Abstract
A Cyber Physical System (CPS) consists of cyber components for computation and communication, and physical components such as sensors and actuators for process control. These components are networked and interact in a feedback loop. CPS are found in critical infrastructure such as water distribution, power grid, and mass transportation. Often these systems are vulnerable to attacks as the cyber components are potential targets for attackers. In this work, we report a study to investigate the impact of cyber attacks on a water distribution (WADI) system. Attacks were designed to meet attacker objectives and launched on WADI using a specially designed tool. This tool enables the launch of single and multi-point attacks where the latter are designed to specifically hide one or more attacks. The outcome of the experiments led to a better understanding of attack propagation and behavior of WADI in response to the attacks as well as to the design of an attack detection mechanism for water distribution system.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abrams, M., Weiss, J.: Malicious control system cyber security attack case study-Maroochy Water Services. The MITRE Corporation, Australia (2008)
Adepu, S., Kandasamy, N.K., Mathur, A.: EPIC: an electric power testbed for research and training in cyber physical systems security. In: Katsikas, S.K., et al. (eds.) SECPRE/CyberICPS -2018. LNCS, vol. 11387, pp. 37–52. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-12786-2_3
Adepu, S., Mathur, A.: Distributed detection of single-stage multipoint cyber attacks in a water treatment plant. In: Proceedings of the 11th ASIACCS, pp. 449–460 (2016)
Adepu, S., Mathur, A.: Generalized attacker and attack models for cyber physical systems. In: 2016 IEEE 40th Annual COMPSAC, vol. 1, pp. 283–292 (2016)
Adepu, S., Mathur, A.: Assessing the effectiveness of attack detection at a hackfest on industrial control systems. IEEE Trans. Sustain. Comput. (2018)
Adepu, S., Mishra, G., Mathur, A.: Access control in water distribution networks: a case study. In: QRS (2017)
Ahmed, C.M., Palleti, V.R., Mathur, A.: WADI: a water distribution testbed for research in the design of secure cyber physical systems. In: 3rd CysWater (2017)
Amin, S., Litrico, X., Sastry, S., Bayen, A.: Cyber security of water SCADA systems; Part I: analysis and experimentation of stealthy deception attacks. IEEE Trans. Control Syst. Technol. (2013)
Amin, S., Litrico, X., Sastry, S., Bayen, A.: Cyber security of water SCADA systems; Part II: attack detection using enhanced hydrodynamic models. IEEE Trans. Control Syst. Technol. (2013)
Antonioli, D., Ghaeini, H.R., Adepu, S., Ochoa, M., Tippenhauer, N.O.: Gamifying ICS security training and research: design, implementation, and results of S3. In: Proceedings of the 2017 Workshop on Cyber-Physical Systems Security and PrivaCy, pp. 93–102. ACM (2017)
Baig, Z., Ahmad, S., Sait, S.: Detecting intrusive activity in the smart grid communications infrastructure using self-organizing maps. In: 12th IEEE TrustCom, pp. 1594–1599, July 2013
Bhave, A., Krogh, B., Garlan, D., Schmerl, B.: View consistency in architectures for cyber-physical systems. In: Proceedings of the 2nd ACM/IEEE International Conference on Cyber-Physical Systems (2011)
Chen, B., et al.: Go with the flow: toward workflow-oriented security assessment. In: Proceedings of the 2013 Workshop on New Security Paradigms Workshop. NSPW 2013, pp. 65–76 (2013)
Chen, Y., Poskitt, C.M., Sun, J.: Learning from mutants: using code mutation to learn and monitor invariants of a cyber-physical system. In: Proceedings of the IEEE Symposium on Security and Privacy (S&P 2018) (2018)
ICS-CERT Advisories. https://ics-cert.us-cert.gov/advisories
Frey, S., Rashid, A., Anthonysamy, P., Pinto-Albuquerque, M., Naqvi, S.A.: The good, the bad and the ugly: a study of security decisions in a cyber-physical systems game. IEEE Trans. Softw. Eng. (2018)
