Using Process Invariants to Detect Cyber Attacks on a Water Treatment System

• Published in: ICT Systems Security and Privacy Protection Vol. 471; pp. 91 - 104
• Main Authors: Adepu, Sridhar, Mathur, Aditya
• Format: Book Chapter
• Language: English
• Published: Switzerland Springer International Publishing AG 2016; Springer International Publishing
• Series: IFIP Advances in Information and Communication Technology
• Subjects: Attack detection; Computer security; Cyber attacks; Cyber physical systems; Industrial control systems; Secure water treatment testbed
• ISBN: 3319336290; 9783319336299
• ISSN: 1868-4238; 1868-422X; 1868-422X
• DOI: 10.1007/978-3-319-33630-5_7

An experimental investigation was undertaken to assess the effectiveness of process invariants in detecting cyber-attacks on an Industrial Control System (ICS). An invariant was derived from one selected sub-process and coded into the corresponding controller. Experiments were performed each with an attack selected from a set of three stealthy attack types and launched in different states of the system to cause tank overflow and degrade system productivity. The impact of power failure, possibly due to an attack on the power source, was also studied. The effectiveness of the detection method was investigated against several design parameters. Despite the apparent simplicity of the experiment, results point to challenges in implementing invariant-based attack detection in an operational Industrial Control System.