Section 4: Advances, Challenges and Opportunities in Cyber Physical Systems Security
Advances, Challenges and Opportunities in Cyber Physical Systems Security
Cyber Physical Systems Threat Landscape
Organization of the Chapter
Section 1 deals with terms and terminologies for the user to understand the chapter. Section 2 introduces the concept of Cyber Physical Systems. Section 3.1 gives examples of key security trends and the CPS threat landscape. Opportunities and key solutions for securing Cyber Physical Systems are presented in Section 3.2. Section 3.3 elucidates emerging technologies and opportunities for securing Cyber Physical Systems, and Section 4 concludes the chapter.
Terms and Terminologies
• Information Technology (IT):
The use of systems/devices, like servers, storage and networking, for storing, processing and sending information/data.
• Operation Technology (ОТ):
Hardware/software used for monitoring and control of industrial equipment and processes
• Trusted Computing Group (TCG):
TCG is an industry body that develops open standards and specifications to allow trusted computing
• Threat Modelling:
Threat modeling is a proactive process to identify, evaluate and mitigate potential threats and vulnerabilities
With the increasing adoption of Cyber Physical Systems (CPS) across various industries, like manufacturing, avionics, automobiles, critical infrastructure, defence and oil and gas, securing and safeguarding the Cyber Physical Systems will be very important to protect the interests of the nation and enterprises embarked on the digital transformation journey. In this chapter, we will introduce the key CPS security trends and potential threats to the modern world due to the activities of motivated cyber criminals, and the presence of cyberterrorism and nation state sponsored cyber-attacks. We will cover some of the key security features for Cyber Physical System and the Industry 4.0 smart factory solutions to deal with the modern threat landscape. We will also look at the recommended secure development practices that should be followed when designing Cyber Physical Systems. At the end of this chapter, we will introduce several research opportunities for improving Cyber Physical System security, with respect to some emerging technologies and the changing threat landscape. This chapter will cover the following topics across various sections:
Section 1: Key security trends and CPS threat landscape.
- a) Supply chain security challenges.
- b) CPS technology and solution architecture and associated security challenges.
- c) CPS environment and ecosystem challenges.
Section 2: Opportunities and key solutions for securing CPS.
- d) Securing the CPS components and solutions.
- - Hardware Root of Trust in CPS.
- - Secure CPS cryptographic module design.
- - Trusted computing and attestation solution for CPS.
- - Key product security features
- e) Secure development methodology for hardware and software powering the CPS.
- f) Security by Default and advanced physical security features.
- g) CPS secure operations.
- - End-point protection.
- - Segmentation and network isolation.
- - Hardening CPS.
- - Proactive vulnerability management.
- - Al-based security monitoring system.
- - Periodic assessment and audit of CPS.
Section 3: Emerging technologies and opportunities for securing Cyber Physical Systems.
- • Quantum computing safe CPS design.
- • Blockchain for supply chain and identity management.
- • Advanced security hardware accelerators.
- • Advanced security analytics for Cyber Physical Systems.
- • Industry-specific reference threat models and threat intelligence.
- • Converged edge computing.
Section 4: Conclusion Bibliography
Key Security Trends and CPS Threat Landscape
With rapid digitization and transformation of enterprises and factories, security is increasingly becoming a very important factor in all CPS implementations. Over the past decade or so, cybersecurity has moved on from the world of script kiddies, who hacked into systems for fun and thrills, to motivated cyber criminals, aiming to make fast money by stealing data and identity. With CPS enabling smart grids, critical infrastructure and defence solutions, the current cyber security threat has reached a fever pitch, where wars are now fought in cyber space rather than in the physical world. In the complex world of cybersecurity, the attacks and threats can come from anyone, from a naive user, clicking on a malicious link or connecting an infected USB, to disgruntled employees, nation state-sponsored groups, cyber criminals, hacktivists and cyber terrorists.
