Week 6 - CPS Challenges Flashcards
Challenges
- Interoperability
- Predictability
- Reliability
- Sustainability
- Dependability
- Security
Interoperability
Ensuring systems adhere to standard designs and open specifications for improved compatibility, scalability, diversity, and efficiency.
Interoperable systems allow components to work together, exchange information, and provide services seamlessly.
Predictability
Achieving predictability in terms of the system’s state, behavior, and functionality.
Precise timing, such as Precision Timing (PreT), is a key challenge in this area.
Reliability
Ensuring the system performs its functionality correctly.
Components of reliability include robustness, validity, and maintainability.
Sustainability
Establishing adaptive, resilient, and reconfigurable systems capable of functioning without compromising requirements.
Sustainable systems should be long-lasting, self-healing, and able to dynamically evolve.
Dependability
Building trustworthy systems that are highly available to legitimate users while maintaining service integrity.
Key attributes of dependable systems include reliability, maintainability, availability, and safety/integrity.
Security
Ensuring system security through the use of software and hardware to meet the required CIA (Confidentiality, Integrity, Availability).
Security (Adversary Model)
Considerations regarding adversaries in an adversary model:
Adversary assumptions: identify potential attacker.
Adversary goals: identify attackers objectives,
Adversary capabilities: assess attackers expertise, knowledge, tools.
Security (IT vs. CPS/OT)
Fundamental differences between IT security and CPS security:
CPS security prioritizes availability as the most critical aspect, while IT systems emphasize confidentiality.
CPS uses static configurations (not in the enterprise zone) compared to IT systems that use DHCP in their protocol.
IT systems require frequent updates and patches, while CPS systems experience infrequent updates.
Countermeasure
Actions taken to offset an attack.
Understanding attacker’s intentions and attack consequences.
Designing new attack detection and resilient algorithms.
Prevention
Developing security schemes for the CPS infrastructure.
Implementing regulations, standards, and best practices.
Detection and Recovery
Detecting and recovering from attacks, especially when prevention fails.
CPS uses both network traffic and physical process monitoring.
Training human operators or intelligent agents for attack detection and recovery.
Resilience
Designing CPS systems that can survive attacks.
Implementing redundancy.
Separation of privilege.
Using control loops (interruptible by humans in case of disturbance).
Deterrence
Discouraging attacks through the fear of consequences.
Enforcing legislation.
Law enforcement.
International collaboration for tracking cybercrimes.
Keeping CPS Secure
Safety
Protection
Reliability
Robust Control
Safety vs Security
Safety
Consider the likelihood of failures and their consequences while designing safety requirements (or SIS).
Safety Instrumented Systems (SIS) are dedicated safety monitoring systems independent of the main control system.
SIS ensures a safe shutdown or predefined safe state in case of hardware malfunctions, even as simple as a pressure relief valve in boilers.
SIS implements one or more Safety Instrumented Functions (SIF) composed of sensors, logic solvers, and physical elements, often with varying safety integrity levels (SIL).
Safety (Purpose of SIS)
SIS serves three main purposes:
Automatically take an industrial process to a safe state when specified conditions are violated.
Permit a process to proceed safely when specified conditions allow (permissive functions).
Take action to mitigate the consequences of an industrial hazard.
Safety (Hazard Mitigation Layers)
Mitigating hazards through a layered approach:
Basic low-priority alarms sent to a monitoring station.
Activation of SIS systems.
Mitigation safeguards like physical protection systems (e.g., dikes).
Organizational response protocols for plant emergency response and evacuation.
Defense-in-depth Strategy (DDS)
Refers to a cybersecurity approach that
uses multiple layers of security for holistic protection. A layered defense
helps security organizations reduce vulnerabilities, contain threats, and
mitigate risk
It is a holistic ICS security posture by stacking defenses, or in other
words, by creating multiple layers of backup security controls that cover
and overlap each other. Therefore, in defense-in-depth approach, if a
bad actor breaches one layer of defense, they might be contained by
the next layer
Physical Security - DDS
Limit physical access to authorized personnel using locks, gates, key cards, and biometrics.
Implement policies, procedures, and technology to escort and track visitors.
Network Security - DDS
Create security zones through network segmentation, switches, routers, VLANs, and firewall rules.
Implement AAA (Authentication, Authorization, and Accounting) and intrusion detection and prevention systems.
Computer Security - DDS
Apply patch management, anti-malware software, and remove unused applications/protocols/services.
Protect physical and logical ports, and restrict access to unused communication ports.
Control DIversity - DDS
Use diverse control mechanisms to protect against various threats.
Implement security policies on downloads, file attachments, and limit user privileges.
Vendor Diversity - DDS
Use different security vendors for various devices and network components.
Reduce the risk of missing a particular malware by diversifying security vendors.
Application Security - DDS
Prevent unauthorized interactions with programs and services.
Implement authentication, authorization, and auditing, keeping applications free from vulnerabilities.
Device Security - DDS
Focus on the AIC triad of ICS Devices (Availability, Integrity, and Confidentiality).
Prioritize availability in ICS and implement device patching, hardening, access restrictions, and device lifecycle management.
Safety vs Security
Adding new security defenses may raise safety concerns.
Example: A power plant shutdown occurred when a computer rebooted after a patch.
Software updates and patching might violate safety certifications.
Restricting unauthorized access to a CPS may hinder first responders during emergencies.
For instance, paramedics might need access to a medical device that prevents unauthorized connections.
Security solutions should consider CPS safety when implementing new security mechanisms.
