2020 - Industrial Control Systems Cyberattack Trends and Countermeasures
2020 - Industrial Control Systems Cyberattack Trends and Countermeasures
Computer Communications
journal homepage: www.elsevier.com/locate/comcom
Review
Contents
1. Introduction ....................................................................................................................................................................................................... 2
2. Case studies of ICS attacks .................................................................................................................................................................................. 2
2.1. DoS attack on the servers at Davis-Besse nuclear power plant ..................................................................................................................... 2
2.1.1. Goal of the attack ..................................................................................................................................................................... 2
2.1.2. Description of the attack............................................................................................................................................................ 2
2.1.3. Consequences............................................................................................................................................................................ 3
2.1.4. Solution.................................................................................................................................................................................... 3
2.2. Stuxnet attack on Natanz nuclear facility .................................................................................................................................................. 3
2.2.1. Goal of the attack ..................................................................................................................................................................... 3
2.2.2. Description of the attack............................................................................................................................................................ 4
2.2.3. Consequences............................................................................................................................................................................ 4
2.2.4. Solution.................................................................................................................................................................................... 4
2.3. German steel mill attack .......................................................................................................................................................................... 5
2.3.1. Goal of the attack ..................................................................................................................................................................... 5
2.3.2. Description of the attack............................................................................................................................................................ 5
2.3.3. Consequences............................................................................................................................................................................ 5
2.3.4. Solution.................................................................................................................................................................................... 5
2.4. Cyberattack on the Ukrainian power grid .................................................................................................................................................. 5
2.4.1. Goal of the attack ..................................................................................................................................................................... 5
2.4.2. Description of the attack............................................................................................................................................................ 5
2.4.3. Consequences............................................................................................................................................................................ 5
2.4.4. Solution.................................................................................................................................................................................... 5
2.5. Chemical mix changed at a water treatment plant ..................................................................................................................................... 6
2.5.1. Goal of the attack ..................................................................................................................................................................... 6
2.5.2. Description of the attack............................................................................................................................................................ 6
2.5.3. Consequences............................................................................................................................................................................ 6
2.5.4. Solution.................................................................................................................................................................................... 6
2.6. Watershed attack on Saudi Arabian petrochemical plant ............................................................................................................................. 6
2.6.1. Goal of the attack ..................................................................................................................................................................... 6
2.6.2. Description of the attack............................................................................................................................................................ 6
2.6.3. Consequences............................................................................................................................................................................ 6
∗ Corresponding author.
E-mail address: [email protected] (V. Chamola).
https://doi.org/10.1016/j.comcom.2020.03.007
Received 16 December 2019; Received in revised form 15 February 2020; Accepted 3 March 2020
Available online 9 March 2020
0140-3664/© 2020 Elsevier B.V. All rights reserved.
T. Alladi, V. Chamola and S. Zeadally Computer Communications 155 (2020) 1–8
2.6.4. Solution.................................................................................................................................................................................... 6
2.7. Notpetya cyberattack ............................................................................................................................................................................... 7
2.7.1. Goal of the attack ..................................................................................................................................................................... 7
2.7.2. Description of the attack............................................................................................................................................................ 7
2.7.3. Consequences............................................................................................................................................................................ 7
2.7.4. Solution.................................................................................................................................................................................... 7
3. Lessons learned and protection measures for ICS ................................................................................................................................................... 7
3.0.1. Lessons learnt ........................................................................................................................................................................... 7
3.0.2. Protection measures for ICS ....................................................................................................................................................... 7
4. Conclusion ......................................................................................................................................................................................................... 7
Declaration of competing interest ......................................................................................................................................................................... 7
Acknowledgments ............................................................................................................................................................................................... 8
References.......................................................................................................................................................................................................... 8
2
T. Alladi, V. Chamola and S. Zeadally Computer Communications 155 (2020) 1–8
Table 1
Comparison with other studies on cyberattacks on ICSs.
