A Cyber-Security System for An Industrial Power Generation Facility
General Material Designation
[Thesis]
First Statement of Responsibility
Korkmaz, Emrah
Subsequent Statement of Responsibility
Skormin, Victor A.
.PUBLICATION, DISTRIBUTION, ETC
Name of Publisher, Distributor, etc.
State University of New York at Binghamton
Date of Publication, Distribution, etc.
2019
GENERAL NOTES
Text of Note
156 p.
DISSERTATION (THESIS) NOTE
Dissertation or thesis details and type of degree
Ph.D.
Body granting the degree
State University of New York at Binghamton
Text preceding or following the note
2019
SUMMARY OR ABSTRACT
Text of Note
In recent years, in respect to advances in information technology and the strive for improved efficiency, information technologies have been increasingly integrated into critical infrastructures. Therefore, the critical infrastructure sectors such as power systems, gas pipeline systems, etc. increasingly rely on digital technology, especially network connected devices. As a result of this increasing connectivity, the critical infrastructure facilities became vulnerable to cyberattacks and dependent on cyber defenses. National security agencies are increasingly concerned about cyber threats to critical infrastructures. In fact, recent events demonstrate that this concern is not groundless. For instance, experts in critical infrastructure sector witnessed the first known successful power outage caused by a cyber-attack. The attackers were able to compromise critical information systems of three utility companies in Ukraine and became successful in temporary disruption of control of the entire power systems in the region. In addition, one of the most famous cyberattack incidents targeting critical infrastructures was the Stuxnet attack. This attack deliberately targeted an Iranian nuclear plant in which Programmable Logic Controllers (PLCs) were utilized. These attacks demonstrate that adversaries can and do target networked Industrial Control Systems (ICSs). Many efforts have been made to deal with this cybersecurity issue in national laboratories and universities where possible mechanisms and consequences of cyber-attacks are investigated. However, recently published cyber security reports still warn ICS security specialists about dangerous cyber assaults and they advise how to build security mechanisms for ICSs in order to analyze risks and threats, as well as to detect potential cyber-attacks. Therefore, we created a cybersecurity testbed environment based on a power generation setup which includes real PLC devices, motor drives, motor generator modules, sensor devices, and cyber-attack tools. Although the testbed is an emulation of a power generation station, the result of cyberattacks on the testbed could be seen on any real-time critical infrastructures. The testbed implements the process monitoring/data collection, typical for an industrial power facility. This data facilitates the deployment and analysis of several approaches for exposing different attack types and the likely impact of cyberattacks on the testbed. Despite the number of cyberattack scenarios is quite extensive, we especially focus on the application of the proposed technologies for the addressing and detection/mitigation of typical attacks: time delay injection and Stuxnet-type attacks on PLCs. First, this dissertation presents the impacts of time delay attacks on networked control systems, in which an attacker injects extra time delays through the feedback and forward channels of control systems. By a time-delay attack, an adversary might interfere with the control system and create instability conditions that could cause the control system to crash. Furthermore, the IP based real-time intelligent electronic devices do not detect small amounts of time delay injection and therefore create any fault/emergency conditions. In order to protect ICSs, which have networked control devices, from such attacks, we propose an anomaly detection method based on an online recursive parameter estimation method. By using this proposed method, the time delay injection attacks can be detected, and delay compensation and mitigation can be performed. Secondly, we also demonstrated how Stuxnet-type attacks on networked PLCs can be recognized, detected and mitigated in the timely fashion based on early manifestation of the attack on the targeted system. We utilize the Recursive Least Square (RLS) method to track unauthorized alteration within industrial networks and detect any malicious parameter injections performed by cyber attackers, and thereby mitigate the destructive effects of attacks. Meanwhile we offer to use comprehensive attack mitigation techniques for both time-delay injection attacks and Stuxnet-type attacks on ICSs. The technology proposed in this study cannot only be easily implemented in real-time control systems but also it by design improves security and safety without disrupting the routine automation cycle because the designed attack mitigation technique is intended to be an integral part of the industrial automation and control systems from the design to implementation. Finally, the dissertation presents the concept of a national academic/research facility addressing cyber threats to ICSs. While the administrative and organizational aspects of this venture are outside the framework of this dissertation, we compiled the methodological base of the facility envisioning it as an extended version of the existing Network Security Core at Binghamton University. The proposed facility will provide a great support and coordinate efforts of numerous students, educators, researchers and practitioners working in various areas of cybersecurity nationwide.