Vulnerabilities in Cyber Physical Systems
Vulnerabilities in Cyber Physical Systems
POOJA MOHAPATRA
UNIVERSITY OF TEXAS at SAN ANTONIO , [email protected]
INTRODUCTION
“I have opted for the Cyber Physical system vulnerabilities. Despite their numerous advantages, CPS systems are prone to
various cyber and/or physical security threats, attacks and challenges. This is due to their heterogeneous nature, their reliance
on private and sensitive data, and their large scale deployment. As such, intentional or accidental exposures of these systems
can result into catastrophic effects, which makes it critical to put in place robust security measures. However, this could lead
to unacceptable network overhead, especially in terms of latency. Also, zero-day vulnerabilities should be minimized with
constant software, applications and operating system updates. CPS systems have been integrated into critical infrastructures
(smart grid, industry, supply chain, healthcare, military, agriculture, etc.), which makes them an attractive target for security
attacks for various purposes including economical, criminal, military, espionage, political and terrorism as well. Thus, any
CPS vulnerability can be targeted to conduct dangerous attacks against such systems. Different security aspects can be targeted
including confidentiality, integrity, and availability. In order to enable the wide adoption and deployment of CPS systems and
to leverage their benefits, it is essential to secure these systems from any possible attack, internal or/and external, passive or
active.
Spoofing: it consists of masquerading the identity of a trusted entity by a malicious unknown source. In this case,
attackers are capable of spoofing sensors, for example, by sending misleading and/or false measurements to the
control centre.
Sabotage: Sabotage consists of intercepting the legal communication traffic and redirecting it to malicious third
party or disrupting the communication process. For example, attackers can sabotage physically exposed CPS
components across the power grid, to cause a service disruption or even denial of service that leads to either total or
partial blackout.
Service Disruption or Denial: Attackers are capable of physically tampering with any device to disrupt a service
or to change the configuration. This has serious effects, especially in the case of medical applications.
Tracking: Since devices are physically exposed, an attacker can gain access to a given device, and/or even attach a
malicious device or track the legal ones.”
-Jean-Paul A. Yaacoub, Ola Salman, Hassan N. Noura, Nesrine Kaaniche, Ali Chehab,
and Mohamad Malli.8th July 2020.Cyber-physical systems security: Limitations, issues and future trends
-
The paper focuses on two of the CPS vulnerabilities recently discovered A hidden infrastructure that transports critical care
items within all modern hospitals, lies in plain sight - the pneumatic tube system (PTS). This critical infrastructure is
responsible for delivering medications, blood products, and various lab samples across multiple departments of the hospital.
Using pneumatic tubes, blowers, diverters, stations and a central management server, this system is essentially the equivalent
of a computer network, for physical packets . Modern PTS systems are IP-connected, and offer advanced features, such as
secure transfers (using RFID and/or password-protected carriers), slow transfers (for carriers containing sensitive cargo), and
remote system monitoring -- that enables the on premise PTS system to be monitored and controlled through the Cloud.
Despite the prevalence of these systems, and the reliance of hospitals on their availability to deliver care, the security of these
systems has not been thoroughly analysed to date. The research papers talk about nine critical vulnerabilities discovered in the
firmware of the PTS station of one of the most popular vendors, used by thousands of hospitals in North America. These
vulnerabilities can enable an unauthenticated attacker to take over PTS stations and essentially gain full control over the PTS
network of a target hospital. This type of control could enable sophisticated and worrisome ransomware attacks that can range
from denial-of-service of this critical infrastructure, to full-blown man-in-the-middle attacks that can alter the paths of this
networks' packages, resulting in deliberate sabotage of the workings of the hospital. This report will emphasize the importance
of researching embedded systems that operate systems that may look gray and unimportant, but nevertheless power
infrastructure in mission-critical environments such as healthcare facilities.A series of vulnerabilities in internet of things (IoT)
devices often found in connected hotel rooms allowed a researcher to take control of multiple rooms' amenities – and punish
a loud neighbour. An inadvertent bug hunt began when Kya Supa, security consultant at LEXFO, was traveling overseas on
vacation.
