An official website of the United States government
Sensor networks and IoT systems have been widely deployed in monitoring and controlling system. With its increasing utilization, the functionality and performance of sensor networks and their applications are not the only design aims; security issues in sensor networks attract more and more attentions. Security threats in sensor and its networks could be originated from various sectors: users in cyber space, security-weak protocols, obsolete network infrastructure, low-end physical devices, and global supply chain. In this work, we take one of the emerging applications, advanced manufacturing, as an example to analyze the security challenges in the sensor network. Presentable attacks—hardware Trojan attack, man-in-the-middle attack, jamming attack and replay attack—are examined in the context of sensing nodes deployed in a long-range wide-area network (LoRaWAN) for advanced manufacturing. Moreover, we analyze the challenges of detecting those attacks.
more »
« less
Combined cyber and physical attacks on the maritime transportation system
For years, there has been discussion about physical security in the maritime transportation system (MTS). That discussion has led to standards, regulations, etc. In recent years, there has been an increasing interest in cyber security in the MTS that has led to discussions about best practices for cyber security. It is likely that many future attacks on the MTS (and other systems) will be multi-modal, including both a cyber and a physical component. As a simple example, hacking into security cameras at a port increases vulnerability to a physical intrusion. Thus, a cyber attack could be a precursor to a physical attack, and in fact the opposite could also be the case. This paper presents scenarios of combined cyber and physical attacks and describes ways to understand their likelihood based on ease of attack and seriousness of potential consequences.
more »
« less
- Award ID(s):
- 1737857
- PAR ID:
- 10166239
- Date Published:
- Journal Name:
- NMIOTC Maritime interdiction operations journal
- Volume:
- 18
- ISSN:
- 2241-4371
- Page Range / eLocation ID:
- 27-37
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
In this paper, we present the design and implementation of a cyber-physical security testbed for networked electric drive systems, aimed at conducting real-world security demonstrations. To our knowledge, this is one of the first security testbeds for networked electric drives, seamlessly integrating the domains of power electronics and computer science, and cybersecurity. By doing so, the testbed offers a comprehensive platform to explore and understand the intricate and often complex interactions between cyber and physical systems. The core of our testbed consists of four electric machine drives, meticulously configured to emulate small-scale but realistic information technology (IT) and operational technology (OT) networks. This setup both provides a controlled environment for simulating a wide array of cyber attacks, and mirrors potential real-world attack scenarios with a high degree of fidelity. The testbed serves as an invaluable resource for the study of cyber-physical security, offering a practical and dynamic platform for testing and validating cybersecurity measures in the context of networked electric drive systems. As a concrete example of the testbed’s capabilities, we have developed and implemented a Python-based script designed to execute step-stone attacks over a wireless local area network (WLAN). This script leverages a sequence of target IP addresses, simulating a real-world attack vector that could be exploited by adversaries. To counteract such threats, we demonstrate the efficacy of our developed cyber-attack detection algorithms, which are integral to our testbed’s security framework. Furthermore, the testbed incorporates a real-time visualization system using InfluxDB and Grafana, providing a dynamic and interactive representation of networked electric drives and their associated security monitoring mechanisms.more » « less
-
Cyber-physical systems (CPSs) rely on computing components to control physical objects, and have been widely used in real-world life-critical applications. However, a CPS has security risks by nature due to the integration of many vulnerable subsystems, which adversaries exploit to inflict serious consequences. Among various attacks, sensor attacks pose a particularly significant threat, where an attacker maliciously modifies sensor measurements to drift system behavior. There is a lot of work in sensor attack prevention and detection. Nevertheless, an essential problem is overlooked: recovery--what to do after detecting a sensor attack, which needs to safely and timely bring a CPS back. We aim to highlight the need to investigate this problem, outline its four key challenges, and provide a brief overview of initial solutions in the field.more » « less
-
The increasing penetration of cyber systems into smart grids has resulted in these grids being more vulnerable to cyber physical attacks. The central challenge of higher order cyber-physical contingency analysis is the exponential blow-up of the attack surface due to a large number of attack vectors. This gives rise to computational challenges in devising efficient attack mitigation strategies. However, a system operator can leverage private information about the underlying network to maintain a strategic advantage over an adversary equipped with superior computational capability and situational awareness. In this work, we examine the following scenario: A malicious entity intrudes the cyber-layer of a power network and trips the transmission lines. The objective of the system operator is to deploy security measures in the cyber-layer to minimize the impact of such attacks. Due to budget constraints, the attacker and the system operator have limits on the maximum number of transmission lines they can attack or defend. We model this adversarial interaction as a resource-constrained attacker-defender game. The computational intractability of solving large security games is well known. However, we exploit the approximately modular behavior of an impact metric known as the disturbance value to arrive at a linear-time algorithm for computing an optimal defense strategy. We validate the efficacy of the proposed strategy against attackers of various capabilities and provide an algorithm for a real-time implementation.more » « less
-
As cyber attacks are growing with an unprecedented rate in the recent years, organizations are seeking an efficient and scalable solution towards a holistic protection system. As the adversaries are becoming more skilled and organized, traditional rule based detection systems have been proved to be quite ineffective against the continuously evolving cyber attacks. Consequently, security researchers are focusing on applying machine learning techniques and big data analytics to defend against cyber attacks. Over the recent years, several anomaly detection systems have been claimed to be quite successful against the sophisticated cyber attacks including the previously unseen zero-day attacks. But often, these systems do not consider the adversary's adaptive attacking behavior for bypassing the detection procedure. As a result, deploying these systems in active real-world scenarios fails to provide significant benefits in the presence of intelligent adversaries that are carefully manipulating the attack vectors. In this work, we analyze the adversarial impact on anomaly detection models that are built upon centroid-based clustering from game-theoretic aspect and propose adversarial anomaly detection technique for these models. The experimental results show that our game-theoretic anomaly detection models can withstand attacks more effectively compared to the traditional models.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Journal Article:
- The DOI is not currently available.
