Towards Quantifying Programmable Logic Controller Resilience Against Intentional Exploits
AIR FORCE INST OF TECH WRIGHT-PATTERSON AFB OH SCHOOL OF ENGINEERING AND MANAGEMENT
Pagination or Media Count:
Supervisory Control and Data Acquisition SCADA systems control and monitor services for the nations critical infrastructure. Recent cyber induced events e.g., Stuxnet provide an example of a targeted, covert cyber attack against a SCADA system that resulted in physical effects. Of particular note is how Stuxnet exploited the trust relationship between the human machine interface HMI and programmable logic controllers PLCs. Current methods for validating system operating parameters rely on message exchange and network communications protocols, generally observed at the HMI. Although sufficient at the macro level, this method does not provide detection of malware that exhibits physical effects via covert manipulation of the PLC, as demonstrated by Stuxnet. In this research, an alternative method that leverages direct analysis of PLC input and output to derive the true state of SCADA end-devices is introduced. The behavioral input-output characteristics are modeled using Petri nets to derive metrics for quantifying resilient properties of systems against malicious exploits. The results yield metrics that are applicable towards quantifying resilience in PLCs and implementing real-time security solutions. These findings enable detecting programming changes that affect input and output relationships, identifying the degree of deviation from a baseline program, and minimizing performance losses against disruptive events.
- Computer Systems Management and Standards