Cyber-air-gapped detection of controller attacks through physical interdependencies

Abstract

Trustworthy operation of the power grid critical infrastructures requires real-time intrusion detection systems to identify compromised and malfunctioning controller devices. The past three decades of direct application of the traditional purely cyber security solutions against these infrastructures has proved insufficient in practice due to emerging sophisticated malicious attacks against power grid control systems. In this paper, we propose PhiDS, a physics-aware intrusion detection system to identify compromised controllers through continuous observation of remote power system sensor measurements. Real-time remote sensor data analysis enables PhiDS to determine the power system state trajectory and infer the control commands issued by the distributed controllers on the plant. Given the power system safety requirements, PhiDS monitors the data stream and identifies the controllers that issue control commands that violates the safety of the power system. PhiDS does not require any cyber communication with the (potentially compromised) controller devices, and hence provides an air-gap between the the security monitor and the target device. Consequently, if the controller is infected, the adversary cannot compromise and corrupt the monitor’s reports. The will ensure that the monitor will always remain away from the adversaries’ access and hence provide trustworthy reports. We implemented and evaluated PhiDS on a real-world power system test-bed, where the programmable logic controllers are targets for and attacked by the remote network adversaries. PhiDS was able to identify all the infected controllers efficiently without any cyber link to the controllers. PhiDS’s outcomes were instead purely based on the power system measurements from sensors that are deployed adjacent to the controllers.

Publication
In 2017 IEEE International Conference on Smart Grid Communications (SmartGridComm)
Sriharsha Etigowni
Sriharsha Etigowni
Post Doctoral Research Associate

My research interests include Cyber-Physical Security, Embedded System Security and Industrial Control System Security.