Many of the small-scale attacks go unreported, whereas a few incidents of attacks on CPS have shaken up the industry and taken the world by surprise. A classic example, that illustrates this change in the threat landscape, can be seen in the Iran nuclear plant attack, where multiple centrifugal machines, used to enrich uranium, were crippled using an advanced destructive malware called Stuxnet. The recent German steel plan attack is an example where complex machineries were destroyed using sophisticated malwares designed by highly motivated cybercriminals. With critical infrastructure, like dams and smartgrids, connected to the Internet and controlled by machines, there is increasing threat from nationstate actors, who are rumoured to be creating sophisticated cyber weapons that can cripple any critical infrastructure, using security vulnerabilities and design flaws in critical CPS solutions. An example of this type of attack can be seen with the crippling of the Ukraine electric grid infrastructure, that is rumoured to have been carried out by nation state-sponsored cyber criminals from a neighbouring country. There is also increasing evidence from cyber security intelligence bureaux of a new type of attack called Permanent Denial of Service (PDOS), that is aiming to cripple IT and IoT systems with the intent of infecting and damaging the device into an unrecoverable or 'bricked' state. This kind of attack, also known as 'phlashing', can result in the device becoming unrepairable or only recoverable by returning it to the manufacturing facility. One of the publicly available reports of a PDOS attack used a malware called BrickerBot and is rumoured to have been used to destroy more than one million connected IoT devices, using well-known vulnerabilities and default passwords.
Modern CPS systems, like autonomous cars, have hundreds of embedded systems, connected by various communication technologies, ranging from Bluetooth protocols to cellular networks. It is estimated that the number of lines of code inside such a complex autonomous system is in the tens of millions, and any vulnerability inside the embedded systems or the applications controlling the CPS can cause major catastrophic events, resulting in loss of human life and property damage. In the past few years, many potential attacks, exploiting vulnerabilities, have been demonstrated successfully, and it is safe to assume that, in the modern world, attacks on CPS are not theoretical anymore. With CPS building upon the IoT technology and using varying numbers of embedded systems for measuring and controlling industrial processes, such large-scale attacks cannot only cripple the economy, but can also cause damage to property and even take human lives. It is highly important to look at holistic security practices, that start from securing the supply chain and building security in all the components of a CPS, to protect the CPS from this complex threat landscape. It is also important to look at secure operational practices, that span the complete CPS ecosystem, to deal with motivated cyber criminals and protect the nation, industry, factory and the machinery of the modern digital world. Let us look at some of the above areas in more detail, starting from some security challenges and associated threats, which are critically important for Cyber Physical Systems.
Supply Chain Security Challenges
With nation state-sponsored activities, geopolitical tensions and the constant battle for supremacy in the modern digital economy, there is an increasing threat of advanced supply chain attacks, aimed at installing malwares before the system is shipped to a consumer. A supply chain attack can be carried out on the manufacturing floor or in the data warehouses or during transit, using physical access to these devices, and advanced tools and techniques. If these malwares are installed on IoT devices at the hardware and firmware layers of gateways controlling the Cyber Physical Systems, it will become very difficult to detect these advanced malwares and root kits because of the lack of proper malware scanning tools on the lower layers, such as firmware or hardware. With critical infrastructure-based CPS solutions, powered by embedded systems that have complex software, validation of the supply chain integrity, to ensure the state of the device is as expected and not compromised, becomes important in any secure deployment of CPS solutions.
CPS Technology and Solution Architecture and Associated Security Challenges
With the ever-changing threat landscape and the use of various technologies and products in the Cyber Physical System solutions, let us look at the main challenges in securing a Cyber Physical System.
A typical CPS has various technologies and sub-systems, starting from the physical machinery, complex control systems, computing devices at the edge, acting as gateways, and communication networks interconnecting the CPS and cloud-based platforms and services. Figure 14.1 illustrates a typical 4-stage CPS/IoT reference architecture, as described by Hewlett Packard Enterprise, one of the leading CPS, IoT and edge computing solution providers in the market. The solution can be split into operation technology (ОТ),
Typical CPS reference solution architecture.