1
1. A Hole in the Tube: Uncovering Vulnerabilities in Pneumatic Tube System(PTS)
TransLogic is installed in more than 2,300 hospitals in North America and over 3,000 worldwide. The majority of hospitals in
North America use Swisslog TransLogic as their PTS solution. TransLogic is one of the most advanced PTS systems in the
market, supports high-load, advanced features, reliability and even physicalsecurity features. The Swisslog PTS system is vital
to hospital operations as it automates logistics and the transport of materials throughout the hospital via a network of pneumatic
tubes. The system is designed so that hospitals can provide better patient care with automated material transport that includes
highly sensitive materials such as lab specimens, blood products, pathology lab tests, medications, and more. Prior to the use
of PTS systems, hospitals were required to transfer the various items manually. Today due to their wide adoption, these systems
are vital for proper workflow of hospital operations.9 vulnerabilities were discovered in Swisslog’s Translogic Pneumatic
Tube System. Critical vulnerabilities were found in the Nexus Station – A prominent PTS station by Swisslog: Hardcoded
Passwords, Privilege Escalation, Heap & Stack overflows (can lead to RCE), DoS, and non-secure firmware upgrade
mechanism. All vulnerabilities can be triggered via unauthenticated network packets, without any user-interaction. Disclosed
to Swisslog on May 1, 2021, working together to patch & test. PTS systems transfer physical carriers throughout hospitals
using a complex network of: Tubes, Blowers, Transfer Units (Routers) and Stations. The entire system is managed over
Ethernet by a central server.
1. Hard coded passwords : Hardcoded Passwords, also often referred to as Embedded Credentials, are plain text passwords
or other secrets in source code. Password hardcoding refers to the practice of embedding plain text (non-encrypted) passwords
and other secrets (SSH Keys, DevOps secrets, etc.) into the source code. Default, hardcoded passwords may be used across
many of the same devices, applications, systems, which helps simplify set up at scale, but at the same time, poses considerable
cybersecurity risk.
Hardcoded passwords are particularly dangerous because they are easy targets for password guessing exploits, allowing
hackers and malware to hijack firmware, devices (such as health monitoring equipment), systems, and software. The same
hardcoded password, or a limited number of them, are often used across all applications (many that require elevated privileges
to function) or devices produced by a manufacturer/software development company within a particular series, release, or
model. So, once a hacker knows the default password, they can potentially access all similar devices or application instances.
This kind of exploit has resulted in some massive cyber-attacks (two of which are detailed below), that have caused massive
security breaches, worldwide outages, and even jeopardized critical infrastructure.
2. Privilege Escalation : Privilege escalation is a type of network attack used to gain unauthorized access to systems within a
security perimeter.
Attackers start by finding weak points in an organization’s defenses and gaining access to a system. In many cases that first
point of penetration will not grant attackers with the level of access or data they need. They will then attempt privilege
escalation to gain more permissions or obtain access to additional, more sensitive systems.
In some cases, attackers attempting privilege escalation find the “doors are wide open” – inadequate security controls, or
failure to follow the principle of least privilege, with users having more privileges than they actually need. In other cases,
attackers exploit software vulnerabilities, or use specific techniques to overcome an operating system’s permissions
mechanism.
3. Underflow in udpRXThread (RCE) : A buffer overflow issue was discovered in the HMI3 Control Panel contained within
the Swisslog Healthcare Nexus Panel, operated by released versions of software before Nexus Software 7.2.5.7. A buffer
overflow allows an attacker to overwrite an internal queue data structure and can lead to remote code execution.
4. Bad memcpy (CVE-2020-6096) : An exploitable signed comparison vulnerability exists in the ARMv7 memcpy()
implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation)
with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num'
parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and
potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in
scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and
iterations of this code will be executed with this corrupted data.
