Abstract
In this invited talk, we argue that designing cyber security of critical infrastructure requires a spilt-personality approach to design as opposed to design for correctness or for performance. Designing a functionally correct system, or a performance constrained system is fundamentally different in the sense that such design requires us to build models and to systematically refine models towards implementation such that correctness is preserved between refinements, and performance optimizations are introduced during refinements. Designing systems with cyber-security properties requires us to not only build models from theoretical principles, but also require modeling possible behaviors of an adversary. Modeling adversarial behavior is akin to test-driven model refinement, and hence not so different from certain approaches used when our goal is functionally correct design. However, for cyber-physical systems, we often need to detect an ongoing cyber attack since safe guards for cyber security often depend on assumptions which can be invalidated (e.g., insider attacks may invalidate perimeter security assumptions). Detecting ongoing attacks requires detecting behavioral anomalies in the physical system under cyber control – thus requiring us to build models from data. Machine learning approaches could be used to build such models. This we view as a schizoid approach – since the designer has to not only model the system from physical principles, he/she also has to build nominal behavioral models from data. While arguing this point of view, we introduce a virtual SCADA (supervisory control and data acquisition) laboratory we have built to help design cyber security of critical systems. The majority of this talk focuses on describing this software based virtual laboratory called VSCADA. Most of this research is published in [8,11] and summarized here for the sake of exposition to the present audience.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Krutz, R.L.: Securing SCADA Systems. Wiley Publishing, Inc. (2005)
Craig Jr., P.A., Mortensen, J., Dagle, J.E.: Metrics for the National SCADA Test Bed Program, Report, Pacific Northwest National Laboratory, October 2008
Reaves, B., Morris, T.: An open virtual test bed for industrial control system security research. International Journal of Information Security 11(4), 215–229 (2012)
Davis, C.M., Tate, J.E., Okhravi, H., Grier, C., Overbye, T.J., Nicol, D.: SCADA cyber security test bed development. In: 38th North American Power Symposium, NAPS 2006, pp. 483–488, Septembe 17–19, 2006. doi:10.1109/NAPS.2006.359615
Bergman, D.C., Jin, D., Nicol, D.M., Yardley, T.: The virtual power system test bed and inter-test bed integration. In: Proceedings of the 2nd conference on Cyber security experimentation and test (CSET 2009), p. 5. USENIX Association, Berkeley (2009)
Giani, A., Karsai, G., Roosta, T., Shah, A., Sinopoli, B., Wiley, J.: A test bed for secure and robust SCADA systems. In: 14th IEEE Real-time and Embedded Technology and Applications Symposium (RTAS 2008) WIP session (2008)
Hong, J., Wu, S.-S., Stefanov, A., Fshosha, A., Liu, C.-C., Gladyshev, P., Govindarasu, M.: An intrusion and defense test bed in a cyber-power system environment. In: 2011 IEEE Power and Energy Society General Meeting, pp. 1–5, July 24–29, 2011
Dayal, A., Deng, Y., Tbaileh, A., Shukla, S.: VSCADA: A reconfigurable virtual SCADA testbed for simulating power utility control center operations. In: 2015 IEEE To Appear Power and Energy Society General Meeting, July 26–30, 2015
GE Intelligent Platforms, Proficy HMI/SCADA - iFIX, datasheet, GFA-562D, August 2012
Lian, F.-L., Moyne, J.R., Tilbury, D.M.: Performance evaluation of control networks: Ethernet, ControlNet, and DeviceNet. IEEE Control Systems 21(1), 66–83 (2001)
Deng, Y., Lin, H., Shukla, S., Thorp, J., Mili, L.: Co-simulating power systems and communication network for accurate modeling and simulation of PMU based wide area measurement systems using a global event scheduling technique. In: 2013 Workshop on Modeling and Simulation of Cyber-Physical Energy Systems (MSCPES), pp. 1–6, May 20–20, 2013
Siemens, Dynamic Simulation, White Paper, 02/2
Liu, Y., Reiter, M.K., Ning, P.: False data injection attacks against state estimation in electric power grids. In: Proc. 16th ACM Conf. Comput. Commun. Security, Chicago, IL, USA, p. 21, November 2009
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Dayal, A., Deng, Y., Shukla, S.K. (2015). Design of Cyber Security for Critical Infrastructures: A Case for a Schizoid Design Approach. In: Chakraborty, R., Schwabe, P., Solworth, J. (eds) Security, Privacy, and Applied Cryptography Engineering. SPACE 2015. Lecture Notes in Computer Science(), vol 9354. Springer, Cham. https://doi.org/10.1007/978-3-319-24126-5_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-24126-5_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-24125-8
Online ISBN: 978-3-319-24126-5
eBook Packages: Computer ScienceComputer Science (R0)