Towards Automatic Vulnerability Assessment of Industrial Control Systems - Cyber

Abstract

Abstract: Towards automatic vulnerability assessment of industrial control systems Vulnerabilities in industrial control systems (ICS) are typically attributed to (i) implementation insecurities/flaws in the embedded sensors, actuators, and programmable logic controllers (PLC), (ii) to implementation or specification insecurities/flaws in communication/network protocols (e.g. BACNET, MODBUS, openDNP, etc) or (iii) to misadministration and misconfiguration of these platforms. According to a recent report, 85% of ICS security breaches took months to be detected, highlighting the fact that vulnerabilities in PLCs have not been the focus of security community. In this project, we propose to automate the vulnerability assessment of implementation and access control security flaws in the different components of an ICS, with a particular focus on PLCs. An automated tool, which will connect to the PLCs-under-test will be developed. The project consists of four tasks: Task 1 - Create an ICS testbed: An experimental PLC-based ICS testbed will be established, which will include devices typically used in the oil and gas industry, as well as the chemical sector. A configurable, “PLCs-in-the-loop” simulator for the process dynamics as well as sensor and actuator communication protocols will be developed so that one can test attacks that would cause instabilities or process damage. Task 2 - Security analysis: This task will be the basis for the creation of the internal database that will drive the vulnerability assessment tool. Existing and newly developed attacks for the various classes of ICS devices will be performed. This entails a systematic enumeration and formulation of the attacks for single PLC-based and the multi-PLC-based experimental and “PLCs-in-theloop” testbeds. Emphasis will be on the process-centric attacks that operate within the semantic context of process dynamics and control and PLC logic systems. Task 3 - Control-theoretic mechanisms to mitigate vulnerabilities: Algorithms to monitor the networked PLC-based ICS system for a set of representative attack types among those described above will be developed and implemented on the experimental testbed. A dynamic observer based approach as well as machine learning will be utilized for attack monitoring based on observation/estimation of deviations from process models (that are, in general, combinations of a priori and learned models) and can be used to detect process-based attacks. Task 4 - Automated tool development: A tool, in the form of software or standalone hardware, will be developed. The tool will connect to the target device through available ports (ethernet, usb, serial, JTAG, etc.) in a device-aware or device-agnostic configuration, driven by internal device and vulnerability databases. The tool will report potential vulnerabilities to the user. PIs’ strength: The NYU team has expertise in ICS testbed design (e.g., development of a testbed for the smart grid in collaboration with Con Edison, the local power grid company), security assessment (uncovered over hundred vulnerabilities in embedded platforms as part of the annual embedded security challenge), and resilient control systems design and analysis for various applications in ICS and unmanned systems.

Document Details

Document Type

DoD Grant Award

Publication Date

Aug 12, 2016

Source ID

N000141512182

Entities

Tags