S. No. Year Study Feature Ref.
1 2004 The Myths and Facts behind Cyber Security Risks Summarizes various types of incidents collected in the Industrial [9]
for Industrial Control Systems Security Incident Database (ISID) of the British Columbia Institute
of Technology (BCIT). It describes events that directly affected the
process control systems and discusses the lessons learned from them.
2 2011 A Taxonomy of Cyber Attacks on SCADA Systems Highlights the difference between SCADA systems and standard IT [10]
systems and presents a set of security property goals. It also
classifies cyber-induced cyber–physical attacks on SCADA systems.
3 2012 A Survey of SCADA and Critical Infrastructure Selected set of attacks on ICSs which have been classified by factors [11]
Incidents such as source sector, impact, and so on, to understand their nature
and how they can be mitigated in the future.
4 2013 Industrial control systems security: What is Presents a broad overview of ICS security research with a focus on [12]
happening? process control systems.
5 2015 A survey of cyber security management on Surveys approaches for measuring and managing ICS security and [13]
industrial control systems provides an agenda for future research on risk management
activities in ICSs.
6 2015 Analysis of cyber security for industrial control Presents an overview and analysis on ICS architectures and [14]
systems communication protocols and what makes them different from IT
and focuses on different threats and vulnerabilities.
7 2015 A survey of approaches combining safety and Comprehensive review of methods and techniques that consider [15]
security for industrial control systems both safety and security concerns that have been proposed in the
literature, and provide a comparative analysis of these different
approaches.
8 2015 A Survey of Industrial Control System Testbeds Surveys ICS testbeds that have been proposed for scientific research [16]
to facilitate vulnerability analysis, education and tests of defense
mechanisms.
9 2016 The Cybersecurity Landscape in Industrial Control Surveys general ICS cyber security landscape and discusses attacks [17]
Systems and defenses at various levels of abstraction in an ICS from the
hardware level to the process level.
10 2018 A survey on security control and attack detection Surveys cyber-attack schemes and defense strategies in industrial [18]
for industrial cyber-physical systems CPSs from the perspective of control theory and proposes several
open research issues.
11 2018 Designing Safe and Secure Industrial Control Reviews current research trends in ICSs and presents a tutorial on [19]
Systems: A Tutorial Review the design of safe and secure ICSs.
12 2019–20 This paper Analyzes attacks on ICSs in last 20 years and discusses each attack
in terms of its goal, description, impact, and potential solution to
mitigate it.
slow down the servers, resulting in a DoS attack on the host servers.
Microsoft had already released a patch for the issue six months before
the attack but the plant’s servers were not updated. The attack is
depicted pictorially in Fig. 1.
2.1.3. Consequences
After the worm penetrated the computer network at the plant, it
disabled the SPDS for almost 5 h. Even though this attack did not pose
any safety hazard (as the plant was offline), it demonstrated the fact
that the computerized Nuclear Control and Monitoring Systems (NCMS)
once compromised could have devastating consequences.
2.1.4. Solution
The 𝑆𝑙𝑎𝑚𝑚𝑒𝑟 worm penetrated an unsecured network of one of Fig. 1. DoS attack on the servers at Davis-Besse nuclear power plant.
3
T. Alladi, V. Chamola and S. Zeadally Computer Communications 155 (2020) 1–8
Table 2
History of major ICS attacks.
Year ICS Attack vector Consequences
2003 Davis–Besse nuclear power Slammer worm Safety monitoring system was disabled for 5 h.
plant, US [11]
2005 DaimlerChrysler automobile Zotob worm Stopped production at several sites.
plants, US [20]
2010 Natanz nuclear facility, Iran Stuxnet malware via USB Destruction of centrifuge tubes at the Uranium
[21] drive enrichment facility.
2014 German steel mill, Germany Email phishing/malware Blast furnaces were inappropriately shutdown
[22] leading to Loss of Control (LoC) [22] for the plant
operators which caused physical damage to the
system and process interruption.
