-Since digital control systems were introduced to the market more than 30 years ago, the operational efficiency and stability gained through their use have fueled our migration and ultimate dependence on them for the monitoring and control of critical infrastructure. While these systems have been designed for functionality and reliability, a hostile cyber environment and uncertainties in complex networks and human interactions have placed additional parameters on the design expectations for control systems.
Abstract-Security of control systems is becoming a pivotal concern in critical national infrastructures such as the power grid and nuclear plants. In this paper, we adopt a hierarchical viewpoint to these security issues, addressing security concerns at each level and emphasizing a holistic cross-layer philosophy for developing security solutions. We propose a bottom-up framework that establishes a model from the physical and control levels to the supervisory level, incorporating concerns from network and communication levels. We show that the game-theoretical approach can yield cross-layer security strategy solutions to the cyber-physical systems.
I. INTRODUCTIONMany industry sectors are experienced with arming automation systems with modern IT technology. The integration moves the systems from an outdated, proprietary technology to more common ones such as personal computers, Microsoft Windows, TCP/IP/Ethernet, etc. It provides more efficient methods of communication, improves system interoperability and result in considerable cost and performance benefits. However, in the meantime, it poses security challenges on control systems as the integration exposes the system to public networks.In [1], it is reported that hackers have inserted software into the US power grid, potentially allowing the grid to be disrupted at a later date from a remote location. As reported in [2], it is believed that an inappropriate software update has led to a recent emergency shutdown of a nuclear power plant in Georgia, which lasted for 48 hours. In [3], it is discovered that a computer worm, Stuxnet has been spread to target Siemens Supervisory Control And Data Acquisition (SCADA) systems that are configured to control and monitor specific industrial processes. On November 29, 2010, Iran has confirmed that its nuclear program had indeed been damaged by Stuxnet [4], [5]. The infestation by this worm may have damaged Iran's nuclear facilities in Natanz and eventually delayed the start up of Iran's nuclear power plant.Many control systems do not have built-in security functionalities and the security solutions in regular IT systems may not always apply to systems in critical infrastructures. This is because critical infrastructures have different goals, objectives and assumptions concerning what needs to be protected, and have specific applications that are not originally designed for a general IT environment. Hence, it is necessary to develop unique security solutions to fill the gap where IT solutions do not apply.
Resilience" describes how systems operate at an systems. Without a significant investment by the federal acceptable level of normalcy despite disturbances or threats. In government to address this national gap in technology, this paper we first consider the cognitive, cyber-physical policies and regulations, modern control systems will remain interdependencies inherent in critical infrastructure systems and the soft underbelly for cyber-attacks, a major impediment to how resilience differs from reliability to mitigate these risks.implementing national Smart Grid, and the limiting Terminology and metrics basis are provided to integrate the cognitive, cyber-physical aspects that should be considered when technology to optimizing response to the next national defining solutions for resilience. A practical approach is taken to emergency like the Hurricane Sandy.roll this metrics basis up to system integrity and business case metrics that establish "proper operation" and "impact." A notional chemical processing plant is the use case for demonstrating how the system integrity metrics can be applied to establish performance, and as well, the effects on the process that roll into the business case.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.