CPS: Flying blind - Challenges and Uncertainties for Timing Attacks on Process Control Systems

Presentation pdf 2.9MB

DoS attacks on sensor measurements used for industrial control can cause the controller of the process to use \emph{stale data}. If the DoS attack is not timed properly, the use of stale data by the controller will have limited impact on the process; however, if the attacker is able to launch the DoS attack at the correct time, the use of stale data can cause the controller to drive the system to an unsafe state.

Understanding the timing parameters of the physical processes does not only allow an attacker to construct a successful attack but also to maximize its impact (damage to the system). In this paper we use Tennessee Eastman challenge process to study an attacker that has to identify (in real-time) the optimal timing to launch a DoS attack. The choice of time to begin an attack is forward-looking, requiring the attacker to consider each opportunity against the possibility of a better opportunity in the future, and this lends itself to the theory of optimal stopping problems. In particular we study the applicability of the Best Choice Problem (also known as the Secretary Problem), quickest change detection, and statistical process outliers. Our analysis can be used to identify specific sensor measurements that need to be protected, and the time that security or safety teams required to respond to attacks, before they cause major damage.
Our analysis can be used to identify specific sensor measurements that need to protected, and will identify the time to response to attacks, so process operators and asset owners can define appropriate security response policies to attacks.

Author(s):

Marina Krotofil    
Hamburg University of Technology
Germany

Alvaro Cardenas    
University of Texas at Dallas
United States

Bradley Manning    
Hamburg University of Technology
Germany

Jason Larsen    
IOActive, Inc.
United States