2014 Energy companies in US and Havex malware Attackers compromised a number of strategically
Europe [23] important organizations like energy grid operators,
major electricity generation companies, petroleum
pipeline operators for spying purposes and had
capacity to disrupt the energy supplies in affected
countries.
2015 Kemuri Water treatment plant, SQL injection and phishing Personal information of 2.5 million customers
US [24] leaked.
2015 Power grid, Ukraine [25] Spear phishing/ Power outage for around 225 thousand users,
BlackEnergy3 malware credentials stolen.
2016 Power grid, Ukraine [26] Industroyer malware 20% of Ukraine’s capital, Kiev was disconnected
from the grid for 1 h.
2017 Multiple businesses worldwide Notpetya ransomware Starting from a Ukranian software firm it spread
[27] to the pharmaceutical company Merck, the snack
company Mondelez and some other big industries
worldwide, leading to a combined financial loss of
over 10 billion dollars.
2017 Petrochemical plant, Saudi Triton malware Cripples safety systems in the plant
Arabia [28]
2018 Taiwan chipmaker TSMC [29] WannaCry ransomware Shuts down several iPhone production plants.
2019 Eyeglass lens manufacturer Unnamed virus Partial shutdown of its factory.
Hoya, Thailand [30]
2.2.3. Consequences
These attacks on CDS and CPS were repeated to disrupt the cen-
Fig. 2. Attack vectors in Stuxnet attack on Natanz facility.
trifuge system through overpressure and by altering the rotor speeds.
The 𝑆𝑡𝑢𝑥𝑛𝑒𝑡 malware disrupted the nuclear program of Iran and demon-
strated the impact of cyber-physical attacks.
2.2.2. Description of the attack
After injecting the malware into the plant’s network layer through 2.2.4. Solution
an infected USB drive, it took over the Programmable Logic Controllers By intercepting the interactions among the various entities such as
(PLCs). It had a control logic implemented to record and replay the sensors, PLCs, SCADA systems and the operators, the plant was ren-
sensor values of the rotor vibration and pressure. The valves of the first dered vulnerable to the attack. The control loops among these entities
and the last stage centrifuges were shut off along with the exhaust valve should be properly authenticated and the results of their feedback
through a re-calibration of pressure sensors of the respective valves by loops verified. To launch such an attack, they needed information
the malware. A second vector was then used to attack the Centrifuge regarding plant architecture. The attackers seem to have been engaged
Drive System (CDS), which controlled the rotor speeds of the centrifuge in reconnaissance and data collection about the plant’s systems through
system. The malware used copies of stolen digital certificates and posed the data released by the Iranian government. This information was
as a legitimate driver software for the Windows Operating System (OS). revealed through footage of the plant’s monitoring software which
The rotors are critical systems and when their operating speed is above was broadcasted on a local news network. Such sensitive information
the critical speed, the harmonics (distortions in power systems) are should be safeguarded in the first place. Although network segregation
triggered which can damage the rotor walls. The centrifuges used for using firewalls and air gaps helps prevent unauthorized access to the
enrichment were fragile and their failure was tolerated by the in-built plant’s system, the attackers used a workaround method to bypass
protection system called Cascade Protection System (CPS). The CPS such solutions by infecting personal computers of the people who have
helped in isolating the troubled centrifuge tubes through the vibration legitimate physical access to the plant’s system. Personal hardware
sensors, leading to an increase in pressure caused by the shutting-off of devices such as USB drives should be sanitized before allowing them
multiple isolated tubes. Once the rotors were damaged, the CPS isolated to connect to the plant’s ICS. Antivirus software cannot always be
the centrifuges. Multiple rotor damages resulted in shutting down all trusted to prevent custom made malware because they work based on
4
T. Alladi, V. Chamola and S. Zeadally Computer Communications 155 (2020) 1–8
because the damage caused by their malware could have been a lot
worse, but instead, it was a warning to the business proprietors.