that comprises hardware and software control systems closer to the physical system and processes usually found in automobiles, on manufacturing floors and in smart grid generation and distributing facilities. Information Technology (IT) consists of the traditional data centre and cloud computing technologies, consisting of server, storage, networking infrastructure and applications. The edge is defined as the boundary between the ОТ and the IT and is normally the place that is outside the data centre/cloud and closer to the place where you have things or physical devices/processes. The computing infrastructure used near the edge is called the edge computing and supports a combination of wired and wireless protocols to communicate with the ОТ infrastructure components. The aggregated and filtered data are sent from the edge system to either an enterprise data centre or to the cloud, using cellular network, WAN and other high-speed network connectivities. The data in the cloud in a few industry-specific use cases are used to create a digital twin of the physical system, which is used for predictive analytics and simulations. The data in the cloud are managed using a CPS/IoT platform that provides data services, like de-duplication, search operations, data query services, sanitization and policy-based archival.
Advanced analytics are applied on the centralized data lake to derive new insights, which, in turn, are used to control and optimize the working of the Cyber Physical System. In many implementations, the CPS data platform also supports deployment of various industry-specific applications to meet the needs of the business and the targeted customer base. This distributed system architecture, from edge to cloud, with heterogeneous technologies, starting from different industrial bus architectures, control systems, compute infrastructure, wired and wireless communication and numerous applications, make securing any Cyber Physical System an enormous challenge.
Let us take a deeper look into the technology elements and security operation challenges of a typical Cyber Physical System, spanning ОТ to IT technologies. The key elements in the ОТ infrastructure contains sensor and actuator networks and various embedded control systems, designed using industry-specific technology and a communication bus like Supervisory Control and Data Acquisition (SCADA), Profibus, Modbus etc. These industrial bus standards and protocols are several decades old and were designed when the security threat landscape was completely different. The ОТ infrastructure also includes a special-purpose Programmable Logic Controller (PLC) device, that is used to monitor the sensors and control the actuators. These systems normally run very old versions of Operating Systems (OS) that, in many cases, may be out of support due to changes in component technologies and innovations. These systems are also not regularly assessed for vulnerabilities and the update to newer firmware and application stack is normally done infrequently, due to the potential risk of downtime. These issues increase the risk of cyber-attacks, especially in the modern world where more and more physical systems are connected to the Internet.
With increased focus on security, privacy and localization of data for regulation and compliance reasons, edge computing is gaining greater momentum in modern deployments. Many Cyber Physical Solutions have an additional layer of computing to perform complex analytics and inference jobs, that are used to optimize and control the data transmitted to the cloud. Data security becomes very important at both the edge and the cloud as the operations can be impacted due to tampered or unavailable data. Communication to the gateway/edge computing from the physical systems happens through wired or low-power wireless protocols like Long Range (LoRA), Zigbee Blue Tooth Low-Energy (BLE), etc. Many of the wireless protocols are subjected to spoofing and replay attacks, and wireless communication can easily be acquired and modified, using jammers and other sophisticated devices.
With PLCs, gateways and edge devices, potentially coming from different vendors with different architectures, ensuring that these devices are configured and hardened based on assessed risks and emerging threat landscape becomes a big challenge. Compounding this problem is the fact that the ОТ administrators may not be skilled in managing IT systems effectively. With new low-power and wireless communication technologies gaining popularity and acceptance, it becomes very important to look at good security practices and operational procedures to secure the CPS solutions. Advanced security practices and use of modern technologies is key to dealing with motivated cyber criminals and nation state-sponsored attacks.
CPS Environment and Ecosystem Challenges
A traditional data centre has a lot of physical security controls and mechanisms, such as wired fence, security guards, boom barriers, doors with access control, multifactor authentication and locked racks and cages, setup to prevent unauthorized access to the computing infrastructure. In comparison, CPS edge computers, used for collecting and controlling the devices, are installed on manufacturing floors, usually in a harsh physical environment (e.g., nonstandard temperature and humidity) with non-optimal physical security. Any intrusion on the edge server in charge of data management and control logic can result in potential compromise of the physical machines and the data that is used to derive insights, which is key for the reliable working of any CPS solution. It is very important to ensure that the systems controlling the CPS have the right level of physical security and are protected from external hackers and internal threats, including disgruntled employees.