5. Overflow in sccProcessMsg (RCE) : Four memory corruption bugs in the implementation of the TLP20 protocol as used
in the Nexus Control Panel, that can lead to remote-code-execution and denial-of-service.
2
6. GUI socket DOS in tcpServerThread : A denial-of-service vulnerability that is a result of the GUI process on the Nexus
Control Panel binding a local service on all interfaces, allowing external connections to hijack its connection. This can allow
an attacker to mimic the GUI commands versus the low-level process that controls the Nexus Control Panel, effectively
accessing all GUI commands through the network.
7. Overflow in hmiProcessMsg (RCE) : One of the four memory corruption bugs in the implementation of the TLP20 protocol
as used in the Nexus Control Panel, that can lead to remote-code-execution and denial-of-service. The TLP20 protocol is the
control protocol for all Translogic stations.
8. Off-by-three stack overflow in tcpTxThread (RCE) : One of the four memory corruption bugs in the implementation of
the TLP20 protocol as used in the Nexus Control Panel, that can lead to remote-code-execution and denial-of-service. The
TLP20 protocol is the control protocol for all Translogic stations.
9. No firmware update verification (RCE) : A design flaw in which firmware upgrades on the Nexus Control Panel are
unencrypted, unauthenticated and do not require any cryptographic signature. This is the most severe vulnerability since it can
allow an attacker to gain unauthenticated remote-code-execution by initiating a firmware update procedure while also
maintaining persistence on the device.
According to the author , Pneumatic Tube Systems require more research as they are critical infrastructure – like electricity or
elevators .The Swisslog case is a classic case of embedded devices gone wrong .Developing robust security mitigations to
safeguard these systems is essential. Adding DOOM to pneumatic systems would make any hospital visit much more
entertaining.
1.3 Exploitation
These vulnerabilities can enable an unauthenticated attacker to take over Translogic PTS stations and essentially gain complete
control over the PTS network of a target hospital. This type of control could enable sophisticated and worrisome ransomware
attacks, as well as allow attackers to leak sensitive hospital information. The risks that are entailed:
1. The PTS system includes the WhoTube integration with a hospital’s access control system. This integration allows
authentication of staff members using their RFID cards, limiting access to PTS stations, and allowing the use of
Secure Transfers, in which carriers are released to a certain individual only when they present their RFID card and/or
password. While these types of advanced features enhance the physical security of the system, they also expose staff
records and their RFID credentials to potential attackers, if the PTS system were to be compromised.
2. The PTS system supports variable speed transactions which, on the one hand allow for express shipment of urgent
items, while on the other, enable the slow transfer of sensitive items, such as blood products that may be harmed if
jolted too quickly within the tubes. If an attacker were to compromise the PTS system, he may alter the system’s
speed restrictions, which can in turn damage such sensitive items.
3. The PTS system offers an alert messaging solution that may integrate with the hospital’s communication solutions,
enabling the notification and tracking of delivered carriers, and alerting the PTS system’s maintenance crew to any
faults in the system. Abusing these communications can interfere with the hospital’s workflows.
Much like a stack buffer overflow, a heap overflow is a vulnerability where more data than can fit in the allocated buffer is
read in. This could lead to heap metadata corruption, or corruption of other heap objects, which could in turn provide new
attack surface. The steps in which the attack takes place is as follows: Off-By-Three Stack Overflow ,Corrupt buffer_to_send
via the stack overflow ,Move buffer_to_send to the .got section where all the fun(c) pointers can be overwritten ,Send another
UDP packet that will trigger the use of the overwritten buffer , Overwrite the memcpy function pointer in the .got section with
a call to a shellcode in the heap.
1.4 Remediation
While patching the vulnerable Translogic PTS stations is essential, external mitigations can also be useful for detection and
preventing attacks on these systems.
Here are mitigation steps that can be used to identify and potentially block the discovered vulnerabilities:
1. Block any use of Telnet (port 23) on the Translogic PTS stations (the Telnet service is not required in production)
2. Deploy access control lists (ACLs), in which Translogic PTS components (stations, blowerd, diverters, etc.) are only
allowed to communicate with the Translogic central server (SCC).