2.4.2. Description of the attack
2.3.2. Description of the attack It was a spear-phishing attack in which emails with Microsoft
The adversary infiltrated into the facility’s corporate network via Word documents containing macros (tools used to automate frequently
phishing emails. The victims were sent fraudulent emails containing executed tasks) as attachments were sent out to the recipients, with
attached PDF files from spoofed email addresses. A malware had been the intention of installing the 𝐵𝑙𝑎𝑐𝑘𝐸𝑛𝑒𝑟𝑔𝑦3 (BE3) malware on the
inserted into these PDF files, which infected the corporate network recipients’ computers, as shown in Fig. 3. BE3 was then used to gather
software upon downloading and opening the files. The adversaries then information about the network, thus providing a foothold for the
worked their way up to the management software and into the ICS attackers into the corporate network. Using the collected information,
network of the plant, thereby taking control of its control systems. Once the attackers were able to gain access to the corporate user accounts’
they had access to the control systems, they strategically destroyed the credentials. They used these credentials to directly log into the ICS
Human Machine Interface (HMI) components. Furthermore, they pre- network from the external network through an encrypted tunnel. Fur-
vented the operation of the mill’s blast furnace by disabling the security thermore, the attackers launched a Telephony Denial of Service (TDoS)
settings and caused severe damage to the industrial infrastructure. attack that flooded the call centers to block the real customer calls from
getting through. They also disabled the Uninterruptible Power Supplies
2.3.3. Consequences (UPSs) and corrupted the firmware of several Remote Terminal Units
The blast furnaces were shut down leading to significant damages (RTUs), which were meant to transmit data to the SCADA systems.
to the system. This attack serves as an eye-opener to the ICS businesses. Finally, they executed the 𝐾𝑖𝑙𝑙𝐷𝑖𝑠𝑘 utility to wipe out the control
The cyberattack survived by the German steel mill shows that the ad- centers’ Human Machine Interface (HMI) systems and several other
versaries can cause significant damage to the industry’s production-line important workstations.
infrastructure. The attackers have demonstrated their abilities.
2.4.3. Consequences
2.3.4. Solution It was a large scale attack that was directed at the distribution
Attackers gained entry into the ICS by using a connection between systems of six energy companies but was successful only in three of
the corporate network and the Operational Technology (OT) network. them. The attackers managed to penetrate the other three but were not
To safeguard against such intrusions, the interconnections between the able to compromise their operations. Approximately 225,000 customers
corporate network and the OT network should be protected by using were affected by this power outage. It was also reported that thousands
tools such as firewalls and defense systems. Furthermore, the number of user credentials were stolen during this attack.
of connection interfaces between the OT network and the corporate
network should be minimized [33]. This would create checkpoints 2.4.4. Solution
which can be monitored easily with Network Security Monitoring This attack involved email phishing, in which emails with malicious
(NSM) utilities. NSM allows security personnel to actively monitor attachments were sent to different people within the organization. It
network communications to discover network anomalies. Along with is recommended to include user awareness training and whitelisting
creating checkpoints, certificate-based signature schemes and encryp- applications to prevent malware. Attackers can still use different types
tion schemes can also be deployed for interaction between the OT and of social engineering methods to target the organization. Since these
corporate IT networks [34,35]. attacks use targeted emails and Internet-connected assets, communica-
tions with these assets should be segmented, monitored and controlled.
