Moving Target Defense to Improve Industrial Control System Resiliency

  • Adrian R. ChavezEmail author
Part of the Advances in Information Security book series (ADIS, volume 75)


Historically, control systems have primarily depended upon their isolation from the Internet and from traditional information technology (IT) networks as a means of maintaining secure operation in the face of potential remote attacks over computer networks. However, these networks are incrementally being upgraded and are becoming more interconnected with external networks so they can be effectively managed and configured remotely. Examples of control systems include the electrical power grid, smart grid networks, microgrid networks, oil and natural gas refineries, water pipelines, and nuclear power plants. Given that these systems are becoming increasingly connected, computer security is an essential requirement as compromises can result in consequences that translate into physical actions and significant economic impacts that threaten public health and safety. Moreover, because the potential consequences are so great and these systems are remotely accessible due to increased interconnectivity, they become attractive targets for adversaries to exploit via computer networks. Several examples of attacks on such systems that have received a significant amount of attention include the Stuxnet attack, the US-Canadian blackout of 2003, the Ukraine blackout in 2015, and attacks that target control system data itself. Improving the cybersecurity of electrical power grids is the focus of our research.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    K. Stouffer, J. Falco, K. Scarfone, Guide to Industrial Control Systems (ICS) Security, (NIST Special Publication 800-82, 2011)Google Scholar
  2. 2.
    R. Chandia, J. Gonzalez, T. Kilpatrick, M. Papa, S. Shenoi, Security strategies for SCADA networks, in Critical Infrastructure Protection, (Springer, New York, 2007), pp. 117–131CrossRefGoogle Scholar
  3. 3.
    A. Cardenas, S. Amin, Z. Lin, Y. Huang, C. Huang, S. Sastry, Attacks against process control systems: Risk assessment, detection, and response, in Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, (ACM, 2011), pp. 355–366Google Scholar
  4. 4.
    Y. Huang, A. Cardenas, S. Amin, Z. Lin, H. Tsai, S. Sastry, Understanding the physical and economic consequences of attacks on control systems. Int. J. Crit. Infr. Prot. 2(3), 73–83 (2009)CrossRefGoogle Scholar
  5. 5.
    B. Miller, D. Rowe, A survey of SCADA and critical infrastructure incidents, in Proceedings of the 1st Annual Conference on Research in Information Technology, (ACM, 2012), pp. 51–56Google Scholar
  6. 6.
    N. Falliere, L. Murchu, E. Chien, W32. Stuxnet Dossier, in White paper, Symantec Corp., Security Response, vol. 5, (2011)Google Scholar
  7. 7.
    P. Pourbeik, P. Kundur, C. Taylor, The anatomy of a power grid blackout. IEEE Power. Energ. Mag. 4(5), 22–29 (2006)CrossRefGoogle Scholar
  8. 8.
    G. Liang, S. Weller, J. Zhao, F. Luo, Z. Dong, The 2015 Ukraine blackout: Implications for false data injection attacks. IEEE Trans. Power. Syst. 32, 3317–3318 (2017)CrossRefGoogle Scholar
  9. 9.
    S. Sridhar, M. Govindarasu, Data integrity attacks and their impacts on SCADA control system, in IEEE PES General Meeting, (July 2010), pp. 1–6Google Scholar
  10. 10.
    H. Farhangi, The path of the smart grid. IEEE Power. Energ. Mag. 8(1), 18–28 (2010)MathSciNetCrossRefGoogle Scholar
  11. 11.
    R. Robles, M. Choi, E. Cho, S. Kim, G. Park, J. Lee, Common threats and vulnerabilities of critical infrastructures. Int. J. Control. Autom. 1(1), 17–22 (2008)Google Scholar
  12. 12.
    C. Hauser, D. Bakken, A. Bose, A failure to communicate: Next generation communication requirements, technologies, and architecture for the electric power grid. IEEE Power. Energ. Mag. 3(2), 47–55 (2005)Google Scholar
  13. 13.
    R. Rajkumar, I. Lee, L. Sha, J. Stankovic, Cyber-physical systems: The next computing revolution, in Design Automation Conference, (June 2010), pp. 731–736Google Scholar
  14. 14.
    G. Ericsson, Cybersecurity and power system communication essential parts of a smart grid infrastructure. IEEE Trans. Power. Deliver. 25(3), 1501–1507 (2010)CrossRefGoogle Scholar
  15. 15.
    S. Hofmeyr, S. Forrest, Architecture for an artificial immune system. Evol. Comput. 8(4), 443–473 (2000)CrossRefGoogle Scholar
  16. 16.
    E. Al-Shaer, Q. Duan, J. Jafarian, Random host mutation for moving target defense, in SecureComm, (Springer, 2012), pp. 310–327Google Scholar
  17. 17.
