Malicious applications can be a security threat to Cyber-physical systems as these systems are composed of heterogeneous distributed systems and mostly depends on the internet, ICT services and products. The usage of ICT products and services gives the opportunity of less expensive data collection, intelligent control and decision systems using automated data mining tools. Cyber-physical systems become exposed to the internet and the public networks as they have integrated to the ICT networks for easy automated options. Cyber-attacks can lead to functional failure, blackouts, energy theft, data theft etc. and this will be a critical security concern for Cyber-physical systems. There have been many instances of cyber-attacks on CPS systems earlier, the most popular being the Stuxnet virus attack. In total there have been 7 instances of such attacks on CPS systems that have the potential to totally cripple critical infrastructures causing huge business impacts including loss of life in some cases. Earlier these CPS or process level systems used to work in an isolated manner with very less intelligence, but as the convergence between CPS and IT is increasing their cyber-attack surface is increasing for threat actors to exploit. Therefore, in this chapter, the authors shall be seeing the technical threats in the form of malware which can exploit the CPS systems and how it can be protected from cyber-attacks.
TopIntroduction
Cyber-Physical system (CPS) is the new generation of intelligent, digital systems composed of physical hardware capabilities and computing software techniques. Optimizing functionality, autonomy, reliability, and safety CPS is a major step for future technology that could change and improve lives for the better.
Designed to act like a network of multiple variables with both physical input and output considered, this smart network is one where the physical and virtual worlds merge. Falling under the embedded system category, CPS can interact seamlessly with real-world systems by means of computation, communication, and control.
CPS is commonly characterized to be adaptive, robust, and user-friendly, and will eventually lead to the advanced implementation of the Internet of Things (IoT). Like IoT, every cyber-physical system is designed to support real-time applications that can manage various environmental datasets.
With CPS’s huge potential in bringing about significant social benefits across domains, being able to design and build secure CPSs to deliver consistent and dependable action is of particular importance. A lot of cyber-physical systems are being used in manufacturing, transportation, health care and energy, among other industries.
CPS must have a fully integrated and connected private network that can remotely connect with other untrusted systems when necessary. The smartness of the network must be based on intelligent data available from big data analytics resulting from collected data of sensors and external devices. With the help of intelligent decision-making, the complete process of communication, control and computation will be delivered simultaneously.
By and large, every CPS is networked, has a strong sensing capability, has higher performance capability, and can work in a real-time environment with highly predictable behaviour, influencing risk mitigation and failure response effectively.
Context of the Chapter
The context of the chapter is to provide insights into the different CPS malware and its analysis that will prove a roadmap for its detection capabilities. Cyber-attacks of CPS systems using intelligent malware begin during the early 2000s where these malicious programs were targeted towards Critical infrastructure such as nuclear, aviation, electricity, and water sectors. The Triton malware was used to attack petrochemical plants in Saudi Arabia and caused it to shutdown to prevent an explosion. BlackEnergy2 and Indus-Troyer malware variants were used to take down power grids in Ukraine. The Havex rootkit was used to target CPS of different sectors by malfunctioning the underlying firmware in the PLC. Stuxnet, probably the most sophisticated malware ever built was used to attack the Iranian nuclear facilities.
Based on the different types of CPS malware discussed, the underlying functionalities are similar based upon Command-and-Control techniques and Remote Access capabilities. Based on the existing technology and methods of hacking, it can be concluded that C&C and RAT can be propagated via SMS, Bluetooth, E-mail attachments, P2P networks, covert channel attacks or any other surveillance methods.
This chapter talks about malware classification and detection techniques focusing on the different types of malwares discussed above. The malware classification for CPS would be discussed based upon fuzzy logic algorithm. There are two variants of the fuzzy logic algorithm namely Anomaly based and Signature based detection.
Cps And Internet Of Things (Iot)
CPS has often been compared with IoT. They are often used interchangeably depending on the industrial context and framework [11]. CPS is mostly used in North American Industrial sectors while IoT is mostly used in European Industrial sectors [12]. However, it is possible to say that CPS emphasizes on the embedded part while IoT emphasizes on connectivity. Both of CPS and IoT have physical and cyber aspects. Table 1 compares both technologies based on four aspects: devices, communication/networking, connectivity levels, and applications.