Secure Contingency Prediction and Response for Cyber-Physical - PowerPoint PPT Presentation

Secure Contingency Prediction and Response for Cyber-Physical Systems Erik Miehling, Cedric Langbort, Tamer Ba ş ar Coordinated Science Lab University of Illinois at Urbana-Champaign Urbana, IL, 61820 CCTA 2020 — August 26, 2020

Some cyber-physical atta cl s… Stuxnet (~2005-09) Used a combination of exploits (including social • engineering a tu acks and zero-days) to gain access to the computers responsible for re-programming PLCs Ukrainian power grid ha cl (2015) Used spear-phishing a tu acks (malicious emails) to • install malware that opened a backdoor on the substations’ computers, in turn facilitating recon a tu acks and eventual remote access Kemuri water company atta cl (2016) Exploited a vulnerability in the payment system to • gain access to the valve and fl ow control applications Altered se tu ings for water fl ow and chemical levels • 2

Primary ci allenges Cyber-physical systems security shares all of the challenges of cyber-security… • Partial observability • Dynamic • Large-scale • Time-sensitivity • …as well as challenges due to the existence of the physical system • Cyber defenses are limited by operational requirements of the physical • system Ti e need to maintain accurate estimates and good control performance in • the presence of corrupted sensors and compromised actuators 3

Related work and contribution Related work Surveys: [Chaterji et al. , ’19], [Zhu & Ba ş ar, ’15], [Lun et al. , ’19], [Dibaji et al. , ’19] • CPS a tu ack analysis: [Chen et al. , ’11], [Davis et al. , ’15], [Li et al. , ’17] • Secure state estimation and control: [Zonouz et al. , ’12], [Etigowni et al. , ’16], • [Chang et al. , ’18], [Barreto et al. , ’13], [Fawzi et al. , ’14] Contribution We propose a model, termed secure contingency prediction and response • (SCPR), that links the security status of the cyber network with the operational status of the physical system First to use an a tu ack graph to de fi ne a state process on the cyber network for • the purposes of prescribing joint control of the cyber and physical processes A tu ack graph description allows one to reason over combinatorially many • a tu ack paths in the cyber network, enabling a granular view of the a tu acker’s capabilities 4