Security Monitors for Control Systems

Abstract

Industrial control systems manage the operation of much of the critical infrastructure of modern society including the physical plants of naval and military systems. Over the last several years it has become apparent that such systems are vulnerable to cyber attack. Examples include Stuxnet [14], the shutdowns of the Kiev power grid [8], And the failed (but nearly successful)Triton attack. There is a serious possibility that core components of a naval platform could be disabled through cyber means for long enough to compr"omise mission e -ectiveness. In this e -ort we propose to build a security monitor"" for such control systems that is capable of pre"cting, detecting and diagnosing cyber attacks on such control systems. Our approach builds on our prior research in this area and co"mbines the use of AI planning techniquesto develop a library of multi-stage attack plans"", the use of adversarial plan recognitio""n"" techniques to detect most such attacks before they actually compromise the system and the use of AI based model-based troublesho""oting"" techniques to detect and diagnose attacks that get through and to contain the damage of such an attack. In past e -orts, we h"ve worked in simulated environments. However, there are now open source implementations of control system software [1], making it possible to implement our techniques on a real control system in a testbed environment. We will use this environment to integrate and evaluate our techniques in a series of increasingly complex testbeds.

Document Details

Document Type

DoD Grant Award

Publication Date

Dec 16, 2019

Source ID

N000142012749

Entities

Tags