2.4. Cyberattack on the Ukrainian power grid Sandboxing technology can be used to test documents and emails com-
ing into the network. Proxy systems can be deployed to control inbound
2.4.1. Goal of the attack and outbound communication paths. This attack used a malware called
The cyberattack that occurred on the Ukranian power grid took 𝐵𝑙𝑎𝑐𝑘𝐸𝑛𝑒𝑟𝑔𝑦3 for establishing a foothold into the network and to steal
place in 2015. In this attack, the attackers caused a temporary mal- credentials. Organizations can acquire YARA rules [37] (YARA rules
function of the power distribution system, leading to a power outage in are a way of identifying malware by creating rules that look for specific
three provinces in Ukraine [36]. It is believed that this attack was part characteristics) for the latest indicators of compromise to counter the
of a larger espionage operation carried out worldwide with the support malware. To prevent attackers from getting remote access to ICS,
of the Russian government, to destabilize the political atmosphere in there is a need for strong authentication and encrypted communication
Eastern Europe. during remote access. In case the control system is compromised, we
5
T. Alladi, V. Chamola and S. Zeadally Computer Communications 155 (2020) 1–8
2.5.4. Solution
According to reports published by the security firm Vericlave [39]
and other sources [40] the primary attack vectors used in the security
breach of KWC’s internal AS/400 system could have been a Structured
Query Language (SQL) injection attack and email phishing. The at-
tackers hacked into the company’s system by exploiting a vulnerability
on the company’s payment portal connected to the Internet. Executing
basic network hygiene and best practices would lower the risk of such
attacks being successful, but will not really prevent access to the critical
systems if the attacker still figures out how to penetrate the business
network. To address this situation, the Operational Technology systems
(OT) must be separated from the external network. To ensure that OT-
related applications are in an isolated zone we need to use a Firewall
between the corporate network and the OT network. Regardless of
whether the attacker figures out how to get access to the corporate
network, the OT system would be unreachable to him/her because
access to the OT system would be given to the users only after cor-
rect validation. Cybersecurity could be further improved by following
the International Electrotechnical Commission (IEC) 62443 which is a
global standard for the security of ICS networks. When ICS and OT net-
Fig. 4. Chemical mix changed at water treatment plant by hackers. works co-exist in an enterprise, this standard suggests segmenting the
networks into zones based on accessibility criterion. It also recommends
steps to be followed by the industry operators for gathering data to be
should quickly isolate the control system so that remote access can be secured, assessment of network security, building countermeasures and
temporarily disabled. Backups should be taken at regular intervals so solutions and deploying them in a phased manner.
that systems can be easily restored even after a utility such as 𝐾𝑖𝑙𝑙𝐷𝑖𝑠𝑘
2.6. Watershed attack on Saudi Arabian petrochemical plant
is used to wipe the disks clean.
2.6.1. Goal of the attack
In 2017, the safety system for industrial control units (known as
2.5. Chemical mix changed at a water treatment plant
Triconex industrial safety technology) was targeted by hackers at a
petrochemical plant in Saudi Arabia [41]. Although the attackers in-
2.5.1. Goal of the attack tended to cause physical damage to the plant, a defect in their malware
A water treatment plant in the USA was hacked in 2015 by a code inadvertently led to a shutdown of the operations.
suspected Syrian hacktivist group [38]. As the plant’s specific location
and name were not released due to safety reasons, we will use the 2.6.2. Description of the attack
The hackers used a malware called Triton for gaining remote access
pseudonym Kemuri Water Company (KWC) for the utility. The inten-
to the Safety Instrumented System (SIS) and to alter its codebase, as
tion behind this attack is still unclear. Although personal data of the
shown in Fig. 5. SIS is responsible for maintaining operational safety in
customers was exposed, there is no evidence that this information was the industrial plant, with each controller having fallback failsafe modes.
misused. When the attack occurred, the devices went into the failsafe mode,
causing operations to pause at multiple facilities and hence triggering
a shutdown. Security alerts were sent to all the 𝑇 𝑟𝑖𝑐𝑜𝑛𝑒𝑥 users, thus
2.5.2. Description of the attack helping in detecting the attack.
KWC’s plant had an old IBM AS/400-based SCADA system for
managing the PLCs to regulate the flow of water and chemicals by 2.6.3. Consequences
managing valves and ducts in the plant. The attackers extracted login This attack is often called a Watershed attack, indicating possible
credentials for the system from the front-end web server to access the future attacks on the ICS infrastructure across the globe. The attackers
plant’s water control software which was also running on the same would learn the working of the safety systems to possibly launch large
scale attacks in the future intended to disrupt or damage the plant’s
AS/400 system. As this system was central to most IT operations in this
operations.
