Abstract
This paper presents a framework for discussing security in cyber-physical systems, built on a simple mental model of the relationship between security and safety that has protection flows at its core. We explain their separation of concerns and outline security issues which can yield a violation of the protection flow, supporting the discussion with real world examples. We conclude the paper with a discussion on matters which are beyond our control, subjected to contradictory requirements, or do not have easy solutions. We also identify novel research challenges in the emerging field of cyber-physical security.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Configure access points with Google Location Service, https://support.google.com/maps/answer/1725632?hl=en
Project KillerBee, https://code.google.com/p/killerbee/
Safety securing approach against cyber-attacks for process control system. Computers & Chemical Engineering 57, 181–186 (2013)
Anderson, G., Bell, M.L.: Lights Out: Impact of the Power Outage on Mortality in New York August 2003. Epidemiology 23(2), 189–193 (2012)
Avizienis, A., Laprie, J.C., Randell, B., Landwehr, C.: Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing 1, 11–33 (2004)
Bobrek, M., Bouldin, D., Holcomb, D., Killough, S., Smith, S., Ward, C., Wood, R.: Review Guidelines for Field-Programmable Gate Arrays in Nuclear Power Plant Safety Systems. U.S.RNC (2010)
Bratus, S., Locasto, M., Patterson, M.L., Sassaman, L., Shubina, A.: Exploit Programming: From Buffer Overflows to ‘Weird Machines’ and Theory of Computation. USENIX; Login 36(6), 13–21 (2011)
connectBlue: Bluetooth Technology in Oslo Pump Stations (2011), http://www.connectblue.com/fileadmin/Connectblue/Web2006/Documents/References/ABB_Norway.pdf
Cusimano, J., Byres, E.: Safety and Security: Two Sides of the Same Coin. ControlGlobal (2010)
Davis, M.: SmartGrid Device Security: Adventures in a new medium. Black Hat USA (2011)
Gollmann, D.: Veracity, plausibility, and reputation. In: Askoxylakis, I., Pöhls, H.C., Posegga, J. (eds.) WISTP 2012. LNCS, vol. 7322, pp. 20–28. Springer, Heidelberg (2012)
Kesler, B.: The vulnerability of nuclear facilities to cyber attack. Strategic Insights 10(1), 15–25 (2011)
Langner, R.: To kill a centrifuge. Tech. rep., Langner Communications (2013)
Larsen, J.: Going Small When Attacking a Process, http://vimeopro.com/s42012/s4x14/video/84632472
Larsen, J.: Breakage. Black Hat USA (2008)
Leverett, É.P.: Quantitatively Assessing and Visualising Industrial System Attack Surfaces. Master’s thesis, University of Cambridge, UK (2011)
Leverett, É.P., Wightman, R.: Vulnerability Inheritance Programmable Logic Controllers. In: The 2nd International Symposium on Research in Grey-Hat Hacking, GreHack (2013)
Leveson, N.G.: Engineering a Safer World: Systems Thinking Applied to Safety. The MIT Press (2012)
Linda, O., Manic, M., McQueen, M.: Improving control system cyber-state awareness using known secure sensor measurements. In: Hämmerli, B.M., Kalstad Svendsen, N., Lopez, J. (eds.) CRITIS 2012. LNCS, vol. 7722, pp. 46–58. Springer, Heidelberg (2013)
Matherly, J.C.: SHODAN (2009), http://www.shodanhq.com/
McIntyre, C.: Using Smart Instrumentation. Plant Engineering: online magazine (2011), http://www.controleng.com/single-article/using-smart-instrumentation/a0ec350155bb86c8f65377ba66e59df8.html (retrieved: December 2013)
NERC: Critical Infrastructure Protection Standards, http://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx
NIST: Guide for Assessing the Security Controls in Federal Information Systems and Organizations (2010)
Novak, T., Gerstinger, A.: Safety- and Security-Critical Services in Building Automation and Control Systems. IEEE Transactions on Industrial Electronics 57(11), 3614–3621 (2010)
Rinaldi, S., Peerenboom, J., Kelly, T.: Identifying, understanding, and analyzing critical infrastructure interdependencies. IEEE Control Systems 21(6), 11–25 (2001)
U.S. Chemical Safety and Hazard Investigation Board: DuPont Corporation Toxic Chemical Releases: Investigation Report. Tech. rep., U.S. Chemical Safety Board (CSB) (20011)
U.S. Chemical Safety and Hazard Investigation Board: Bp America Refinery Explosion: Final Investigation Report. Tech. rep., U.S. Chemical Safety Board (CSB) (2007)
U.S. Chemical Safety and Hazard Investigation Board: LPG Fire ar Valero–McKee Refinery: Final Investigation Report. Tech. rep., U.S. Chemical Safety Board (CSB) (2007)
Zeller, M.: Myth or reality - does the Aurora vulnerability pose a risk to my generator? In: 2011 64th Annual Conference for Protective Relay Engineers, pp. 130–136 (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Krotofil, M., Larsen, J. (2014). Are You Threatening My Hazards?. In: Yoshida, M., Mouri, K. (eds) Advances in Information and Computer Security. IWSEC 2014. Lecture Notes in Computer Science, vol 8639. Springer, Cham. https://doi.org/10.1007/978-3-319-09843-2_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-09843-2_2
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-09842-5
Online ISBN: 978-3-319-09843-2
eBook Packages: Computer ScienceComputer Science (R0)