Week 7

Question 1

Compromised Sensor and False Signal Injection

Answer 1

In this attack, an assailant who has compromised a sensor (e.g., due to unauthenticated sensor data or having access to the sensor’s secret key) injects false sensor signals.

This manipulation leads to the control logic of the system acting on malicious data, a scenario commonly referred to as a “transduction attack.”

Question 2

Communication Path Interference

Answer 2

Attackers positioned within the communication path between the sensor and the controller can engage in various disruptive activities.

These actions can range from delaying the transmission of information from the sensors to the controller to completely blocking the information flow.

In such cases, the controller loses observability of the system’s status.

Examples of attacks in this category include DoS, stale data attacks, ARP poisoning, physical attacks.

Question 3

Compromised Controller

Answer 3

In this attack, the attacker compromises the controller and sends incorrect control signals to the actuators.

Question 4

Control Command Delay/Block

Answer 4

Attackers aim to delay or block control commands, leading to a denial of control to the system.

This attack is similar to a denial-of-service (DoS) attack targeted at the actuators.

Question 5

Compromised Actuators and Zero Dynamics Attacks (ZDA)

Answer 5

In this scenario, the attacker compromises the actuators and executes control actions that differ from the controller’s intentions.

The attacker may also conduct zero dynamics attacks (ZDA), manipulating the input to create unstable conditions within the closed-loop control system.

Question 6

Physical Infrastructure Destruction

Answer 6

This type of attack involves physical attacks on the system, where the attacker may destroy part of the infrastructure.

Question 7

Communication Delay/Block

Answer 7

Attackers aim to delay or block communications to and from the supervisory control system or devices, which include HMI (Human-Machine Interface), SCADA (Supervisory Control and Data Acquisition), and Historian systems.

Question 8

SCADA System or Configuration Device Compromise

Answer 8

In this attack, the attacker compromises or impersonates the SCADA system or configuration devices and sends malicious control or configuration changes to the controller.

Notable examples include attacks on the power grid in Ukraine, where attackers compromised computers in the control room of a SCADA system.

Question 9

Attacks on perception execution layer

Answer 9

These attacks involve direct physical attacks on sensors.

Devices are often in unsupervised environment and easy to be targeted.

Actuator enablement attacks (AE-attacks)

Actuator disablement attacks (AD-attacks)

Sensor erasure attack (SE-attacks)

Sensor insertion attack (SI-attack)

Question 10

Attacks on data transmission layer

Answer 10

It mainly transmits data through communication networks.

Where breaches may involve Man-in-the-Middle (MITM) attacks and Denial of Service (DoS) attacks.

Question 11

Attacks on application layer

Answer 11

This layer is made of controllers and user applications that generates executive
control commands based on the info they received from perception layer (via
transmission layer)
May result in unauthorized access, privacy information leakage, and compromise of lower layers.