Cyber-Physical_Systems_yber Physical system (CPS) is a new generation of digital systems,.pdf
RohitGhulanavar2
13 views
31 slides
Jul 24, 2024
Slide 1 of 31
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
About This Presentation
yber Physical system (CPS) is a new generation of digital systems, composed of computational and physical capability that engages with humans like never before. It's designed to act like a network of multiple variables with both physical input and output – rather than standalone technology
Slide Content
Cyber-Physical Systems Security
Alvaro A. Cardenas
Alvaro A. Cardenas
© Crown Copyright, The National Cyber Security Centre
2019. This information is licensed under the Open
Government Licencev3.0. To view this licence, visit
http://www.nationalarchives.gov.uk/doc/open-
government-licence/.
When you use this information under the Open
Government Licence, you should include the following
attribution: CyBOKCyber-Physical Systems Security
Knowledge Area Issue 1.0 © Crown Copyright, The
National Cyber Security Centre 2019, licensed under the
Open Government Licence
http://www.nationalarchives.gov.uk/doc/open-
government-licence/.
The CyBOKproject would like to understand how the
CyBOKis being used and its uptake. The project would like
organisationsusing, or intending to use, CyBOKfor the
purposes of education, training, course development,
professional development etc. to contact it at
[email protected] let the project know how they are
using CyBOK.
2019. This information is licensed under the Open
Government Licencev3.0. To view this licence, visit
http://www.nationalarchives.gov.uk/doc/open-
government-licence/.
When you use this information under the Open
Government Licence, you should include the following
attribution: CyBOKCyber-Physical Systems Security
Knowledge Area Issue 1.0 © Crown Copyright, The
National Cyber Security Centre 2019, licensed under the
Open Government Licence
http://www.nationalarchives.gov.uk/doc/open-
government-licence/.
The CyBOKproject would like to understand how the
CyBOKis being used and its uptake. The project would like
organisationsusing, or intending to use, CyBOKfor the
purposes of education, training, course development,
professional development etc. to contact it at
[email protected] let the project know how they are
using CyBOK.
Modernization of our Physical
Infrastructures
2
Industrial Control Systems
Building AutomationManufacturing Automation
Smart Grid
Intelligent
TransportationSystems
Operations
Center
WirelessHART, ISA 100.11a, 6LoWPAN, ROLL, 802.15.4, …
Infrastructures
2
Industrial Control Systems
Building AutomationManufacturing Automation
Smart Grid
Intelligent
TransportationSystems
Operations
Center
WirelessHART, ISA 100.11a, 6LoWPAN, ROLL, 802.15.4, …
Smart Homes, Autonomous
Vehicles, Agriculture
3
Image Source:
conosco.com
Vehicles, Agriculture
3
Image Source:
conosco.com
Cyber-Physical Systems
4
• Control
• Computation
• Communication
• Interdisciplinary
Research!
4
• Control
• Computation
• Communication
• Interdisciplinary
Research!
Security Problems
5
5
Control Systems
6
Control Room
HMI
PLC
Centrifuges
1kHz 1kHz
StatusStatus
6
Control Room
HMI
PLC
Centrifuges
1kHz 1kHz
StatusStatus
Medical Devices
8
8
Air Traffic Communications
(ADS-B)
9
• Source: Sampigethaya et al.
(ADS-B)
9
• Source: Sampigethaya et al.
Autonomous Vehicles
10
10
A decade ago it was hard to convince
researchers this was a problem
Only one verified attack to control systems:
2000 attack on waste water control system
11
researchers this was a problem
Only one verified attack to control systems:
2000 attack on waste water control system
11
If attacker has partial control of system, it
can drive it to unsafe states.
Nothing new!
Use normal IT security tools!
Nothing new!
Safety and fault tolerance will save
the day!
Security of Control Systems?
Not my job!
It’s the control engineers job!
Not my job!
It’s the IT security guy’s job!
Why is CPS Security Different?
12Attacks != Failures
Security Control
can drive it to unsafe states.
Nothing new!
Use normal IT security tools!
Nothing new!
Safety and fault tolerance will save
the day!
Security of Control Systems?
Not my job!
It’s the control engineers job!
