Monitoring Security of Networked Control Systems: It´s the Physics

Physical device safety is typically implemented locally using embedded controllers, whereas operations safety is primarily performed in control centers. Safe operations can be enhanced by correctly designed device-level control algorithms as well as protocols, procedures, and operator training at the control-room level, but all of these can fail. Moreover, these elements exchange data and issue commands via vulnerable communication layers. To secure these gaps and enhance operational safety, the authors believe command sequence monitoring must be combined with an awareness of physical device limitations and automata models that capture safety mechanisms. One way of doing this is by leveraging specification-based intrusion detection to monitor for physical constraint violations. This method can also verify that the physical infrastructure state is consistent with information and commands exchanged by controllers. This additional security layer enhances protection from both outsider attacks and insider mistakes.