    S. Antonatos, P. Akritidis, E. Markatos, K. Anagnostakis, Defending against hitlist worms using network address space randomization. Comput. Netw. 51(12), 3471–3490 (2007)CrossRefGoogle Scholar
  18. 18.
    K. Farris, G. Cybenko, Quantification of moving target cyber defenses, in SPIE Defense+ Security, (International Society for Optics and Photonics, 2015), pp. 94560L–94560LGoogle Scholar
  19. 19.
    A. Sharon, R. Levy, Y. Cohen, A. Haiut, A. Stroh, D. Raz, Automatic network traffic analysis, 24 Oct 2000, U.S. Patent 6,137,782Google Scholar
  20. 20.
    D. Goldschlag, M. Reed, P. Syverson, Onion routing for anonymous and private internet connections. Commun. ACM 42(2), 39–41 (1999)CrossRefGoogle Scholar
  21. 21.
    V. Shmatikov, M. Wang, Timing analysis in low latency mix networks: Attacks and defenses, in ESORICS 2006. LNCS, ed. by D. Gollmann, J. Meier, A. Sabelfeld, vol. 4189, (Springer, Heidelberg, 2006), pp. 18–33CrossRefGoogle Scholar
  22. 22.
    J. Raymond, Traffic analysis: Protocols, attacks, design issues, and open problems, in Designing Privacy Enhancing Technologies, Lecture Notes in Computer Science, LNCS 2009, ed. by H. Federath, (Springer-Verlag, 2001), pp. 10–29Google Scholar
  23. 23.
    R. Dingledine, N. Mathewson, P. Syverson, Tor: The second-generation onion router, in Usenix Security, (2004)Google Scholar
  24. 24.
    The Tor Project, (2014), URL
  25. 25.
    S. Chakravarty, M.V. Barbera, G. Portokalidis, M. Polychronakis, A. Keromytis, On the effectiveness of traffic analysis against anonymity networks using flow records, in PAM, (Springer-Verlag New York, New York, 2014), pp. 247–257Google Scholar
  26. 26.
    G. Tchabe, Y. Xu, Anonymous Communications: A Survey on I2P, (CDC Publication Theoretische Informatik-Kryptographie und Computeralgebra, 2014), URL
  27. 27.
    A. Keromytis, V. Misra, D. Rubenstein, SOS: An architecture for mitigating DDoS attacks. IEEE J. Sel. Area. Comm. 22(1), 176–188 (2004)CrossRefGoogle Scholar
  28. 28.
    K. Ahsan, D. Kundur, Practical data hiding in TCP/IP, in Proceedings of the Workshop on Multimedia Security at ACM Multimedia, vol. 2, (2002)Google Scholar
  29. 29.
    L. Pimenidis, T. Kolsch, Transparent anonymization of IP-based network traffic, in Proceedings of the 10th Nordic Workshop on Secure IT-Systems, (2005)Google Scholar
  30. 30.
    S. Jajodia, A. Ghosh, V. Subrahmanian, V. Swarup, C. Wang, X. Wang (eds.), Moving Target Defense II – Application of Game Theory and Adversarial Modeling (Springer, New York, 2013)Google Scholar
  31. 31.
    H. Okhravi, M. Rabe, T. Mayberry, W. Leonard, T. Hobson, D. Bigelow, W. Streilein, Survey of Cyber-Moving Target Techniques, (Massachusetts Institute of Technology, Lexington Lincoln Laboratory Technical Report, 2013)Google Scholar
  32. 32.
    B. Salamat, T. Jackson, G. Wagner, C. Wimmer, M. Franz, Runtime defense against code injection attacks using replicated execution. IEEE Trans. Depend. Secure. Comput. 8(4), 588–601 (2011)CrossRefGoogle Scholar
  33. 33.
    D. Holland, A. Lim, M. Seltzer, An architecture a day keeps the hacker away. ACM SIGARCH Comp. Arch. News. 33(1), 34–41 (2005)CrossRefGoogle Scholar
  34. 34.
    H. Okhravi, A. Comella, E. Robinson, J. Haines, Creating a cyber-moving target for critical infrastructure applications using platform diversity. Int. J. Crit. Infr. Prot. 5(1), 30–39 (2012)CrossRefGoogle Scholar
  35. 35.
    B. Cox, D. Evans, A. Filipi, J. Rowanhill, W. Hu, J. Davidson, J. Knight, A. Nguyen-Tuong, J. Hiser, N-variant systems: A secretless framework for security through diversity, in USENIX Security Symposium, (2006), pp. 105–120Google Scholar
  36. 36.
