Cyber-Physical Systems Security

Alvaro A. Cardenas

© Crown Copyright, The National Cyber Security Centre 2019. This information is licensed under the Open Government Licence v3.0. To view this licence, visit http://www.nationalarchives.gov.uk/doc/open-government-licence/.

When you use this information under the Open Government Licence, you should include the following attribution: CyBOK Cyber-Physical Systems Security Knowledge Area Issue 1.0 © Crown Copyright, The National Cyber Security Centre 2019, licensed under the Open Government Licencehttp://www.nationalarchives.gov.uk/doc/open-government-licence/.

The CyBOK project would like to understand how the CyBOK is being used and its uptake. The project would like organisations using, or intending to use, CyBOK for the purposes of education, training, course development, professional development etc. to contact it at contact@cybok.org to let the project know how they are using CyBOK.

Modernization of our Physical

Infrastructures

2

Industrial Control SystemsBuilding AutomationManufacturing Automation

Smart GridIntelligent

Transportation Systems

Operations

Center

WirelessHART, ISA 100.11a, 6LoWPAN, ROLL, 802.15.4, …

Smart Homes, Autonomous

Vehicles, Agriculture

3

Image Source:

conosco.com

Cyber-Physical Systems

4

• Control

• Computation

• Communication

• Interdisciplinary

Research!

Security Problems

5

Control Systems

6

Control Room

HMI

PLC

Centrifuges

1kHz 1kHz

StatusStatus

Medical Devices

8

Air Traffic Communications

(ADS-B)

9

• Source: Sampigethaya et al.

Autonomous Vehicles

10

A decade ago it was hard to convince

researchers this was a problem

Only one verified attack to control systems:

2000 attack on waste water control system

11

If attacker has partial control of system, it

can drive it to unsafe states.

Nothing new!

Use normal IT security tools!

Nothing new!

Safety and fault tolerance will save

the day!

Security of Control Systems?

Not my job!

It’s the control engineers job!

Not my job!

It’s the IT security guy’s job!

Why is CPS Security Different?

12Attacks != Failures

Security Control

Security in CPS

• Security is not only about keeping attackers

out

• It is also about

– Understanding risks

– Mitigating

– Detecting

– Responding

to adversaries that have partial access to

your system13

Preventing Attacks

• Securing Legacy Systems

• Bump-in-the-wire

• Wireless shields

• Retrofitting security in legacy communications

• Lightweight security

• High-assurance systems

• Preventing transduction attacks

14

Detecting Attacks

• Remote attestation

• Misuse detection

• Anomaly detection

• Physics-based

attack detection

• Active detection

15

Physical

Process

(Plant)

Actuators Sensors

Controller

Detection

vk zk

yk

Reconfiguration

uk

uk(Under Normal Operation)

r k

Physical

Model

LDS or ARuk

yk

yky −k 1r = y − yk k ˆk

Residual Generation

Anomaly

Detection:

Sateless or

Stateful

r k

Detection

alert

Mitigating Attacks

• Conservative control

• Security indices

• Resilient estimation

• Inertial resets

• Constraining actuation

• Virtual sensors

• Reactive response

(game theory)

• Safe controls

16

Privacy in CPS

Privacy and New Technologies

• The right to be let alone (Thomas Cooley)

• There is a growing threat to this right

– “recent inventions and business methods”

– “instantaneous photographs”

• Cameras created a new privacy problem:– They allowed photography of unwilling or unknowing

persons18

Warren and Brandeis

(1890)

Kevin Ashton (British entrepreneur)

coined the term IoT in 1999.

19

• 20th Century: computers were

brains without senses—-they only

knew what we told them.

• More info in the world than what

people can type on keyboard

• 21st century: computers sense

things, e.g., GPS we take for

granted in our phones

Ve h i c u l a r Pr i v a c y

20

Drones and Privacy

21

connect to drone open AP1

Attacker

Drone

3

2 echo lewei_cmd;…

record and return footage

Location Privacy

22

IoT for Children

23

Children are easy molded.

Accept standards of surveillance.

Smart Homes and Privacy

Policy and Political Aspects

Security is a Hard BusinessCase

• “Making a strong business case for cybersecurity

investment is complicated by the difficulty of quantifying risk

in an environment of rapidly changing, unpredictablethreats with consequences that are hard to demonstrate”

– DoE. Roadmap to Achieve Energy Delivery Systems

Cybersecurity

26

As a Result Systems are Vulnerablewith Basic Security Gaffes

• Unauthenticated remote connection to devices• Unencrypted communications • Hardcoded backdoor from manufacturer• Hardcoded keys in devices• Devices have several easily exploitable vulnerabilities

• Security incentives (regulation?) represent

the most pressing challenge for improvingthe security posture of critical infrastructures

27

Cyberconflict

• Computer networks are an extension to the way we

interact with others– Any conflict will have its equivalent representation in

cyberspace.

• Cybercrime (violation of domestic law)

• Cyberespionage (OK under international law; nation-

states)

• Cyberwar (cyber attacks in armed conflict)

• M. Schmitt. International Law in Cyberspace: The Koh

Speech and Tallinn Manual Juxtaposed, 2012.

28

The Law of War Applies in

Cyberspace

• Tallin Manual: Non-binding study on how International Law

applies to cyber conflicts. NATO’s cooperative cyber-defense

center of excellence.

• The Koh Speech: State Dept. legal advisor Harold Koh,

explaining how U.S. interprets international law to cyberspace

• jus ad bellum (right to enter a war)

• jus in bellum (acceptable wartime conduct)

• Physical effects of a cyber-operation are key

• Are they similar to kinetic effects caused by e.g. missile?

• Grey area: cyber-attacks that do not rise to the level of

armed attacks

• Challenges: proportionality, attribution, and distinction (civilian

and military objectives)

29

Conclusions

• Attacks to CPS are growing: Attackers have the motivations,

knowledge, resources, and persistence to launch attacks

that will damage the physical world (even humans)

• We need to be prepared to prevent, detect, mitigate,

and respond to these attacks

• Privacy issues are also a growing concern• We need to design mechanisms to facilitate the utility of

the CPS system while minimizing privacy loses

• Policy and political aspects

• Incentives for securing CPS• Need new international legal frameworks for cyber

conflict30