Intelligent Risk Based Cybersecurity Protection for Industrial Systems Control - A Feasibility Study

S. Houmb, F. Iversen, Robert Ewald, Einar Færaas
{"title":"Intelligent Risk Based Cybersecurity Protection for Industrial Systems Control - A Feasibility Study","authors":"S. Houmb, F. Iversen, Robert Ewald, Einar Færaas","doi":"10.2523/iptc-22795-ms","DOIUrl":null,"url":null,"abstract":"\n Intelligent automated industrial process control requires a higher level of systems integration and connectedness than what has traditionally been the case. With such development comes increased risk of cyber-attack for Operational Technology (OT) systems such as Industrial Control Systems (ICS). For ICS, cyber-attacks can have significant consequences also in the physical world, with potentially catastrophic consequences, as experienced in the Colonial Pipeline and the Ukraine Power Grid attacks. Physical risk to the work environment, the product, and surroundings should therefore be accounted for in cybersecurity solutions for ICS.\n For this purpose, models and methods are required that consider the function of the whole Cyber-Physical System (CPS) not just the ICS, with the capability of detecting and correlating observations across the layers of system control, including the physical process being controlled. To achieve this, a context-based detection approach that can model the CPS and combine this with a process-aware risk analysis for attack response is proposed. The approach also needs to be adaptable (intelligent) to account for the process dynamics and the evolving cyber-attack threats. For this purpose, diagnostic models adapted to the industrial process should be applied together with situational awareness monitoring and cyber-attack detection tools, such as ICS Intrusion Detection Systems (IDS). The capability of the ICS IDS therefore needs to be extended to cover both Information Technology (IT) and OT parts of the ICS and include an understanding of the physical system and process as a knowledge basis, fed by process sensor and instrumentation data. These diagnostic models must cover the whole CPS in the risk analysis to provide aid in the attack response decision making. To achieve this, the models need to combine the physical characteristics of the process with the characteristics of the other system layers.\n Based on studies in a drilling control system environment, results indicate that existing tools can be used to detect and discern between different types of cyber-attack on Cyber-Physical Systems (CPS). This indicates feasibility with respect to monitoring of the OT and IT part of the system for building risk-based cybersecurity solutions. The challenge and novel part are to extend IT and OT systems cyber detection with automated evaluation of the resulting process risk taking physical process information into account, to make response decisions not only based on potential digital consequences but also consequences for the process and physical world.","PeriodicalId":153269,"journal":{"name":"Day 2 Thu, March 02, 2023","volume":"152 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-02-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Day 2 Thu, March 02, 2023","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2523/iptc-22795-ms","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

Intelligent automated industrial process control requires a higher level of systems integration and connectedness than what has traditionally been the case. With such development comes increased risk of cyber-attack for Operational Technology (OT) systems such as Industrial Control Systems (ICS). For ICS, cyber-attacks can have significant consequences also in the physical world, with potentially catastrophic consequences, as experienced in the Colonial Pipeline and the Ukraine Power Grid attacks. Physical risk to the work environment, the product, and surroundings should therefore be accounted for in cybersecurity solutions for ICS. For this purpose, models and methods are required that consider the function of the whole Cyber-Physical System (CPS) not just the ICS, with the capability of detecting and correlating observations across the layers of system control, including the physical process being controlled. To achieve this, a context-based detection approach that can model the CPS and combine this with a process-aware risk analysis for attack response is proposed. The approach also needs to be adaptable (intelligent) to account for the process dynamics and the evolving cyber-attack threats. For this purpose, diagnostic models adapted to the industrial process should be applied together with situational awareness monitoring and cyber-attack detection tools, such as ICS Intrusion Detection Systems (IDS). The capability of the ICS IDS therefore needs to be extended to cover both Information Technology (IT) and OT parts of the ICS and include an understanding of the physical system and process as a knowledge basis, fed by process sensor and instrumentation data. These diagnostic models must cover the whole CPS in the risk analysis to provide aid in the attack response decision making. To achieve this, the models need to combine the physical characteristics of the process with the characteristics of the other system layers. Based on studies in a drilling control system environment, results indicate that existing tools can be used to detect and discern between different types of cyber-attack on Cyber-Physical Systems (CPS). This indicates feasibility with respect to monitoring of the OT and IT part of the system for building risk-based cybersecurity solutions. The challenge and novel part are to extend IT and OT systems cyber detection with automated evaluation of the resulting process risk taking physical process information into account, to make response decisions not only based on potential digital consequences but also consequences for the process and physical world.
基于智能风险的工业系统控制网络安全保护可行性研究
智能自动化工业过程控制需要比传统情况下更高水平的系统集成和连通性。随着这种发展,操作技术(OT)系统(如工业控制系统(ICS))遭受网络攻击的风险增加。对于ICS来说,网络攻击也可能在物理世界中产生重大后果,如殖民地管道和乌克兰电网攻击所经历的那样,具有潜在的灾难性后果。因此,ICS的网络安全解决方案应考虑到工作环境、产品和周围环境的物理风险。为此,需要考虑整个网络物理系统(CPS)的功能的模型和方法,而不仅仅是ICS,具有跨系统控制层(包括被控制的物理过程)检测和关联观察的能力。为了实现这一点,提出了一种基于上下文的检测方法,该方法可以对CPS进行建模,并将其与针对攻击响应的进程感知风险分析相结合。该方法还需要具有适应性(智能),以解释流程动态和不断发展的网络攻击威胁。为此,适应工业过程的诊断模型应与态势感知监测和网络攻击检测工具(如ICS入侵检测系统(IDS))一起应用。因此,ICS IDS的能力需要扩展,以涵盖ICS的信息技术(IT)和OT部分,并包括对物理系统和过程的理解,作为知识基础,由过程传感器和仪表数据提供。这些诊断模型必须在风险分析中覆盖整个CPS,为攻击响应决策提供帮助。为了实现这一点,模型需要将过程的物理特性与其他系统层的特性结合起来。基于对钻井控制系统环境的研究,结果表明,现有工具可用于检测和识别针对网络物理系统(CPS)的不同类型的网络攻击。这表明了在监控系统的OT和IT部分以构建基于风险的网络安全解决方案方面的可行性。挑战和新颖的部分是扩展IT和OT系统的网络检测,自动评估产生的过程风险,将物理过程信息考虑在内,不仅根据潜在的数字后果,而且根据过程和物理世界的后果做出响应决策。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信