Gamage, T., McMillin, B., Roth, T.: Enforcing information flow security properties in cyber-physical systems: a generalized framework based on compensation. In: IEEE 34th Annual COMPSACW, pp. 158–163 (2010)
Goh, J., Adepu, S., Tan, M., Lee, Z.S.: Anomaly detection in cyber physical systems using recurrent neural networks. In: 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE), pp. 140–145. IEEE (2017)
Homeland Security: DHS common cybersecurity vulnerabilities in ICS. https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/DHS_Common_Cybersecurity_Vulnerabilities_ICS_2010.pdf
Jajodia, S., Noel, S.: Advanced cyber attack modeling, analysis, and visualization. Technical report AFRL-RI-RS-TR-2010-078. Final Technical Report, George Mason University, March 2010
Kang, E., Adepu, S., Jackson, D., Mathur, A.P.: Model-based security analysis of a water treatment system. In: In Proceedings of 2nd International Workshop on Software Engineering for Smart Cyber-Physical Systems, May 2016
Kasper Sky: Industrial control systems vulnerabilities statistics. https://kasperskycontenthub.com/securelist/files/2016/07/KL_REPORT_ICS_Statistic_vulnerabilities.pdf
Kwon, C., Liu, W., Hwang, I.: Security analysis for cyber-physical systems against stealthy deception attacks. In: ACC, pp. 3344–3349 (2013)
Lin, Q., Adepu, S., Verwer, S., Mathur, A.: Tabor: a graphical model-based approach for anomaly detection in industrial control systems. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 525–536. ACM (2018)
Microsoft: Activex controls. https://msdn.microsoft.com/en-us/library/aa751968(v=vs.85).aspx
Mitchell, R., Chen, I.R.: A survey of intrusion detection techniques for cyber-physical systems. ACM Comput. Surv. (CSUR) 46(4), 55 (2014)
Palleti, V.R., Narasimhan, S., Rengaswamy, R., Teja, R., Bhallamudi, S.M.: Sensor network design for contaminant detection and identification in water distribution networks. Comput. Chem. Eng. 87, 246–256 (2016)
Palleti, V.R., Tan, Y.C., Samavedham, L.: A mechanistic fault detection and isolation approach using Kalman filter to improve the security of cyber physical systems. J. Process Control 68, 160–170 (2018)
Patlolla, S.S., McMillin, B., Adepu, S., Mathur, A.: An approach for formal analysis of the security of a water treatment testbed. In: 2018 IEEE 23rd Pacific Rim International Symposium on Dependable Computing (PRDC), pp. 115–124. IEEE (2018)
Rocchetto, M., Tippenhauer, N.O.: On attacker models and profiles for cyber-physical systems. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9879, pp. 427–449. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45741-3_22
Rupp, M.: Honeywell XL web II controller vulnerabilities. https://ics-cert.us-cert.gov/advisories/ICSA-17-033-01
Taormina, R., Galelli, S., Tippenhauer, N.O., Salomons, E., Ostfeld, A.: Characterizing cyber-physical attacks on water distribution systems. J. Water Resour. Plann. Manag. 143(5), 04017009 (2017)
Taormina, R., et al.: Battle of the attack detection algorithms: disclosing cyber attacks on water distribution networks. J. Water Resour. Plann. Manag. 144(8), 04018048 (2018)
Acknowledgment
This work was supported in part by the National Research Foundation (NRF), Prime Minister’s Office, Singapore, under its National Cybersecurity R&D Programme (Award No. NRF2014NCR-NCR001-40, NRF2015NCR-NCR003-001) and administered by the National Cybersecurity R&D Directorate. The WADI testbed is built with the support from Ministry of Defense, Singapore and SUTD-MIT International Design Centre (IDC).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Adepu, S., Palleti, V.R., Mishra, G., Mathur, A. (2020). Investigation of Cyber Attacks on a Water Distribution System. In: Zhou, J., et al. Applied Cryptography and Network Security Workshops. ACNS 2020. Lecture Notes in Computer Science(), vol 12418. Springer, Cham. https://doi.org/10.1007/978-3-030-61638-0_16
Download citation
DOI: https://doi.org/10.1007/978-3-030-61638-0_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-61637-3
Online ISBN: 978-3-030-61638-0
eBook Packages: Computer ScienceComputer Science (R0)