plant, access to this control system allowed hackers to control most of
the other equipment in the plant. Fig. 4 shows the details of the attack. 2.6.4. Solution
One approach to prevent the above attack is to isolate the safety
system networks from other networks such as the process control
2.5.3. Consequences network and the information system networks. Workstations that are
At least two instances were identified where hackers were able used for working with SIS, should have a single channel communication
to use the PLC’s web interface to alter the quantity of some of the with the Distributed Control System (DCS) so that any vulnerability
chemicals that were used in treating water, which in turn hampered cannot be introduced into SIS using this channel. DCS is a specially
the plant’s production and thus increased the recovery time to replenish designed computerized control system for the plant. Blockchain tech-
the water supplies. Even though the attackers were able to manipulate nology which is being widely adopted for distributed and decentralized
the valves that control the chemical flow, there was no impact on the applications can also be leveraged for control and data management in
DCS [42]. Hardware features that provide the physical capability to
plant’s operation. The attackers did not seem to have much knowledge
program safety features on 𝑇 𝑟𝑖𝑐𝑜𝑛𝑒𝑥 controllers should not be left in
of the SCADA systems, else it could have been a critical security breach,
programming/debug mode when not in use [43]. Access control and
leading to serious consequences to the plant as well as the surrounding application whitelisting must be implemented on any server that can
areas which rely on water from this plant. Personal information of reach the SIS system through the network. ICS network traffic must
about 2.5 million customers was also reported to have been leaked from be regularly monitored for unpredictable communication streams and
their database. other anomalous activity.
6
T. Alladi, V. Chamola and S. Zeadally Computer Communications 155 (2020) 1–8
7
T. Alladi, V. Chamola and S. Zeadally Computer Communications 155 (2020) 1–8
Acknowledgments [23] Dragonfly: Western energy companies under sabotage threat, 2014,
[Online]; https://www.symantec.com/connect/blogs/dragonfly-western-energy-
We thank the anonymous reviewers for their valuable comments companies-under-sabotage-threat. (Accessed 30 Jun 2014).
[24] K. Kimani, V. Oduol, K. Langat, Cyber security challenges for IoT-based smart
which helped us improve the content and presentation of this paper.
grid networks, Int. J. Crit. Infrastruct. Prot. 25 (2019) 36–49.
[25] R. Khan, P. Maynard, K. McLaughlin, D.M. Laverty, S. Sezer, Threat analysis of
References blackenergy malware for synchrophasor based real-time control and monitoring
in smart grid, in: ICS-CSR, Vol. 16, 2016, pp. 1–11.
[1] The state of industrial cybersecurity 2017, 2017, [Online]; https://go.kaspersky. [26] A. Cherepanov, R. Lipovsky, Industroyer: Biggest Threat to Industrial Control
com/rs/802-IJN-240/images/ICS%20WHITE%20PAPER.pdf. (Accessed 12 April Systems Since Stuxnet, Vol. 12, WeLiveSecurity, ESET, 2017.
2019). [27] M. McQuade, The Untold Story of NotPetya, The Most Devastating Cyberattack
[2] T. Alladi, V. Chamola, R.M. Parizi, K.-K.R. Choo, Blockchain applications for in History, Wired, 2018.
industry 4.0 and industrial IoT: A review, IEEE Access 7 (2019) 176935–176951. [28] N.H.C. Guzman, M. Wied, I. Kozine, M.A. Lundteigen, Conceptualizing the key
[3] A. Jindal, A. Schaeffer-Filho, A. Marnerides, P. Smith, A. Mauthe, L. Granville, features of cyber-physical systems in a multi-layered representation for safety
Tackling Energy Theft in Smart Grids through Data-driven Analysis, IEEE, 2019. and security analysis, Syst. Eng. (2019) 1–22.
