№2, 2021

ANALYSIS OF CYBERSECURITY PROBLEMS IN PROCESS CONTROL SYSTEMS

Yadigar N. Imamverdiyev

Industrial control systems (ICS) are widely used to control and monitor the production and supply of electricity, water supply and purification, oil and petrochemical industries, nuclear energy, transportation systems, railways and subways, they are the brain and basis of operations in these critical national infrastructures. Disruption of critical infrastructure can have a rapid and increasing impact on society, exacerbated by the high interdependence between critical infrastructures. In 2009, the Stuxnet malware demonstrated the reality and seriousness of ICS cybersecurity. In connection with the widespread use of the concept of Industry 4.0, cybersecurity of ICS is becoming especially relevant. The article provides brief information on the essence and components of the ICS, and briefly analyzes the current state of their cybersecurity. ICS cybersecurity assessment studies are analyzed in the areas of risk management, malware detection and analysis techniques, cybersecurity monitoring honeynet technologies and test benches for cybersecurity assessment, and open research issues in these areas. Basic research methods: modeling, comparative and descriptive methods, methods of analogy, analysis and synthesis; The main research approaches are systematic, complex and situational. It is expected that the results will be useful for the formation and development of cybersecurity infrastructure of industrial control systems in Azerbaijan, improvement of scientific research in the field of cybersecurity SIS, as well as for the development and practical implementation of a set of measures for national information security (pp.16-29).

Keywords: Industrial control systems, SCADA, PLC, critical national infrastructure, cybersecurity.
References
  • Benias N., Markopoulos A.P. A review on the readiness level and cyber-security challenges in Industry 4.0 / South Eastern European Design Automation, Computer Engineering, Computer Networks and Social Media Conference, 2017, pp. 1–5.
  • Macaulay T., Singer B.L. Cybersecurity for industrial control systems: SCADA, DCS, PLC, HMI, and SIS. Auerbach Publications, 2011, 203 p.
  • Krotofil M., Gollmann D. Industrial control systems security: What is happening? / Proc. of the 11th IEEE International Conference on Industrial Informatics, 2013, 670–675.
  • Angle M.G., Madnick S., Kirtley J.L., Khan S. Identifying and anticipating cyberattacks that could cause physical damage to industrial control systems // IEEE Power and Energy Technology Systems Journal, 2019, vol. 6, no.4, pp. 172–182.
  • Xu Y., Yang Y., Li T., Ju J., Wang Q. Review on cyber vulnerabilities of communication protocols in industrial control systems / IEEE Conference on Energy Internet and Energy System Integration, 2017, pp. 1–6.
  • Morris T.H., Gao W. Industrial control system cyber attacks / Proc. of the 1st International Symposium for ICS & SCADA Cyber Security Research, 2013, pp. 22–29.
  • Bencsáth B., Pék G., Buttyán L., Felegyhazi M. The cousins of Stuxnet: Duqu, Flame, and Gauss // Future Internet, 2012, vol. 4, no.4, pp. 971–1003.
  • Karnouskos S. Stuxnet worm impact on industrial cyber-physical system security / Proc. of the 37th Annual Conference of the IEEE Industrial Electronics Society, 2011, pp. 4490-4494.
  • Hemsley K., Fisher R. A history of cyber incidents and threats involving industrial control systems / International Conference on Critical Infrastructure Protection, 2018, pp. 215–242.
  • McLaughlin S., Konstantinou C., Wang X., Davi L., Sadeghi A.R., Maniatakos M., Karri R. The cybersecurity landscape in industrial control systems // Proceedings of the IEEE, 2016, vol. 104, no.5, pp. 1039–1057.
  • Peng Y., Jiang C., Xie F., Dai Z., Xiong Q., Gao Y. Industrial control system cybersecurity research // Journal of Tsinghua University Science and Technology, 2012, vol. 52, no.10, pp. 1396–1408.
  • Bhamare D., Zolanvari M., Erbad A., Jain R., Khan K., Meskin N. Cybersecurity for industrial control systems: A survey // Computers & Security, 2020, vol. 89, Article 101677, 23 p.
  • Asghar M. R., Hu Q., Zeadally S. Cybersecurity in industrial control systems: Issues, technologies, and challenges // Computer Networks, 2019, vol. 165, Article 106946, 16 p.
  • Alladi T., Chamola V., Zeadally S. Industrial control systems: Cyberattack trends and countermeasures // Computer Communications, 2020, vol. 155, pp. 1-8.
  • Rubio J. E., Alcaraz C., Roman R., Lopez J. Current cyber-defense trends in industrial control systems // Computers & Security, 2020, vol. 87, Article 101561, 12 p.
