Fingerprinting cyber physical systems: A physics-based approach

Abstract

Industrial Control System (ICS) networks used in critical infrastructure networks like the power grid represent a different set of security challenges when compared to traditional IT networks. The electric power grid comprises several components most of which are critical physical devices and have to be safeguarded to ensure reliable operation. The devices in the field are remotely controlled via the control network of the plant from the control center. The distributed nature of these networks makes it almost impossible to perform the same common security practices as done in traditional IT networks (e.g., regular security upgrades). It is partially due to the fact that these legacy devices are incapable of supporting future upgrades and because of the remote location of these devices. Cyber attacks on an electric grid can originate from an external intruder who has gained access to the control network or from a disgruntled employee who already has access to the network. Among several possible attacks on an electric grid, this work specifically proposes to tackle the false data injection issue during control command requests to the field devices in the substation. The thesis work proposes to help to ensure the authenticity of the responses by analyzing the observed response against the fingerprints developed by operation times associated with each device in the plant. Also, in this work, the accuracy of the proposed fingerprinting technique is evaluated from a dataset generated from controlled lab experiments.