3. Use the following Snort IDS rule to detect exploitation attempts of CVE-2021-37161, CVE-2021-37162 and CVE-
2021-37165:
3
alert udp any any -> any 12345 (msg:"PROTOCOL-OTHER Pwned piper exploitation attempt, Too small and
malformed Translogic packet"; dsize:<21; content:"TLPU"; depth:4; content:"|00 00 00 01|"; distance:4; within:4;
Use the following Snort IDS rule to detect exploitation attempts of CVE-2021-37164:
alert udp any any -> any 12345 (msg:"PROTOCOL-OTHER Pwned piper exploitation attempt, Too large and
reference:url,https://www.armis.com/pwnedPiper; sid:9800001;)
Other than these specific steps, hardening the access to sensitive systems such as PTS solutions, through the use of
network segmentation, and limiting access to such devices through strict Firewall rules, is always good practice, that
should be in use.
Few methodologies are used to bypass the present security protections and how six different vulnerabilities are combined
together and exploited in order to take control of all bedrooms and get revenge on a loud neighbour.
Guided Access bypass : It temporarily restricts your iOS device to a single app , disables areas of the screen that
aren’t relevant to a task, or areas where an accidental gesture might cause a distraction and disables the hardware
buttons.
Usage of WEP : A WEP key can be returned by capturing around 80,000 packets [from the access point], which is
easy to do by executing a simple JavaScript payload that continuously generates address resolution protocol (ARP)
requests. ARP broadcasts a request packet to all the machines on a given network and asks if any of them know they
are using that particular IP address. Setting up a rogue access point (AP) using Android smartphone, connect it to
the iPod touch , caching the payload, connecting the iPod touch back to the Nasnos AP and executing the code. Soon
one can retrieve the key, after which the router will be accessible with default credentials.
Nasnos service available without authentication : In examining the iPod touch’s device settings, the researcher found
that it was enrolled in a mobile device management (MDM) solution, with two saved Wi-Fi networks. One of these
was named Nasnos-CS8700, and it was protected using only WEP – a very old encryption method that’s
been crackable for nearly 20 years.
We cannot turn off the iPod but we can still drain its battery, connect it to power afterwards and reboot the device. Once
we do that, the protection is no longer present and we can access everything – other applications and the iPod touch
settings.
2.2 Exploitation
The researcher found out that you need an NFC badge to access the floor, and the room is controlled by an iPod touch using
Bluetooth and WiFi. After a bit of search, he found that each room had a pair of Internet of Things (IoT) devices from Nasnos
vendor. iPod was under the control of what is called Guided Access - it locks the device to run a single application. The
researcher got control of the device, letting him run out of power and rebooting it, and discovered that Nasnos network used
4
an outdated WEP protocol. In the end, it took six vulnerabilities to take control of his noisy neighbor's room and the whole
hotel.
IoT consumer devices are also named one of the biggest threats to corporate networks. Homes full of IoT devices with little
or poor security standards are already exposing businesses to vulnerabilities. Most home users do not have the time or
inclination to update the passwords or firmware on every device. Meanwhile, ransomware attackers are scanning networks
looking for the easiest entry point via a weak IoT device.
2.3 Remediation
Application Security: Application security describes security measures at the application level that aim to prevent data or
code within the app from being stolen or hijacked. It encompasses the security considerations that happen during application
development and design, but it also involves systems and approaches to protect apps after they get deployed.
Application security may include hardware, software, and procedures that identify or minimize security vulnerabilities. A
router that prevents anyone from viewing a computer’s IP address from the Internet is a form of hardware application security.
But security measures at the application level are also typically built into the software, such as an application firewall that
strictly defines what activities are allowed and prohibited. Procedures can entail things like an application security routine that
includes protocols such as regular testing.