  • Babu B., Ijyas T., Muneer P., Varghese J. Security issues in SCADA based industrial control systems / Proc. of the 2nd International Conference on Anti-Cyber Crimes,2017, pp. 47–51.
  • Knowles W., Prince D., Hutchison D., Disso J.F.P., Jones K. A survey of cyber security management in industrial control systems // International Journal of Critical Infrastructure Protection, 2015, vol. 9, pp. 52–80.
  • Eckhart M., Brenner B., Ekelhart A., Weippl E.R. Quantitative security risk assessment for industrial control systems: Research opportunities and challenges // Journal of Internet Services and Information Security, 2019, vol. 9, no.3, pp. 52–73.
  • Cherdantseva Y., Burnap P., Blyth A., Eden P., Jones K., Soulsby H., Stoddart K. A review of cyber security risk assessment methods for SCADA systems // Computers & Security, 2016, vol. 56, pp. 1–27.
  • Guo Y., Lou X., Bajramovic E., Waedt K. Cybersecurity risk analysis and technical defense architecture: Research of ICS in nuclear power plant construction stage /  of the 3rd IAEA International Conference on Nuclear Security: Sustaining and Strengthening Efforts, 2020, 9 p.
  • Cárdenas A.A., Amin S., Lin Z.S., Huang Y.L., Huang C.Y., Sastry S. Attacks against process control systems: risk assessment, detection, and response / Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security,2011, pp. 355–366.
  • Abdo H., Kaouk M., Flaus J.M., Masse F. A safety/security risk analysis approach of Industrial Control Systems: A cyber bowtie–combining new version of attack tree with bowtie analysis // Computers & Security, 2018, vol. 72, pp. 175–195.
  • Stouffer K., Lightman S., Pillitteri V., Abrams M., Hahn A. Guide to industrial control systems (ics) security – NIST Special Publication (SP) 800-82 revision 2. NIST, Tech. Report, 2015, 247 p.
  • Komatwar R., Kokare M. A survey on malware detection and classification // Journal of Applied Security Research, 2020, pp. 1–31.
  • Fovino I.N., Carcano A., Masera M., Trombetta A. An experimental investigation of malware attacks on SCADA systems // International Journal of Critical Infrastructure Protection, 2009, vol. 2, no.4, pp. 139–145.
  • Peng Y., Liang J., Xu G. Malware detection method for the industrial control systems / Proc. of the 4th International Conference on Cloud Computing and Intelligence Systems, 2016, pp. 255–259.
  • Jain G., Raghuwanshi S., Vishwakarma G. Hardware trojan: Malware detection using reverse engineering and SVM / International Conference on Intelligent Systems Design and Applications, 2017, pp. 530–539.
  • Zhang J., Qin Z., Yin H., Ou L., Hu Y. IRMD: malware variant detection using opcode image recognition / IEEE 22nd International Conference on Parallel and Distributed Systems, 2016, pp. 1175–1180.
  • Di Pinto A., Dragoni Y., Carcano A. TRITON: The first ICS cyber attack on safety instrument systems / Proc. Black Hat USA, 2018, pp. 1–26.
  • Zimba A., Wang Z., Chen H. Multi-stage crypto ransomware attacks: A new emerging cyber threat to critical infrastructure and industrial control systems // ICT Express, 2018, vol. 4, no.1, pp. 14–18.
  • Zonouz S., Rrushi J., McLaughlin S. Detecting industrial control malware using automated PLC code analytics // IEEE Security & Privacy, 2014, vol. 12, no.6, pp. 40–47.
  • Jiang Y., Yin S., Kaynak O. Data-driven monitoring and safety control of industrial cyber-physical systems: Basics and beyond // IEEE Access, 2018, vol. 6, pp. 47374-47384.
  • Arnold C., Butts J., Thirunarayan K. Detecting integrity attacks on industrial control systems / International Conference on Critical Infrastructure Protection, 2014, pp. 3–13.
  • Liu J., Zhang W., Ma T., Tang Z., Xie Y., Gui W., Niyoyita J.P. Toward security monitoring of industrial cyber-physical systems via hierarchically distributed intrusion detection // Expert Systems with Applications, 2020, 23 p.
  • Kravchik M., Shabtai A. Detecting cyber attacks in industrial control systems using convolutional neural networks / Proceedings of the Workshop on Cyber-Physical Systems Security and Privacy, 2018, pp. 72–83.