    S. McLaughlin, D. Podkuiko, A. Delozier, S. Miadzvezhanka, P. McDaniel, Embedded firmware diversity for smart electric meters, in HotSec’10 Proceedings of the 5th USENIX Conference on Hot Topics in Security, (2010)Google Scholar
  37. 37.
    G. Kc, A. Keromytis, V. Prevelakis, Countering code-injection attacks with instruction-set randomization, in Proceedings of the 10th ACM conference on Computer and Communications Security, (2003), pp. 272–280Google Scholar
  38. 38.
    H. Shacham, M. Page, B. Eu-Jin Goh, N. Modadugu, D. Boneh, On the effectiveness of address-space randomization, in Proceedings of the 11th ACM Conference on Computer and Communications Security, (2004), pp. 298–307Google Scholar
  39. 39.
    A. Sovarel, D. Evans, N. Paul, Where’s the FEEB? The effectiveness of instruction set randomization, in USENIX Security Symposium, (2005)Google Scholar
  40. 40.
    J. Ganz, S. Peisert, ASLR: How robust is the randomness? in Proceedings of the 2017 IEEE Secure Development Conference (SecDev), (2017)Google Scholar
  41. 41.
    A. Chavez, W. Stout, S. Peisert, Techniques for the dynamic randomization of network attributes, in Proceedings of the 49th Annual International Carnahan Conference on Security Technology, (2015)Google Scholar
  42. 42.
    S. Forrest, A. Somayaji, D. Ackley, Building diverse computer systems, in The Sixth Workshop on Hot Topics in Operating Systems, (IEEE, 1997), pp. 67–72Google Scholar
  43. 43.
    C. Cadar, P. Akritidis, M. Costa, J. Martin, M. Castro, Data randomization, Microsoft Research Technical Report TR-2008-120, (2008)Google Scholar
  44. 44.
    S. Boyd, A. Keromytis, SQLrand: Preventing SQL injection attacks, in Applied Cryptography and Network Security, (Springer, Berlin/Heidelberg, 2004), pp. 292–302CrossRefGoogle Scholar
  45. 45.
    A. O’Donnell, H. Sethu, On achieving software diversity for improved network security using distributed coloring algorithms, in Proceedings of the 11th ACM Conference on Computer and Communications Security, (2004), pp. 121–131Google Scholar
  46. 46.
    Q. Zhang, D. Reeves, Metaaware: Identifying metamorphic malware, in Twenty-Third Annual Computer Security Applications Conference, ACSAC 2007, (IEEE, 2007), pp. 411–420Google Scholar
  47. 47.
    M. Rieback, B. Crispo, A. Tanenbaum, Is your cat infected with a computer virus? in Fourth Annual IEEE International Conference on Pervasive Computing and Communications, (2006), pp. 10Google Scholar
  48. 48.
    I. You, K. Yim, Malware obfuscation techniques: A brief survey, in 2010 IEEE International Conference on Broadband, Wireless Computing, Communication and Applications, (2010), pp. 297–300Google Scholar
  49. 49.
    J. Butts, G. Sohi, Dynamic dead-instruction detection and elimination. ACM SIGOPS Operat. Syst. Rev. 36(5), 199–210 (2002)CrossRefGoogle Scholar
  50. 50.
    A. Sung, J. Xu, P. Chavez, S. Mukkamala, Static analyzer of vicious executables (SAVE), in 20th Annual IEEE Computer Security Applications Conference, (2004), pp. 326–334Google Scholar
  51. 51.
    B. Salamat, A. Gal, M. Franz, Reverse stack execution in a multi-variant execution environment, in Workshop on Compiler and Architectural Techniques for Application Reliability and Security, (2008), pp. 1–7Google Scholar
  52. 52.
    B. Min, V. Varadharajan, U. Tupakula, M. Hitchens, Antivirus security: Naked during updates. Softw. Pract. Exper. 44(10), 1201–1222 (2014)CrossRefGoogle Scholar
  53. 53.
    B. De Sutter, B. Anckaert, J. Geiregat, D. Chanet, and K. Bosschere. Instruction set limitation in support of software diversity, in Information Security and Cryptology ICISC 2008, ed. by P. Lee, J. Cheon, vol. 5461 of Lecture Notes in Computer Science, (Springer, Berlin/Heidelberg, 2009), pp. 152–165Google Scholar
  54. 54.
    D. Kuck, R. Kuhn, D. Padua, B. Leasure, M. Wolfe, Dependence graphs and compiler optimizations, in Proceedings of the 8th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, (1981), pp. 207–218Google Scholar
  55. 55.
    North American Electricity Council (NERC), Critical Infrastructure Protection (CIP) Reliability Standards, (2009), URL
  56. 56.
    G. Disterer, ISO/IEC 27000, 27001 and 27002 for information security management. J. Infor. Secur. 4(2), 92 (2013)CrossRefGoogle Scholar
  57. 57.