Device settings : Hardening’ a device requires known security ‘vulnerabilities’ to be eliminated or mitigated. A vulnerability
is any weakness or flaw in either the software design, implementation or administration of a system that ultimately provides a
mechanism by which IT systems can be infiltrated and compromised.
Wi-Fi scan : For non-802.11 sources of interference (e.g., microwave ovens, Bluetooth, cordless phones), a spectrum analyser
can help you fingerprint the source. For 802.11 devices, compare survey results to your existing inventory to isolate unknown
devices that require further investigation. Note that looking for activity in bands and channels that you don't normally use can
help you spot devices trying to evade detection. To learn more about how to investigate these "rogue" devices and the risks
they may pose to your WLAN, please read our related tip, Recipe for rogue hunting. Assess the security of any network
infrastructure devices that participate in your wireless subnet, including wireless switches, firewalls, VPN gateways, DNS
servers, DHCP servers, RADIUS servers, Web servers running captive portal login pages and managed Ethernet switches.
Like your APs, all of these devices should be subject to the same penetration tests normally run against Internet-facing servers.
For example, captive portals should be subject to tests normally run against a DMZ Web server, including tests designed to
assess that program/version for known vulnerabilities that may need to be patched.
Most infrastructure tests are not specific to wireless, but additional tests may be appropriate for 802.1X infrastructure. For
example, you may wish to test your RADIUS server's ability to gracefully reject badly-formed EAP messages, including bad
EAP lengths and EAP-of-death.
Traffic analysis : While other network security tools such as firewalls and intrusion detection system (IDS)/intrusion
prevention system (IPS) products focus on monitoring vertical traffic that crosses the perimeter of a network environment,
network traffic analysis solutions are focused on all communications – whether those are traditional TCP/IP style packets,
“virtual network traffic” crossing a virtual switch (or “vSwitch”), traffic from and within cloud workloads, and API calls to
SaaS applications or serverless computing instances. These solutions also focus on operational technology and Internet of
things (IoT) networks that are otherwise completely invisible to the security team. Advanced NTA tools are even effective
when network traffic is encrypted.
One of the most popular of these so-called pneumatic tube system (PTS) stations recently was found to be harboring several
vulnerabilities that attackers could exploit to wage disruptive attacks on this critical hospital delivery system or to steal or leak
sensitive personal information on hospital employees.
The researchers have dubbed the flaws they found in Swisslog's Nexus Control Panel "PwndPiper." The vulnerabilities include
two hard-coded passwords of user and root accounts that are accessible via default and fixed telnet access on the control panel
(CVE-2021-37163) and four memory corruption flaws in the system's native TLP20 control protocol implementation that
could be used for remote code execution and denial-of-service attacks. These are buffer- and stack overflow-type flaws and
have been reported as CVE-2021-37161, CVE-2021-37162, CVE-2021-37165, and CVE-2021-37164.
5
Nexus Control Panel also contains a privilege escalation flaw that could allow root access via telnet and hardcoded credentials
to gain root access (CVE-2021-37167), and a denial-of-service flaw CVE-2021-37166 in the graphical user interface on the
control panel that could allow an attacker to wage a DoS by impersonating GUI commands. The Nexus Control Panel also
contains a design flaw that allows unsigned, as well as unauthenticated and unencrypted, firmware updates (CVE-2021-37160)
to the system, the researchers found.
Ransomware attacks and PII (Personally identifiable information) like steal data from the stations including employee RFID
credentials as well as other intelligence about the PTS's physical configuration are two major attacks according to the article
that could occur if through these vulnerabilities , the station gets compromised.
“The Nexus Control Panel powers the stations on-premise. Once you compromise a station - without [needing]
credentials, you can harvest any employee credentials to access these systems" including their RFID cards that
open doors at the hospital building” the researcher says.
3.3 Remediation
According to the article , the first and foremost thing one should do when an attack occurs is to understand what pathway
lead to the attack , and once getting an idea of it , leverage the vulnerabilities. Swisslog had issued a software update for the
firmware, v7.2.5.7, which patches all but one of the vulnerabilities CVE-2021-37160, the unsigned firmware issue. The
vendor is providing mitigation steps for that vuln.
