False sequential logic attack on SCADA system and its physical impact analysis

Li, Weize; Xie, Liang-Liang; Deng, Zulan; Wang, Zhiliang

doi:10.1016/j.cose.2016.01.001

Cited by 66 publications

(40 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

Section: Page 4 Of 42mentioning

confidence: 99%

“…The principal function of SCADA is acquiring the data from devices such as valves, pumps, etc. and providing control of all of these devices using a host software platform (Li et al (2016);Schneider Electric (2012)). The monitoring of the process is provided using a remote method of capturing data and alarm events, where instruments can be regulated and turned on and off at the right time.…”

mentioning

confidence: 99%

See 1 more Smart Citation

A safety/security risk analysis approach of Industrial Control Systems: A cyber bowtie – combining new version of attack tree with bowtie analysis

Abdo

Kaouk

Flaus

et al. 2018

Computers & Security

139

View full text Add to dashboard Cite

To cite this version:H Abdo, M. Kaouk, J-M. Flaus, F. Masse. A safety/security risk analysis approach of industrial control systems: a cyber bowtie -combining new version of attack tree with bowtie analysis. Computers Security, 2017, 72, pp.175-195 AbstractThe introduction of connected systems and digital technology in process industries creates new cyber-security vulnerabilities that can be exploited by sophisticated threats and lead to undesirable safety accidents. Thus, identifying these vulnerabilities during risk analysis becomes an important part for effective industrial risk evaluation. However, nowadays, safety and securityare analyzed separately when they should not be. This is because a security threat can lead to the same dangerous phenomenon as a safety incident. In this paper, a new method that considers safety and security together during industrial risk analysis is proposed. This approach combines bowtie analysis, commonly used for safety analysis, with a new extended version of attack tree analysis, introduced for security analysis of industrial control systems. The combined use of bowtie and attack tree provides an exhaustive representation of risk scenarios in terms of safety and security. We then propose an approach for evaluating the risk level based on two-term likelihood parts, one for safety and one for security. The application of this approach is demonstrated using the case study of a risk scenario in a chemical facility.Keywords: Risk analysis, safety, cyber-security, bowtie analysis, Attack-Tree analysis, SCADA. INTRODUCTIONAnalyzing risks of industrial and complex systems such as those found in nuclear plants, chemical factories, etc., is of crucial importance given the hazards linked to these systems (explosion, dispersion, etc.) (Abdo and Flaus, 2016b). Quantifying and analyzing these major risks contributes to better decision making and ensures that risks are managed according to defined acceptance criteria (Arunraj and Maiti, 2007).Industrial safety risk analysis aims to evaluate undesirable risk scenarios that can lead to major accidents that affect human and the environment. Traditionally, a systematic risk analysis process is made up of three steps: (i) identification of risk scenarios, (ii) likelihood analysis, (iii) effect analysis (Purdy, 2010). Based on these steps, a level of risk will be given to each scenario to see if it is acceptable or not. If not, safety measures should be added to reduce the level of risk to an acceptable level by diminishing the likelihood or the effects. This work considers the first two steps. Identifying a risk scenario aims to explore how an undesirable hazard can be developed starting from causes and ending with the consequences. Likelihood analysis aims to estimate the likelihood of occurrence of risk scenarios. This estimate can be qualitative or quantitative depending on the available data.Traditional industries were based on mechanical devices and closed systems (Kriaa et al., 2015). Only safety related risks generated from accidental com...

show abstract

Section: Page 4 Of 42mentioning

confidence: 99%

mentioning

confidence: 99%

A safety/security risk analysis approach of Industrial Control Systems: A cyber bowtie – combining new version of attack tree with bowtie analysis

Abdo

Kaouk

Flaus

et al. 2018

Computers & Security

139

View full text Add to dashboard Cite

show abstract

“…In this paper, we consider a highly-skilled attacker able to gain the access of a SCADA network and to disrupt the physical process before the intrusion is detected by sending syntactically and semantically valid command but with an harmful power due to their sequence. A false logic attack, as in [11,10], is invisible to most of the Intrusion Detection Systems (IDSs), because it uses well-formed packets with a content that is allowed even if a logic constraint is violated. An example of false logic attack is a sequence of opening and closing commands to a valve.…”

Section: Introductionmentioning

confidence: 99%

Smart Behavioural Filter for Industrial Internet of Things

Corbò¹,

Foglietta²,

Palazzo³

et al. 2017

Mobile Netw Appl

View full text Add to dashboard Cite

We are currently experiencing the fourth industrial revolution. This is what the German government initiative, first, has identified with 'Industry 4.0'. The manufacturing future will be marked and will go through the new automation technologies that are being introduced with Industrial Internet of Things (I2oT). Industrial Control Systems (ICSs) are exploiting I2oT for reducing costs and improving efficiency. However, ICSs are already jeopardized by an increasingly large set of threat vectors. Those threats are used by malicious actors to misuse physical Critical Infrastructures that usually are vital services for well-being. I2oT implementation increases the threat surface, generating new possible vulnerabilities.Information Technology (IT) classical approaches to cyber attacks cannot be applied to ICS due to their extreme differences from main priorities to resource constrains. Therefore, innovative approaches and equipment must be developed to suit with ICS world. In this paper, a Smart Behavioural Filter (SBF) for the PLCs (Programmable Logic Controllers) is proposed aiming to secure the PLC itself against logic attacks, that are stealth for other more classical security approaches. An example of the considered logic attacks is many open and close commands towards a valve in a short time. Those logic attacks are usually a sequence of well-formed packets in which the content

show abstract

“…[24] enumerated all regular behaviors of the field devices, the detection system regarded whether the system would reach the critical state as the estimation criteria. Li W. et al [25] considered the control data were the most direct and key factors that influenced the behavior of the physical processes, and focused on control sequences to analyze the false sequential logic attacks.…”

Section: A Anomaly Detection In Icpssmentioning

confidence: 99%