. 28.
    National Cybersecurity and Communications Integration Center: US-CERT. Attack Possibilities by OSI Layer. https://www.us-cert.gov/sites/default/files/publications/DDoS%20Quick%20Guide.pdf (2014). Accessed 4 July 2019
  29. 29.
    Ashibani, Y., Mahmoud, Q.H.: Cyber physical systems security: analysis, challenges and solutions. Comput. Secur. 68, 81–97 (2017)Google Scholar
  30. 30.
    Igure, V.M., Laughter, S.A., Williams, R.D.: Security issues in SCADA networks. Comput. Secur. 25(7), 498–506 (2006)Google Scholar
  31. 31.
    Kaplan, S., Garrick, B.J.: On the quantitative definition of risk. Soc. Risk Anal. 1(1) (1981)Google Scholar
  32. 32.
    Cherdantseva, Y. et al.: A review of cyber security risk assessment methods for SCADA systems. Comput. Secur. 56, 1–27 (2016)Google Scholar
  33. 33.
    Gritzalis, D., Stavrou, V.: Exiting the risk assessment maze: a meta-survey. ACM Comput. Surv. 51(11), 1–30 (2018)Google Scholar
  34. 34.
    Abdo, H., Kaouk, M., Flaus, J.M., Masse, F.: A safety/security risk analysis approach of industrial control systems: a cyber bowtie-combining new version of attack tree with bowtie analysis. Comput. Secur. 72, 175–195 (2017)CrossRefGoogle Scholar
  35. 35.
    Zheng, Y., Zheng, S. (2015) Cyber security risk assessment for industrial automation platform. In: International Conference on Intelligent Information Hiding and Multimedia Signal Processing, Adelaide, SA, Australia, July 2015. pp. 341–344, IEEEGoogle Scholar
  36. 36.
    Ledwaba, L., Venter, H.S.: A threat-vulnerability based risk analysis model for cyber physical system security. In: 50th Hawaii International Conference on System Sciences. Hawaii, USA, January 2017. pp. 6021–6030, IEEE (2017)Google Scholar
  37. 37.
    Shin, J., Son, H., Heo, G.: Cyber security risk evaluation of a nuclear I&C using BN and ET. Nucl. Eng. Technol. 49(3), 517–524 (2017)Google Scholar
  38. 38.
    Shin, J., Son, H., Khalil Ur, R., Heo, G.: Development of a cyber security risk model using Bayesian networks. Reliab. Eng. Syst. Saf. 134, 208–217 (2015)CrossRefGoogle Scholar
  39. 39.
    Zhang, Y., Wang, L., Xiang, Y., Ten, C.W.: Inclusion of SCADA cyber vulnerability in power system reliability assessment considering optimal resources allocation. IEEE Trans. Power Syst. 31(6), 4379–4394 (2016)CrossRefGoogle Scholar
  40. 40.
    Fang, Z.H., Mo, H.D., Wang, Y.: Reliability analysis of cyber-physical systems considering cyber-attacks. In: IEEE International Conference on Industrial Engineering and Engineering Management, Singapore. pp. 364–368, IEEE (2017)Google Scholar
  41. 41.
    Wu, W., Kang, R., Li, Z.: Risk assessment method for cybersecurity of cyber-physical systems based on inter-dependency of vulnerabilities. In: IEEE International Conference on Industrial Engineering and Engineering Management, Indonesia, December 2016. pp. 1618–1622, IEEE (2016)Google Scholar
  42. 42.
    Caltagirone, S., Pendergast, A.: The diamond model of intrusion analysis. https://apps.dtic.mil/dtic/tr/fulltext/u2/a586960.pdf (2013). Accessed 7 July 2019
  43. 43.
    Hutchins, E.M., Cloppert, M.J., Amin, R.M.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. In: 6th International Conference on Information Warfare and Security, George Washington University, March 2011. pp. 113–125 (2011)Google Scholar
  44. 44.
    Hansen, A., Staggs, J., Shenoi, S.: Security analysis of an advanced metering infrastructure. Int. J. Crit. Infrastruct. Prot. 18 (2017)Google Scholar
  45. 45.
    Xiang, Y., Ding, Z., Zhang, Y., Wang, L.: Power system reliability evaluation considering load redistribution attacks. IEEE Trans. Smart Grid 8(2), 889–901 (2017)Google Scholar
  46. 46.
    Kang, E., Adepu, S., Jackson, D., Mathur, A.P.: Model-based security analysis of a water treatment system. In: IEEE/ACM 2nd International Workshop on Software Engineering for Smart Cyber-Physical Systems, Austin, Texas, May 2016. pp. 22–28, IEEE/ACM (2016)Google Scholar
  47. 47.