[4] T. Alladi, V. Chamola, J.J. Rodrigues, S.A. Kozlov, Blockchain in smart grids: A [29] M. Kumar, TSMC chip maker blames wannacry malware for production halt,
review on different use cases, Sensors 19 (22) (2019) 4862. 2018, The Hacker News. Disponible en: https://thehackernews.com/2018/08/
[5] H. Xu, W. Yu, D. Griffith, N. Golmie, A survey on industrial internet of things: tsmc-wannacry-ransomware-attack.html. (Consultado 28 August 2018).
A cyber-physical systems perspective, IEEE Access 6 (2018) 78238–78259. [30] Hoya cyberattack, 2019, [Online]; https://www.cyberscoop.com/hoya-
[6] C. Alcaraz, S. Zeadally, Critical infrastructure protection: Requirements and cyberattack-cryptojacking-thailand/. (Accessed 13 February 2020).
challenges for the 21st century, Int. J. Crit. Infrastruct. Prot. 8 (2015) 53–66. [31] Slammer worm and David-Besse nuclear plant, 2015, [Online]; http://large.
[7] A. Jindal, A.K. Marnerides, A. Scott, D. Hutchison, Identifying security challenges
stanford.edu/courses/2015/ph241/holloway2/. (Accessed 12 April 2019).
in renewable energy systems: a wind turbine case study, in: Proceedings of
[32] A. Nourian, S. Madnick, A systems theoretic approach to the security threats
the Tenth ACM International Conference on Future Energy Systems, 2019, pp.
in cyber physical systems applied to stuxnet, IEEE Trans. Dependable Secure
370–372.
Comput. 15 (1) (2015) 2–13.
[8] G.S. Aujla, A. Singh, N. Kumar, AdaptFlow: Adaptive flow forwarding scheme
[33] V. Hassija, V. Chamola, V. Saxena, D. Jain, P. Goyal, B. Sikdar, A survey on
for software defined industrial networks, IEEE Internet Things J. (2019).
IoT security: application areas, security threats, and solution architectures, IEEE
[9] E. Byres, J. Lowe, The myths and facts behind cyber security risks for industrial
Access 7 (2019) 82721–82743.
control systems, in: Proceedings of the VDE Kongress, Vol. 116, 2004, pp.
213–218. [34] G.K. Verma, B. Singh, N. Kumar, V. Chamola, CB-CAS: Certificate-based efficient
[10] B. Zhu, A. Joseph, S. Sastry, A taxonomy of cyber attacks on SCADA systems, signature scheme with compact aggregation for industrial internet of things
in: 2011 International Conference on Internet of Things and 4th International environment, IEEE Internet Things J. (2019).
Conference on Cyber, Physical and Social Computing, IEEE, 2011, pp. 380–388. [35] G. Deep, R. Mohana, A. Nayyar, P. Sanjeevikumar, E. Hossain, Authentication
[11] B. Miller, D.C. Rowe, A survey SCADA of and critical infrastructure incidents, protocol for cloud databases using blockchain mechanism, Sensors 19 (20) (2019)
RIIT 12 (2012) 51–56. 4444.
[12] M. Krotofil, D. Gollmann, Industrial control systems security: What is happen- [36] Y. Xiang, L. Wang, N. Liu, Coordinated attacks on electric power systems in a
ing? in: 2013 11th IEEE International Conference on Industrial Informatics, cyber-physical environment, Electr. Power Syst. Res. 149 (2017) 156–168.
