Cyber Physical Security
for Industrial Control Systems
Industrial Control Systems: Engineering Foundations and Cyber-Physical Attack Lifecycle
A technical white paper that provides an introduction to cyber-physical security science and the art of cyber-physical attacks from the adversarial perspective.
The major objective of the white paper is to give the readers comprehensive yet sufficiently concise background on the engineering foundations of industrial control systems and their security requirements as well as to introduce the cyber-physical attack lifecycle.
The white paper is written for a broad audience and is meant to be understandable even for people with no previous knowledge of industrial control systems and/or engineering background.
For whom this technical white paper is
Industry 4.0 is a new historical milestone in the history of mankind characterized by the emergence of engineered systems called cyber-physical systems (CPS): systems where the events in the physical world are managed with the help of modern advances in computation, networking, and control engineering. Industrial Control Systems (ICS) are large-scale cyber-physical systems of high complexity. Many of them are categorized as critical infrastructures (CI) because societal well-being depends on their reliability. Cyberfication of physical infrastructures led to the emergence of a new class of malicious threats called cyber-physical attacks. During such attacks, threat actors aim at achieving a desired outcome in the physical world.
This white paper consists of two major parts. The first part provides the engineering foundations of large-scale industrial control systems, their security considerations, and intrinsic aspects of cyber-physical exploitation. The second part introduces the cyber-physical attack lifecycle or steps the attacker needs to follow to engineer a targeted attack on a physical process or equipment followed by a realistic illustration of efforts involved in cyber-physical exploitation of a chemical plant that provides a "through the attacker's eyes" experience.
The white paper is focused on the less well understood engineering side of cyber-physical attacks as opposed to their cyber part where the attacker is attempting to compromise computational and networking infrastructure. While the white paper uses an illustrative example of a large continuous physical process and operational technology (OT) environment, the described principles, considerations, and challenges apply to all types of cyber-physical systems.
General audience such as students, journalists, concerned citizens and simply curious individuals
Perceived and real security threats affecting industrial infrastructures have been attracting considerable attention in the media due to their potential of having a significant impact on the availability/quality of vital services and goods. While the number of attacks on these infrastructures is increasing, some threats are over-exaggerated while some vulnerabilities are not sufficiently highlighted. The white paper might help readers with developing independent thinking and reasoning about the disruptive potential of cyber-physical attacks as well as current and future cyber-warfare topics. An example of civil responsibility is a German independent organization AG Kritis which was set up to urge policy makers on better critical infrastructure protection requirements.
Security consultants, threat intelligence analysts, GRC specialists and policy makers
In the past, security needs of OT environments were predominately addressed by on-site engineers. With the growing complexity of the computing part of the OT infrastructure and the requirement for its connectivity to the enterprise network, IT security specialists became (co-)responsible for the security of OT assets. While some of the OT security challenges are similar to those in the enterprise domain, there are many critical differences. The white paper provides essential background information on the OT network architectures, process and control engineering as well as essential aspects of what it takes to design and execute an attack on a cyber-physical system, aiding the readers with a better understanding of security risks in the OT domain.
Incident responders, forensic specialists, pentesters, Red/Blue Teamers and OT SOC atchitectors
Effective incident response in OT environments requires not only familiarity with the OT architectures and applications but also an understanding of the attacker's activities across the relevant attack lifecycle. Additionally, the investigation within the control systems zone requires close collaboration with process operators and engineers due to their familiarity with equipment, protocols, and possibly useful forensic artifacts. The white paper provides a breadth of relevant information to not only reason about potential attackers' actions but also to have a more effective dialog with the personnel on the shop floor. As part of the incident preparedness, the white paper offers a blueprint of a cyber-physical attack which can be used for designing table-top exercises and Red/Blue Team exercises.
Process engineers, operators and maintenance personnel, control systems engineers and integrators
For decades industrial control systems used to be segregated from untrustworthy environments such as enterprise networks, 3rd-party service providers, and the Internet. Most cyber incidents resulted either from accidental mistakes or random faults. With the evolutionary convergence of OT and IT networks, plant personnel increasingly began to interact with the IT and cyber security specialists. The white paper is useful as a quick reference for the standard representation of OT network architectures and security principles relevant to cyber-physical environments. The step-wise description of a cyber-physical attack design process is helpful for developing an attacker's mindset and facilitating more productive collaborations with cyber security specialists.
Academic, industrial and independent researchers from security and engineering domains
In contrast to IT security which can trace its roots back several decades, the discipline of CPS security is comparatively young, and the research community has not yet achieved the same clarity about relevant threats and best security practices. The white paper outlines a good amount of the CPS security and safety research questions which have not yet received any or sufficient attention. CPS security is an inter-disciplinary research area. Embedded systems security researchers may find inspiration for attack scenarios when weaponizing found vulnerabilities and assessing their criticality. Legal experts may assist with defining legally-bound forensic evidence for cyber insurance.
Dr.-Ing. Marina Krotofil
I am a cyber security professional who specializes in Industrial Control Systems with a focus on cyber-physical security or how to cause physical impact by means of cyber exploits.