    National Institute of Standards and Technology (NIST), Cybersecurity Framework (CSF), (2014), URL
  58. 58.
    K. LaCommare, J. Eto, Cost of power interruptions to electricity consumers in the United States (U.S.). Energy 31(12), 1845–1855 (2006)CrossRefGoogle Scholar
  59. 59.
    G. Andersson, P. Donalek, R. Farmer, N. Hatziargyriou, I. Kamwa, P. Kundur, N. Martins, J. Paserba, P. Pourbeik, J. Sanchez-Gasca, R. Shultz, J. Stankovic, C. Taylor, V. Vittal, Causes of the 2003 major grid blackouts in North America and Europe, and recommended means to improve system dynamic performance. IEEE Trans. Power. Syst. 20(4), 1922–1928 (2005)CrossRefGoogle Scholar
  60. 60.
    U.S.-Canada Power System Outage Task Force, Final Report on the August 14, 2003, blackout in the United States and Canada: Causes and recommendations, Merrimack Station AR-1165. URL
  61. 61.
    G. Anderson, M. Bell, Lights out: Impact of the August 2003 power outage on mortality in New York, NY. Epidemiology 23(2), 189 (2012)CrossRefGoogle Scholar
  62. 62.
    IDA Modbus, Modbus Application Protocol Specification v1. 1a, (North Grafton, Massachusetts, 2004), URL
  63. 63.
    G. Clarke, D. Reynders, E. Wright, Practical Modern SCADA Protocols: DNP3, 60870.5, and Related Systems, (Newnes, 2004)Google Scholar
  64. 64.
    F. Joachim, PROFINET-scalable factory communication for all applications, in Proceedings of Factory Communication Systems, (IEEE, 2004), pp. 33–38Google Scholar
  65. 65.
    R. Walters, Cyber-attacks on U.S. companies in 2014, in The Heritage Foundation, vol. 4289, (2014), pp. 1–5Google Scholar
  66. 66.
    B. Zhu, A. Joseph, S. Sastry, A taxonomy of Cyber-attacks on SCADA systems, in Internet of Things (iThings/CPSCom), 4th IEEE International Conference on Cyber, Physical and Social Computing, (2011), pp. 380–388Google Scholar
  67. 67.
    F. Miller, A. Vandome, J. McBrewster, Advanced Encryption Standard, (2009)Google Scholar
  68. 68.
    P. Chodowiec, Comparison of the hardware performance of the AES candidates using reconfigurable hardware, Ph.D. thesis, (George Mason University, 2002)Google Scholar
  69. 69.
    F. Robertson, J. Carroll, W. Sanders, T. Yardley, E. Heine, M. Hadley, D. McKinnon, B. Motteler, J. Giri, W. Walker, E. McCartha, Secure Information Exchange Gateway for Electric Grid Operations, (Grid Protection Alliance Technical Report, Chattanooga, TN, 2014)Google Scholar
  70. 70.
    S. Hurd, J. Stamp, A. Chavez, OPSAID Initial Design and Testing Report, (Department of Energy, 2007)Google Scholar
  71. 71.
    B. Smith, J. Stewart, R. Halbgewachs, A. Chavez, Cybersecurity interoperability: The Lemnos project, in 53rd ISA POWID Symposium, vol. 483, (2010), pp. 50–59Google Scholar
  72. 72.
    R. Halbgewachs, A. Chavez, OPSAID improvements and capabilities report, Sandia National Laboratories Technical Report, (2011)Google Scholar
  73. 73.
    T. Hughes, Networks of Power: Electrification in Western Society, 1880–1930 (JHU Press, Baltimore, 1993)Google Scholar
  74. 74.
    P. Castello, P. Ferrari, A. Flammini, A. Muscas, S. Rinaldi, An IEC 61850-compliant distributed PMU for electrical substations, in Applied Measurements for Power Systems (AMPS), 2012 IEEE International Workshop, (2012), pp. 1–6Google Scholar
  75. 75.
    F. Milano, M. Anghel, Impact of time delays on power system stability. IEEE Trans. Circuits. Syst. I Reg. Papers. 59(4), 889–900 (2012)MathSciNetCrossRefGoogle Scholar
  76. 76.
    R. Mackiewicz, Overview of IEC 61850 and benefits, in IEEE Power Systems Conference and Exposition, PSCE’06, (2006), pp. 623–630Google Scholar
  77. 77.
    S. Staniford, V. Paxson, N. Weaver, How to own the Internet in your spare time, in USENIX Security Symposium, vol. 2, (2002), pp. 14–15Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Sandia National LaboratoriesAlbuquerqueUSA

Personalised recommendations