INDIN, IEEE, 2013, pp. 670–675. [37] S. Kim, J. Kim, S. Nam, D. Kim, WebMon: ML-and YARA-based malicious
[13] W. Knowles, D. Prince, D. Hutchison, J.F.P. Disso, K. Jones, A survey of cyber webpage detection, Comput. Netw. 137 (2018) 119–131.
security management in industrial control systems, Int. J. Crit. Infrastruct. Prot. [38] O. Andreeva, S. Gordeychik, G. Gritsai, O. Kochetova, E. Potseluevskaya, S.I.
9 (2015) 52–80. Sidorov, A.A. Timorin, Industrial Control Systems Vulnerabilities Statistics,
[14] Z. Drias, A. Serhrouchni, O. Vogel, Analysis of cyber security for industrial Report, Kaspersky Lab, 2016.
control systems, in: 2015 International Conference on Cyber Security of Smart [39] Vericlave – the kemuri water company hack, 2018, [Online]; https:
Cities, Industrial Control System and Communications, SSIC, IEEE, 2015, pp. 1–8. //www.vericlave.com/wp-content/uploads/2018/10/Vericlave_WhitePaper_
[15] S. Kriaa, L. Pietre-Cambacedes, M. Bouissou, Y. Halgand, A survey of approaches KemuriWater_1018_F.pdf. (Accessed 12 April 2019).
combining safety and security for industrial control systems, Reliab. Eng. Syst. [40] S. Adepu, V.R. Palleti, G. Mishra, A. Mathur, Investigation of cyber attacks on
Saf. 139 (2015) 156–178. a water distribution system, 2019, arXiv preprint arXiv:1906.02279.
[16] H. Holm, M. Karresand, A. Vidström, E. Westring, A survey of industrial control [41] N. Perlroth, C. Krauss, A cyberattack in Saudi Arabia had a deadly goal. Experts
system testbeds, in: Nordic Conference on Secure IT Systems, Springer, 2015, fear another try, N.Y. Times 15 (2018).
pp. 11–26. [42] M. Zhaofeng, W. Xiaochang, D.K. Jain, H. Khan, G. Hongmin, W. Zhen, A
[17] S. McLaughlin, C. Konstantinou, X. Wang, L. Davi, A.-R. Sadeghi, M. Maniatakos,
blockchain-based trusted data management scheme in edge computing, IEEE
R. Karri, The cybersecurity landscape in industrial control systems, Proc. IEEE
Trans. Ind. Inf. (2019).
104 (5) (2016) 1039–1057.
[43] T. Alladi, V. Chamola, B. Sikdar, K.-K.R. Choo, Consumer iot: Security vulner-
[18] D. Ding, Q.-L. Han, Y. Xiang, X. Ge, X.-M. Zhang, A survey on security control
ability case studies and solutions, IEEE Consum. Electron. Mag. 9 (2) (2020)
and attack detection for industrial cyber-physical systems, Neurocomputing 275
17–25.
(2018) 1674–1683.
[44] S. Furnell, D. Emm, The ABC of ransomware protection, Comput. Fraud Secur.
[19] D. Serpanos, M.T. Khan, H. Shrobe, Designing safe and secure industrial control
2017 (10) (2017) 5–11.
systems: a tutorial review, IEEE Des. Test 35 (3) (2018) 73–88.
[20] S. McLaughlin, Securing control systems from the inside: A case for mediating [45] G. Bansal, Naren, V. Chamola, B. Sikdar, N. Kumar, M. Guizani, Lightweight
physical behaviors, IEEE Secur. Priv. 11 (4) (2013) 82–84. mutual authentication protocol for V2G using physical unclonable function, IEEE
[21] J.P. Farwell, R. Rohozinski, Stuxnet and the future of cyber war, Survival 53 (1) Trans. Veh. Technol. (2020).
(2011) 23–40. [46] D.K. Jain, et al., An evaluation of deep learning based object detection strategies
[22] R.M. Lee, M.J. Assante, T. Conway, German steel mill cyber attack, Ind. Control for threat object detection in baggage security imagery, Pattern Recognit. Lett.
Syst. 30 (2014) 62. 120 (2019) 112–119.