Abstract
Supervisory control and data acquisition (SCADA) systems monitor and control major components of the critical infrastructure. Targeted malware such as Stuxnet is an example of a covert cyber attack against a SCADA system that resulted in physical effects. Of particular significance is how Stuxnet exploited the trust relationship between the human machine interface (HMI) and programmable logic controllers (PLCs). Current methods for validating system operating parameters rely on message exchange and network communications protocols, which are generally observed at the HMI. Although sufficient at the macro level, this method does not support the detection of malware that causes physical effects via the covert manipulation of a PLC. This paper introduces an alternative method that leverages the direct analysis of PLC inputs and outputs to derive the true state of SCADA devices. The input-output behavior characteristics are modeled using Petri nets to derive metrics for quantifying the resilience of PLCs against malicious exploits. The method enables the detection of programming changes that affect input-output relationships, the identification of the degree of deviation from a baseline program and the minimization of performance losses due to disruptive events.
Chapter PDF
Similar content being viewed by others
References
Department of Homeland Security, National Infrastructure Protection Plan, Washington, DC, 2009.
N. Falliere, L. O’Murchu and E. Chien, W32.Stuxnet Dossier, Symantec Corporation, Cupertino, California, 2011.
D. Germanus, A. Khelil and N. Suri, Increasing the resilience of critical SCADA systems using peer-to-peer overlays, Proceedings of the First International Symposium on Architecting Critical Systems, pp. 161–178, 2010.
National Infrastructure Advisory Council, Critical Infrastructure Resilience Final Report and Recommendations, Department of Homeland Security, Washington, DC, 2009.
J. Peterson, Petri Nets, ACM Computing Surveys, vol. 9(3), pp. 223–252, 1977.
J. Peterson, Petri Net Theory and the Modeling of Systems, Prentice Hall, Upper Saddle River, New Jersey, 1981.
C. Queiroz, A. Mahmood and Z. Tari, Survivable SCADA systems: An analytical framework using performance modeling, Proceedings of the IEEE Global Communications Conference, 2010.
Rockwell Automation, RSLogix 500, Milwaukee, Wisconsin.
A. Shah, A. Perrig and B. Sinopoli, Mechanisms to provide integrity in SCADA and PCS devices, Proceedings of the International Workshop on Cyber-Physical Systems Challenges and Applications, 2008.
K. Stouffer, J. Falco and K. Kent, Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security, NIST Special Publication 800-82, National Institute of Standards and Technology, Gaithersburg, Maryland, 2006.
The Learning Pit, ProSim II, Whitby, Ontario, Canada.
G. Wilshusen, Cybersecurity: Continued Attention Needed to Protect Our Nation’s Critical Infrastructure, GAO Report GAO-11-865T, Government Accountability Office, Washington, DC, 2011.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Bushey, H., Lopez, J., Butts, J. (2012). Quantifying Controller Resilience Using Behavior Characterization. In: Butts, J., Shenoi, S. (eds) Critical Infrastructure Protection VI. ICCIP 2012. IFIP Advances in Information and Communication Technology, vol 390. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35764-0_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-35764-0_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35763-3
Online ISBN: 978-3-642-35764-0
eBook Packages: Computer ScienceComputer Science (R0)