Not my job!
It’s the IT security guy’s job!
Why is CPS Security Different?
12Attacks != Failures
Security Control
Security in CPS
• Security is not only about keeping attackers
out
• It is also about
–Understanding risks
–Mitigating
–Detecting
–Responding
to adversaries that have partial access to
your system
13
• Security is not only about keeping attackers
out
• It is also about
–Understanding risks
–Mitigating
–Detecting
–Responding
to adversaries that have partial access to
your system
13
Preventing Attacks
•Securing Legacy Systems
• Bump-in-the-wire
• Wireless shields
• Retrofitting security in legacy communications
•Lightweight security
• High-assurance systems
• Preventing transduction attacks
14
•Securing Legacy Systems
• Bump-in-the-wire
• Wireless shields
• Retrofitting security in legacy communications
•Lightweight security
• High-assurance systems
• Preventing transduction attacks
14
Detecting Attacks
•Remote attestation
• Misuse detection
• Anomaly detection
• Physics-based
attack detection
• Active detection
15
Physical
Process
(Plant)
Actuators Sensors
Controller
Detection
v
k
z
k
yk
Reconfi
guration
uk
uk
(Under Normal Operation)
rk
Physical
Model
LDSor ARuk
y
k
ˆy
ky −k 1
r = y −yk kˆk
Residual Generation
Anomaly
Detection:
Satelessor
Stateful
rk
Detection
alert
•Remote attestation
• Misuse detection
• Anomaly detection
• Physics-based
attack detection
• Active detection
15
Physical
Process
(Plant)
Actuators Sensors
Controller
Detection
v
k
z
k
yk
Reconfi
guration
uk
uk
(Under Normal Operation)
rk
Physical
Model
LDSor ARuk
y
k
ˆy
ky −k 1
r = y −yk kˆk
Residual Generation
Anomaly
Detection:
Satelessor
Stateful
rk
Detection
alert
Mitigating Attacks
• Conservative control
• Security indices
• Resilient estimation
• Inertial resets
• Constraining actuation
• Virtual sensors
• Reactive response
(game theory)
• Safe controls
16
• Conservative control
• Security indices
• Resilient estimation
• Inertial resets
• Constraining actuation
• Virtual sensors
• Reactive response
(game theory)
• Safe controls
16
Privacy in CPS
Privacy and New Technologies
• The right to be let alone (Thomas Cooley)
• There is a growing threat to this right
–“recent inventionsand business methods”
–“instantaneous photographs”
• Cameras created a new privacy problem:
–They allowed photography of unwilling or unknowing
persons
18
Warren and Brandeis
(1890)
• The right to be let alone (Thomas Cooley)
• There is a growing threat to this right
–“recent inventionsand business methods”
–“instantaneous photographs”
• Cameras created a new privacy problem:
–They allowed photography of unwilling or unknowing
persons
18
Warren and Brandeis
(1890)
Kevin Ashton (British entrepreneur)
coined the term IoT in 1999.
19
• 20th Century: computers were
brains without senses—-they only
knew what we told them.
• More info in the world than what
people can type on keyboard
• 21st century: computers sense
things, e.g., GPS we take for
granted in our phones
coined the term IoT in 1999.
19
• 20th Century: computers were
brains without senses—-they only
knew what we told them.
• More info in the world than what
people can type on keyboard
• 21st century: computers sense
things, e.g., GPS we take for
granted in our phones
Ve h i c u l a r Pr i v a c y
20
20
Drones and Privacy
21
connect to drone open AP1
Attacker
Drone
3
2 echo lewei_cmd;…
record and return footage
21
connect to drone open AP1
Attacker
Drone
3
2 echo lewei_cmd;…
record and return footage
Location Privacy
22
22
IoT for Children
23
Children are easy molded.
Accept standards of surveillance.
23
Children are easy molded.
Accept standards of surveillance.