    Song, J.-G., Lee, J.-W., Lee, C.-K., et al.: A cyber security risk assessment for the design of I&C systems in nuclear power plants. Nucl. Eng. Technol. 44(8), 919–992 (2012)CrossRefGoogle Scholar
  48. 48.
    de Gusmão, A.P.H., et al.: Cybersecurity risk analysis model using fault tree analysis and fuzzy decision theory. Int. J. Inf. Manage. 43, 248–260 (2018)Google Scholar
  49. 49.
    Leveson, N.G.: Engineering a Safer World-System Thinking Applied To Safety (Draft). MIT Press, Cambridge. http://sunnyday.mit.edu/safer-world.pdf (2011). Accessed 04 July 2019
  50. 50.
    Salim, H.M.: Cyber Safety: A Systems Thinking and Systems Theory Approach to Managing Cyber Security Risks. MIT Press, Cambridge. http://web.mit.edu/smadnick/www/wp/2014-07.pdf (2014). Accessed 04 July 2019
  51. 51.
    Whyte, D.: Using a Systems-Theoretic Approach to Analyze Cyber Attacks on Cyber-Physical Systems. MIT Press, Cambridge. https://dspace.mit.edu/handle/1721.1/110143(2017). Accessed 04 July 2019
  52. 52.
    Friedberg, I., McLaughlin, K., Smith, P., et al.: STPA-SafeSec: safety and security analysis for cyber-physical systems. J. Inf. Secur. Appl. 34, 183–196 (2017)Google Scholar
  53. 53.
    Thomas, J.: Extending and automating a systems-theoretic hazard analysis for requirements generation and analysis. Ph.D. thesis, MIT Press, Cambridge. http://sunnyday.mit.edu/JThomas-Thesis.pdf (2013). Accessed 04 July 2019
  54. 54.
    Caralli, R.A., Stevens, J.F., Young, L.R., Wilson, W.R.: Introducing OCTAVE Allegro : Improving the Information Security Risk Assessment Process. https://resources.sei.cmu.edu/asset_files/TechnicalReport/2007_005_001_14885.pdf (2007). Accessed 7 July 2019
  55. 55.
  56. 56.
    Ladkin, P.B.: An Example of Why-Because Analysis in Digital System Safety. RVS Group, Bielefeld. https://rvs-bi.de/publications/RVS-Bk-17-02.html (2017). Accessed 4 July 2019
  57. 57.
    Lou, X., Waedt, K., Schürmann, T., et al.: Cybersecurity analysis of industrial control system towards system function view. In: International Conference on Industrial Cyber-Physical Systems, Taipei, May 2019, IEEE (2019)Google Scholar
  58. 58.
    Lou, X., Waedt, K. et. al.: Combining AI planning advantages to assist preliminary formal analysis on ICS cybersecurity vulnerabilities. In: 10th Edition Electronics, Computers and Artificial Intelligence, Iasi, Romania, June 2018. IEEE (2018)Google Scholar
  59. 59.
    Jung, J., Ahmed, I.: Development of field programmable gate array-based reactor trip functions using systems engineering approach. Nucl. Eng. Technol. 48(4) (2016)Google Scholar
  60. 60.
    Tellabi. A., Peters, L., Ruland, C., et al.: Security Aspects of Hardware Virtualization Technologies for Industrial Automation and Control Systems. In: GIACM WS on I4.0/IACS Standardization, Berlin (2018)Google Scholar
  61. 61.
    DIN/DKE/VDE. DEUTSCH ENORMUNGSROADMAP Industrie 4.0-Version 3. https://www.din.de/blob/95954/97b71e1907b0176494b67d8d6d392c54/aktualisierte-roadmap-i40-data.pdf (2018). Accessed 17 July 2019
  62. 62.
    OPC Foundation: The Industrial Interoperability Standard. https://opcfoundation.org/. Accessed 17 July 2019
  63. 63.
    Sino-German Industrie 4.0: Intelligent Manufacturing Standardisation Sub-Working Group. Security Standards White Paper for Sino-German Industrie 4.0/Intelligent Manufacturing. https://www.dke.de/resource/blob/1711300/9e7add87021790df6d2dc57312e05302/security-standards-white-paper-for-sino-german-industrie-40-data.pdf (2018). Accessed 17 July 2019
  64. 64.
    CVE Online Vulnerability Database. Siemens: Vulnerability Statistics. https://www.cvedetails.com/vendor/109/Siemens.html (2019). Accessed 31 Mar 2019

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Bielefeld UniversityBielefeldGermany
  2. 2.University SiegenSiegenGermany

Personalised recommendations