  • Huda S., Yearwood J., Hassan M. M., Almogren A. Securing the operations in SCADA-IoT platform based industrial control system using ensemble of deep belief networks // Applied Soft Computing, 2018, vol. 71, pp. 66-77.
  • Hosic J., Lamps J., Hart D H. Evolving decision trees to detect anomalies in recurrent ICS networks / World Congress on Industrial Control Systems Security, 2015, pp. 50–57.
  • Hu Y., Yang A., Li H., Sun Y., Sun L. A survey of intrusion detection on industrial control systems // International Journal of Distributed Sensor Networks, 2018, vol. 14, no.8, 14 p.
  • Dutta N., Jadav N., Dutiya N., Joshi D. Using honeypots for ICS threats evaluation / Recent Developments on Industrial Control Systems Resilience, 2020, pp. 175–196.
  • Guarnizo J.D., Tambe A., Bhunia S.S., Ochoa M., Tippenhauer N.O., Shabtai A., Elovici Y. Siphon: Towards scalable high-interaction physical honeypots / Proc. of the 3rd ACM Workshop on Cyber-Physical System Security, 2017, pp. 57–68.
  • Serbanescu A.V., Obermeier S., Yu D.Y. ICS threat analysis using a large-scale honeynet / The 3rd International Symposium for ICS & SCADA Cyber Security Research, 2015, pp. 20–30.
  • Antonioli D., Agrawal A., Tippenhauer N.O. Towards high-interaction virtual ICS honeypots-in-a-box / Proc. of the 2nd ACM Workshop on Cyber-Physical Systems Security and Privacy, 2016, pp. 13–22.
  • Fan W., Du Z. Fernández D. Taxonomy of honeynet solutions / SAI Intelligent Systems Conference, 2015, pp. 1002–1009.
  • Antonioli D., Tippenhauer N.O. MiniCPS: A toolkit for security research on CPS networks // of the 1st ACM Workshop on Cyber-Physical Systems Security and Privacy, 2015, pp. 91–100.
  • Abe S., Tanaka Y., Uchida Y., Horata S. Developing deception network system with traceback honeypot in ICS network // SICE Journal of Control, Measurement, and System Integration, 2018, vol. 11, no.4, pp. 372–379.
  • Jicha A., Patton M., Chen H. SCADA honeypots: An in-depth analysis of Conpot / IEEE Conference on İntelligence and Security İnformatics, 2016, pp. 196–198.
  • Buza D. I., Juhász F., Miru G., Félegyházi M., Holczer T. CryPLH: Protecting smart energy systems from targeted attacks with a PLC honeypot / International Workshop on Smart Grid Security, 2014, pp. 181–192.
  • Cao J., Li W., Li J., Li B. Dipot: A distributed industrial honeypot system / International Conference on Smart Computing and Communication, 2017, pp. 300–309.
  • Holm H., Karresand M., Vidström A., Westring E. A survey of industrial control system testbeds / Nordic Conference on Secure IT Systems, 2015, pp. 11–26.
  • Green B., Derbyshire R., Knowles W., Boorman J., Ciholas P., Prince D., Hutchison D. ICS testbed Tetris: Practical building blocks towards a cyber security resource / Proc. of the 13th USENIX Workshop on Cyber Security Experimentation and Test, 2020, pp. 1–13.
  • Keliris, A., Konstantinou, C., Tsoutsos, N. G., Baiad, R., Maniatakos, M. Enabling multi-layer cyber-security assessment of Industrial Control Systems through hardware-in-the-loop testbeds / Proc. of the 21st Asia and South Pacific Design Automation Conference, 2016, pp. 511–518.
  • Hallaq B., Nicholson A., Smith R., Maglaras L., Janicke H., Jones K. CYRAN: a hybrid cyber range for testing security on ICS/SCADA systems / Cyber Security and Threats: Concepts, Methodologies, Tools, and Applications, 2018, pp. 622–637.
  • Craggs B., Rashid A., Hankin C., Antrobus R., Serban O., Thapen N. A reference architecture for IIoT and industrial control systems testbeds / Living in the Internet of Things, 2019, 8 p.
  • Christiansson H., & Luiijf E. Creating a European SCADA security testbed / International Conference on Critical Infrastructure Protection, 2007, pp. 237–247.
  • Korkmaz E., Dolgik, A., Davi, M., Skormi, V. Industrial control systems security testbed / Proc. of the 11th Annual Symposium on Information Assurance, 2016, pp. 1–6.
  • Vaughn Jr, R.B., Morris T. Addressing critical industrial control system cyber security concerns via high fidelity simulation / Proc. of the 11th Annual Cyber and Information Security Research Conference, 2016, pp. 1–4.