2019 ICS Cyber Security Conference | USA

The Air Force Institute of Technology's (AFIT) work continues on developing a reliable non-intrusive, non-operably connected PHY-based security augmentation for IoT, IIoT, ICS/SCADA, and general wireless sensor applications. The successful demonstration and historical maturation of Distinct Native Attribute (DNA) Fingerprinting methods has led to a patent-pending DNA cyber security monitoring capability supporting both pre-attack defense and post-attack forensic objectives. The monitoring system foundation is derived from wired Highway Addressable Remote Transducer (HART) signal work in, with favorable results therein motivating the more recent WirelessHART work being reported upon here. The goal is reliable DNA-based discriminability of device hardware (cross-manufacturer, cross-model, and like-model serial number) and/or device operating state (normal vs. anomalous). The PHY-based physical-layer work here is of particular interest given that a majority of WirelessHART security mechanisms (some would argue all) are implemented exclusively within higher bit-level network layers using some of the same protection mechanisms commonly attacked in IT systems. Most recent results for WirelessHART are sufficiently favorable to motivate continued investigation and include better than 90% 8-class device discrimination of Sitrans AW210 and Pepperl+Fuchs Bullet adapters.

Organizations and professionals are challenged to protect industrial control systems (ICS). Industrial control systems have been and continue to be the target of advanced cyber-attacks. These systems run the infrastructures that power the electric grid, natural gas supply, transportation, and other vital commodities. Cyber-security professionals have enumerated various techniques and methods to protect ICS against cyber-attacks. Despite these protective methods, ICS still suffer from breaches.

This study conducted a deep dive into three of the most advanced ICS cyber-attacks (Stuxnet, TRISYS, BlackEnergy 3)

The tactics of penetration and attack of each cyber-attack were reviewed. The study then examined several of the methods of protection recommended by regulatory and industry professionals. Each of these protection methods was matched against each of the advanced cyber-attacks to establish the efficacy of the method to protect the ICS.

The results of this study found that not all methods of ICS protection worked against advanced ICS cyber-attacks. In addition, there was a noticeable difference of protection among the methods against first-time attacks, when the malware was unknown, versus attacks when the malware was known to the cyber community and steps were taken to defend against the attack.

The study recommended further research into current ICS cyber-attacks. Additional exploration should be done to select and examine other documented methods of protection. Adding further results to the tables in the study will sharpen the determination of the effectiveness of each method against cyber-attacks.