THE CHALLENGES OF CYBER-PHYSICAL SYSTEM SECURITY
The world we live in is highly interconnected, increasing the complexity of protecting our infrastructure systems from natural and man-made disruptions. Our daily lives depend on the efficient functioning of cyber-physical systems (CPS); we must not only effectively mitigate risks to these systems, but also enhance resilience.The line between the physical and cyber spaces continues to blur. Today, many of the methods we use to protect our physical assets utilize digital technologies, whether it be electronic locks, biometric access controls, or digital video surveillance. Correspondingly, the digital systems we rely on must have physical security measures in place to protect them from tampering by both internal and external sources.
Chief Information Officers (CIOs) and security professionals need to develop an organization-specific strategic plan to identify how their physical and cyber worlds intersect and interact to ensure a comprehensive means of protection is in place. This involves fostering collaboration between information technology (IT) professionals and facility and operations staff to effectively protect from cyber/physical threats. An all-inclusive approach will also aid in the resilience of the organization by helping to gain a better understanding of which physical processes rely on cyber means for operations.
CPS are playing an increasingly important role within critical infrastructure assets and systems. While CPS can foster innovation, lower costs, and offer a competitive advantage, cybersecurity risks and attack surfaces increase. Recent events have highlighted the need for an in-depth analysis of the cyber-physical convergence within critical infrastructure.
The world we live in is highly interconnected, increasing the complexity of protecting our infrastructure systems from natural and man-made disruptions
This cyber-attack on physical systems exemplifies a new and growing threat to critical infrastructure around the world, and the extent and nature of this threat is presently not well understood. Current research provides important insight about critical infrastructure assets and their interdependency, as well as industrial c o n t r o l systems and the cyber threats influencing them. These research efforts now need to be integrated to provide a reliable, measurable, and data-driven model of the threats posed by cyber-attacks on the Nation’s critical physical infrastructure.
Effects of cyber-attacks on critical infrastructure such as those described above have traditionally been difficult to identify and visualize. Researchers have started to build capabilities to address relevant components of this challenge: modeling of cyber-exposed components typical of specific classes of infrastructure and establishment of a physical dependency profile for each class of infrastructure. It is vital to integrate these approaches to allow for the analysis of cyber-attacks on various types of critical infrastructure. Linking physical dependency profiles to the cyber-focused model allows for an analysis of what a cyber-attackmay mean to downstream infrastructure, providing organizations with the decision support necessary to plan for, respond to, and recover from undesirable events whether natural or man-made.
Idaho National Laboratory (INL) researchers have been working diligently to develop solutions for the security challenges facing CPS. INL’s Resilience Optimization Center (IROC) leverages cyberterrorist and hacker methods to help organizations protect themselves, their businesses, and their stakeholders. INL works collaboratively to develop mitigation techniques and tools, supported by a vast infrastructure test range, to reduce cyber vulnerabilities found in many of the Nation’s critical infrastructure systems.In addition, INL’s All Hazards Analysis (AHA) framework provides a methodology for identifying how infrastructure are connected, as well as associate physical and cyber assets to functional business processes. INL’s Component Analysis for Industrial Control Systems research area examines the potential vulnerabilities within the hardware and software components incorporated into industrial-control and operational-technology systems.
Our world will continue to become more connected through CPS as these systems allow us to carry out our way of life in more convenient, connected ways. Researchers continue to develop strategies and solutions to mitigate risks and enhance resilience of CPS to protect the Nation’s infrastructure. Through more informed decision-making and increased implementation of state-of-the-art solutions, we can better protect our critical infrastructure that rely on CPS to reduce operational impacts.