Title :
Monitoring Security of Networked Control Systems: It´s the Physics
Author :
McParland, Chuck ; Peisert, Sean ; Scaglione, Anna
Author_Institution :
Lawrence Berkeley Nat. Lab., Berkeley, CA, USA
Abstract :
Physical device safety is typically implemented locally using embedded controllers, whereas operations safety is primarily performed in control centers. Safe operations can be enhanced by correctly designed device-level control algorithms as well as protocols, procedures, and operator training at the control-room level, but all of these can fail. Moreover, these elements exchange data and issue commands via vulnerable communication layers. To secure these gaps and enhance operational safety, the authors believe command sequence monitoring must be combined with an awareness of physical device limitations and automata models that capture safety mechanisms. One way of doing this is by leveraging specification-based intrusion detection to monitor for physical constraint violations. This method can also verify that the physical infrastructure state is consistent with information and commands exchanged by controllers. This additional security layer enhances protection from both outsider attacks and insider mistakes.
Keywords :
control facilities; networked control systems; security of data; command sequence monitoring; control centers; correctly designed device-level control algorithms; embedded controllers; networked control system security monitoring; operations safety; physical device safety; security layer; specification-based intrusion detection; vulnerable communication layers; Algorithm design and analysis; Computer security; Control systems; Energy management; Intrusion detection; Monitoring; Performance evaluation; Safety; Safety devices; cyber-physical system; energy system; intrusion detection; physics; safety engineering; security; specifications;
Journal_Title :
Security & Privacy, IEEE
DOI :
10.1109/MSP.2014.122
