Suchen und Finden
Cyber-Physical Attacks - A Growing Invisible Threat
von: George Loukas
Elsevier Reference Monographs, 2015
ISBN: 9780128014639 , 270 Seiten
Format: PDF, ePUB
Kopierschutz: DRM
Preis: 35,95 EUR
A History of Cyber-Physical Security Incidents
Chapter Summary
Although the concept of a cyber-physical attack is not new, in recent years we have become so dependent on computerized and networked systems that such attacks are now considered a key threat to critical national infrastructures and a realistic threat to private cars, home automation devices, and even pacemakers. Cyber-physical security incidents can be accidents caused by misconfiguration and sheer bad luck or they can be state-sponsored attacks several months in preparation. They can be targeted, they can be opportunistic, and they can even be the result of indiscriminate malware infections. This chapter is not about what they can be but about what they have been. A brief history of incident reports demonstrates a remarkable variety of targets, motives, attack mechanisms, and impacts. We focus in particular on the sectors of energy, water, health, transport, and defense, and briefly discuss landmark real-world incidents that have been publicly reported, as well as some of the most noteworthy staged attacks that have been carried out by researchers.
Key Terms
History; cyber-physical incident; industrial control system; SCADA; malware; normal accident; kinetic cyber
Chapter Outline
Reported Incidents by Sector Affected 23
Energy 23
Water 31
Health 34
Defense 43
A Discussion on the Cyber-Physical Security Incident Reports 45
Motivations 45
Second Order Cyber-Physical Dependencies 48
The Impact of Cyber-Physical Attacks 51
Summary 54
Dependable and accurate reports on cyber-physical attacks are rare. As with all types of information security breaches, organizations are reluctant to publicly report them, fearing that they will be seen as easy targets and therefore attract further attacks. Being relatively novel, a cyber attack with a physical impact may also be more newsworthy, even further damaging the reputation of the organization that would report it. As a result, a history of cyber-physical security incidents can only be incomplete. It cannot help us deduce their actual frequency or severity and it cannot show how to best defend against them. What it can do is help illustrate their breadth, chronological evolution, and potential impact.
The incidents discussed in this chapter were publicly reported to have occurred either in the real world or in an experimental laboratory setting. There have been many others but it is not this book’s aim to disclose classified information or to provide an exhaustive list of many similar incident reports. Our focus is on incidents that are notable for their impact or for the new approach that they demonstrated. We have chosen to present this history by sector affected, starting with the one that has seen most of the high-profile incidents: the energy sector. It is primarily the cyber-physical attacks in this sector that have sparked a series of public research programs around the world on the security of critical national infrastructures.1
For convenience in referring back to these incidents throughout the rest of the book, each one is assigned an identifier, starting with E1 as the first one mentioned in the energy sector, W1 in the water sector, and so forth. A graphical timeline is provided at the end of this chapter.
Reported Incidents by Sector Affected
Energy
An oft-repeated story from the Cold War recounts that in June 1982, somewhere in the Siberian wilderness, a natural gas pipeline exploded so spectacularly that it could be seen from space2 (E1). The story contends that, through a Soviet defector a year earlier, the CIA had become aware that the Soviets were trying to steal pipeline control software from a Canadian company. Allegedly, the CIA made the company insert flaws in the code that would cause the pipeline’s valves to misbehave and lead to pressures beyond its limits. The only account of the operation and the explosion comes from a US official’s memoirs of the Cold War and has never been confirmed from other sources. It may or may not be true. What we can confidently consider as true, though, is that the possibility of such cyber-physical sabotage was already known to the US intelligence services. The defector had provided a list of the most important technologies that the Soviets were trying to steal from the West and the CIA would run a large deception operation around them. According to the CIA’s “Farewell Dossier” that was declassified in 1996, “contrived computer chips found their way into Soviet military equipment, flawed turbines were installed on a gas pipeline, and defective plans disrupted the output of chemical plants and a tractor factory.”
Since the wide adoption of supervisory control and data acquisition (SCADA) systems started in the 1980s, production and delivery of energy is controlled remotely and in a largely automated manner. As a result, a flaw in software code can indeed affect power stations and pipelines. (See Box 2.1 for more information on SCADA systems.)
Box 2.1
Industrial Control Systems
This is a general term for systems used to monitor and control physical processes in manufacturing, power generation, water treatment, mass transit, and other critical infrastructures. The primary types used today are the programmable logic controller (PLC), the distributed control system (DCS), and the supervisory control and data acquisition (SCADA) system.
A PLC3 is a microprocessor-based controller that allows an engineer to configure the logic of a system involving sensors and actuators. For instance, using a relatively simple graphical programming language called ladder logic, the engineer may specify that “if the temperature is over 200 °C and the rotational speed is over 1,000 rpm, then open valves A and D.” For our purposes, they are computers used to automate the control of machinery. Unlike personal computers, they are designed to resist vibrations, electrical noise, humidity, heat, and other adverse environmental conditions, to ensure the safe operation of the machinery they control. They typically have multiple input and output points for connecting to sensors and actuators, and as their name implies, their logic can be programmed. This is usually done on an accompanying programming terminal or a separate personal computer running specialized software and then loaded on the PLC via cabling. Most modern PLCs also have some form of network connectivity for communicating with other systems, especially when they are themselves components of DCS or SCADA systems.
While a PLC controls machinery, a DCS is a distributed system that may control a whole plant’s industrial processes, such as an entire production line in a manufacturing plant. A DCS may oversee multiple subsystems and particularly PLCs. Also, it is typically expected to stay online for very long periods of time and to be reconfigured while it is online. DCS systems are usually found in manufacturing plants, chemical plants, refineries, and so on.
SCADA systems are used where there is a need to centrally monitor and control geographically dispersed assets. While the emphasis of DCS is on processes, the emphasis of SCADA is usually on real-time data gathering. They monitor remote terminals units (RTUs; also known as remote telemetry units) that are responsible for sensing, process the data centrally, and allow a human supervisor or an automated process to remotely issue commands to field devices such as motors, valves, and pumps. RTUs and PLCs share a lot of functionality, but RTUs have traditionally placed more emphasis on data gathering and wireless communication, whereas PLCs have placed more emphasis on the control of machinery. We refer to either as field controllers, as they control field devices, such as sensors, pumps, and valves. An important component of a SCADA system is the human machine interface (HMI) that displays the remotely gathered real-time information in a manner that is easy for the human operator to understand and act upon. So, a typical SCADA system’s architecture would be composed of RTUs for gathering sensor data from the field, a control center for processing the data, and a HMI for displaying them and for issuing commands remotely to the field devices of a plant (see Figure 2.1). Communication between the various components may be wired or wireless and is increasingly based on the Internet protocol (IP). SCADA systems are typically used for the management of wastewater collection systems, ships, rail systems, and oil and gas pipelines. In the case of the electrical grid, it is a DCS that controls the operation of the power generation facility, but it is a SCADA system monitoring supply and demand across the grid that determines how much energy the facility should produce.4
Figure 2.1 A simplified representation of a SCADA architecture with field controllers (PLCs, RTUs, etc.) controlling field devices and gathering sensor data.
3Bolton, W. (2009). Programmable logic controllers. Newnes.
4Stouffer, K., Falco, J., and Scarfone, K. (2011). Guide to industrial control systems (ICS) security. NIST Special Publication, pp. 800–882.
Most of the industrial control...
Alle Preise verstehen sich inklusive der gesetzlichen MwSt.