Smart Homes and Privacy
Policy and Political Aspects
Security is a Hard Business
Case
• “Making a strong business case for cybersecurity
investment is complicated by the difficulty of quantifying risk
in an environment of rapidly changing, unpredictable
threats with consequences that are hard to demonstrate”
–DoE. Roadmap to Achieve Energy Delivery Systems
Cybersecurity
26
Case
• “Making a strong business case for cybersecurity
investment is complicated by the difficulty of quantifying risk
in an environment of rapidly changing, unpredictable
threats with consequences that are hard to demonstrate”
–DoE. Roadmap to Achieve Energy Delivery Systems
Cybersecurity
26
As a Result Systems are Vulnerable
with Basic Security Gaffes
• Unauthenticated remote connection to devices
• Unencrypted communications
• Hardcoded backdoor from manufacturer
• Hardcoded keys in devices
• Devices have several easily exploitable vulnerabilities
• Security incentives (regulation?) represent
the most pressing challenge for improving
the security posture of critical infrastructures
27
with Basic Security Gaffes
• Unauthenticated remote connection to devices
• Unencrypted communications
• Hardcoded backdoor from manufacturer
• Hardcoded keys in devices
• Devices have several easily exploitable vulnerabilities
• Security incentives (regulation?) represent
the most pressing challenge for improving
the security posture of critical infrastructures
27
Cyberconflict
•Computer networks are an extension to the way we
interact with others
–Any conflict will have its equivalent representation in
cyberspace.
• Cybercrime (violation of domestic law)
• Cyberespionage (OK under international law; nation-
states)
•Cyberwar (cyber attacks in armed conflict)
• M. Schmitt. International Law in Cyberspace: The Koh
Speech and Tallinn Manual Juxtaposed, 2012.
28
•Computer networks are an extension to the way we
interact with others
–Any conflict will have its equivalent representation in
cyberspace.
• Cybercrime (violation of domestic law)
• Cyberespionage (OK under international law; nation-
states)
•Cyberwar (cyber attacks in armed conflict)
• M. Schmitt. International Law in Cyberspace: The Koh
Speech and Tallinn Manual Juxtaposed, 2012.
28
The Law of War Applies in
Cyberspace
• Tallin Manual: Non-binding study on how International Law
applies to cyber conflicts. NATO’s cooperative cyber-defense
center of excellence.
• The Koh Speech: State Dept. legal advisor Harold Koh,
explaining how U.S. interprets international law to cyberspace
• jus ad bellum (right to enter a war)
• jus in bellum (acceptable wartime conduct)
• Physical effects of a cyber-operation are key
• Are they similar to kinetic effects caused by e.g. missile?
• Grey area: cyber-attacks that do not rise to the level of
armed attacks
• Challenges: proportionality, attribution, and distinction (civilian
and military objectives)
29
Cyberspace
• Tallin Manual: Non-binding study on how International Law
applies to cyber conflicts. NATO’s cooperative cyber-defense
center of excellence.
• The Koh Speech: State Dept. legal advisor Harold Koh,
explaining how U.S. interprets international law to cyberspace
• jus ad bellum (right to enter a war)
• jus in bellum (acceptable wartime conduct)
• Physical effects of a cyber-operation are key
• Are they similar to kinetic effects caused by e.g. missile?
• Grey area: cyber-attacks that do not rise to the level of
armed attacks
• Challenges: proportionality, attribution, and distinction (civilian
and military objectives)
29
Conclusions
• Attacks to CPS are growing: Attackers have the motivations,
knowledge, resources, and persistence to launch attacks
that will damage the physical world (even humans)
• We need to be prepared to prevent, detect, mitigate,
and respond to these attacks
• Privacy issues are also a growing concern
• We need to design mechanisms to facilitate the utility of
the CPS system while minimizing privacy loses
• Policy and political aspects
• Incentives for securing CPS
• Need new international legal frameworks for cyber
conflict
30
• Attacks to CPS are growing: Attackers have the motivations,
knowledge, resources, and persistence to launch attacks
that will damage the physical world (even humans)
• We need to be prepared to prevent, detect, mitigate,
and respond to these attacks
• Privacy issues are also a growing concern
• We need to design mechanisms to facilitate the utility of
the CPS system while minimizing privacy loses
• Policy and political aspects
• Incentives for securing CPS
• Need new international legal frameworks for cyber
conflict
30
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 13
- Slides 31
- Age 498 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
35 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
32 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
29 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views