Attacks and Threats for Cyber-Physical Systems
Perhaps the most well publicized control system attack is Stuxnet, which was an attack on the uranium enrichment plant in Natanz, Iran. The Stuxnet malware was discovered by security engineer Sergey Ulasen in 2010 (see, e.g., Zetter 2015). Stuxnet was a sophisticated attack with many facets – it is not merely a piece of cyber malware. The Stuxnet took advantage of both the physical nature of the Natanz control system and vulnerable security flaws in the unique cyber components used in the CPS.
As mentioned, CPSs were traditionally designed around availability and safety. Cyber security features were not part of the original design of CPSs (Luiijf 2016) because:
- CPSs were based on specialized hardware, proprietary code and protocol standards. Only specialists knew about how to use them.
- CPSs operated in a closed environment without any connectivity with other domains. Physical security methods were adequate.
- Since CPSs operated in a closed and assumed benign environment, there was no reason for creating secure and robust CPS protocols.
Current threats to CPSs remain numerous and broad. These threats have enabled complex and specific attacks to be executed (see Sullivan 2015 for a current summary). The nature and efficacy of these attacks are largely determined by a complex mix of security deficiencies in CPS systems that aggregate architectures and approaches from several epochs of technological history. For example, SCADA systems of the second generation were distributed, but used non-standard protocols. This enabled centralized supervisory servers and remote PLCs and RTUs. Security was often overlooked in this generation. The third generation of SCADA systems used common network protocols such as TCP/IP. This generation added the concept of Process Control Network (PCN), which allowed SCADA enclaves to connect to the Internet at large. This connection enabled operators to remotely manage the SCADA ecosystem and introduced malware to the enclaves.
Security by design was lacking and designers too often CPS designers on “security by obscurity” – relying on hopes that the attacker would lack knowledge about the inner structure and workings of the system. Elements of common attacks (see Evancich & Li 2016 for details) include malware that used buffer overflow, code injection, and rootkits. CPS attacks were very sophisticated and were commonly believed to require extensive development efforts and resources of a group sponsored by a nation-state. For example, rootkit-based attacks that hide malicious processes from detection by users requires significant development and testing.