Implementation and Detection of Novel Attacks to the PLC Memory of a Clean Water Supply System

  • Andres Robles-Durazno
  • Naghmeh Moradpoor
  • James McWhinnie
  • Gordon Russell
  • Inaki Maneru-Marin
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 895)


Critical infrastructures such as nuclear plants and water supply systems are mainly managed through electronic control systems. Such control systems comprise of a number of elements, such as programmable logic controllers (PLC), networking devices, sensors and actuators. With the development of online and networking solutions, such control systems can be managed online. Even though network connected control systems permit users to keep up to date with system operation, it also opens the door to attackers taking advantages of such availability. In this paper, a novel attack vector for modifying PLC memory is proposed, which affects the perceived values of sensors, such as a water flow meter, or the operation of actuators, such as a pump. In addition, this attack vector can also manipulate control variables located in the PLC working memory, reprogramming decision making rules. To show the impact of the attacks in a real scenario, a model of a clean water supply system is implemented on a Festo MPA rig. The results show that the attacks on the PLC memory can have a significant detrimental effect on control system operations. Further, a mechanism of detecting such attacks on the PLC memory is proposed based on monitoring energy consumption and electrical signals using current-measurement sensors. The results show the successful implementation of the novel PLC attacks as well as the feasibility of detecting such attacks.


Industrial Control Systems (ICS) Cyber attacks PLC memory attack Clean water supply system 


  1. 1.
    Kaspersky: Threat Landscape for Industrial Automation Systems in H1 2017, 20 May 2018.
  2. 2.
    Secure water treatment (SWaT) Dataset, 21 May 2018.
  3. 3.
    Morris, T.H., Gao, W.: Industrial control system cyber attacks. In: Proceedings of the 1st International Symposium on ICS & SCADA Cyber Security Research 2013, Leicester (2013)Google Scholar
  4. 4.
    Bradley, T.: Water utility hacked: are critical systems at risk? PCWorld, 20 November 2011. Accessed 30 April 2018
  5. 5.
  6. 6.
    Khurum Nazir, J., Goh, J.: Behaviour-based attack detection and classification in cyber physical systems using machine learning. In: Proceedings of the 2nd ACM International Workshop on Cyber-Physical System Security, Xi’an, China (2016)Google Scholar
  7. 7.
    Adepu, S., Mathur, A.: An investigation into the response of a water treatment system to cyber attacks. In: 2016 IEEE 17th International Symposium on High Assurance Systems Engineering (HASE) (2016)Google Scholar
  8. 8.
    Terai, A., Abe, S., Kojima, S., Takano, Y., Koshijima, I.: Cyber-attack detection for industrial control system monitoring with support vector machine based on communication profile. In: 2017 IEEE European Symposium on Security and Privacy Workshops (EuroS PW) (2017)Google Scholar
  9. 9.
    Hurst, W., Merabti, M., Fergus, P.: Big data analysis techniques for cyber-threat detection in critical infrastructures. In: 28th International Conference on Advanced Information Networking and Applications Workshops (2014)Google Scholar
  10. 10.
    Inoue, J., Yamagata, Y., Chen, Y., Poskitt, C., Sun, J.: Anomaly detection for a water treatment system using unsupervised machine learning. In: IEEE International Conference on Data Mining Workshops (2017)Google Scholar
  11. 11.
    Goh, J., Adepu, S., Tan, M., Lee, Z.: Anomaly detection in cyber physical systems using recurrent neural networks. In: 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE) (2017)Google Scholar
  12. 12.
    Almalawi, A., Yu, X., Tari, Z., Fahad, A., Khalila, I.: An unsupervised anomaly-based detection approach for integrity attacks on SCADA systems. Comput. Secur. 46, 94 (2014)CrossRefGoogle Scholar
  13. 13.
    Frank, A., Asuncion, A.: UCI machine learning repository, 12 May 2018.
  14. 14.
    Kamel, K., Kamel, E.: Programmable Logic Controllers: Industrial Control. McGraw-Hill Professional, New York (2013)Google Scholar
  15. 15.
    Bolton, W.: Input/output devices. In: Programmable Logic Controllers, Sixth Edn., Chap. 2, pp. 23–61. Newnes, Boston (2015)CrossRefGoogle Scholar
  16. 16.
    Langner, R.: Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur. Priv. 9, 49–51 (2011)CrossRefGoogle Scholar
  17. 17.
    Shames, I., Texeira, A., Sandberg, H., Johansson, K.: Revealing stealthy attacks in control systems. In: 2012 50th Annual Allerton Conference on Communication, Control, and Computing (Allerton) (2012)Google Scholar
  18. 18.
    Urbina, D., et al.: Limiting the impact of stealthy attacks on industrial control systems. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna (2016)Google Scholar
  19. 19.
    Robles-Durazno, A., Moradpoor, N., McWhinnie, J., Russell, G.: A supervised energy monitoring-based machine learning approach for anomaly detection in a clean water supply system. In: Cyber Security 2018 (2018). Accepted for publicationGoogle Scholar
  20. 20.

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Andres Robles-Durazno
    • 1
  • Naghmeh Moradpoor
    • 1
  • James McWhinnie
    • 1
  • Gordon Russell
    • 1
  • Inaki Maneru-Marin
    • 1
  1. 1.Edinburgh Napier UniversityEdinburghScotland, UK

Personalised recommendations