The firmware flaws affect the HMI-3 circuit board in the Nexus Panels when the systems are Ethernet-connected, and the
affected systems are mostly used in hospitals in North America. An attacker would need access to the victim's IT network to
exploit the vulnerabilities.
Both Armis and Swisslog had collaborated together to come to a conclusion regarding the number of flaws but they both
happen to have a different answer. Armis said there are eight CVEs account for nine flaws it discovered (it points to the two
hardcoded passwords in CVE-2021-37163), but Swisslog says Armis counted nine after considering one vulnerability could
have more than one impact and is claiming it as two vulnerabilities.
These two accounts that have hardcoded passwords were assigned a single CVE. Swisslog removed one of these accounts -
the user - but the root account still remained in the firmware after the patch. For that reason, it is clear these are separate
vulnerabilities since they will have two separate solutions. Segmentation of the medical devices and systems that are not
connected to patients is advisable as the patient care won’t be affected, will be segmented and secured.
To help mitigate this problem, enterprises must be more vigilant in increasing cyber-hygiene among the remote workforce by,
for example, insisting that employees use unique and strong passwords and by adopting multifactor authentication, an
additional layer of security.
In addition to teaching employees about secure practices and insisting they adopt them, here are other steps that enterprises
can take to enhance the strength of their cybersecurity infrastructure:
Always use the latest versions of the software installed on your systems, including every application used on desktop
computers, laptops and mobile devices, as well as the operating system each is running.
These identify every network user and verify each device before granting any kind of access and apply the security
protocols regardless of the location of the user. Zero trust networks allow only authorized users to access specific
areas of the system.
Keep tight control over information transfer. “Bring your own device” (BYOD) is a common practice that allows
employees to use their personal devices for work. But BYOD policies can substantially undermine security, as they
contain login information and business documents that can fall into the wrong hands. Enterprises with BYOD
policies must make doubly sure their personal devices are used responsibly.
6
4. FUTURE OF CYBER-PHYSICAL SYSTEMS
“CPS in critical infrastructure is too new an area in which to develop highly accurate security predictions, but
Gartner’s strategic planning assumptions raise awareness of important scenarios that can help you consider and prioritize
security initiatives.
No.1: By 2024, a cyberattack will so damage critical infrastructure that a member of the G20 will reciprocate with a declared
physical attack.
Action: Coordinate closely with military leaders who will soon be involved in defense of private enterprises (for example, by
establishing responsibility for that coordination).
No. 2: By 2024, 80% of critical infrastructure organizations will abandon their existing siloed security solutions providers by
adopting hyperconverged solutions to bridge cyber-physical and IT risks.
Action: Accelerate the convergence of the CPS security stack, and bolster strategies to mitigate risk by evaluating suppliers of
critical infrastructure devices and software against best-of-breed product security features.
No. 3: Through 2026, less than 30% of U.S. critical infrastructure owners and operators will meet newly mandated government
security requirements for cyber-physical systems.
Action: Develop an adequate CPS security strategy by deploying a holistic approach in which OT, the Internet of Things (IoT),
industrial IoT and IT security are managed in a coordinated effort, not in isolation. Also identify and fill gaps in capabilities,
and invest in threat intelligence support.”
5. MY OPINION :
All the three papers have sufficient information regarding the vulnerability , exploitation and prevention methods. It was easy
for me to present a report on these topics because of the on demand subject. All the authors have done a thorough research as
seen in the paper. It made it very easy for me to understand the technical aspect of the research. The topics that I have opted
for are very interesting and fascinating. Looking at securing these systems, I feel a few of these below mentioned points should
be followed:
“Maintaining Security Services: new lightweight cryptographic solutions to secure Cyber-Physical systems and IoT in real-
time operations with minimum computational complexity. Confidentiality: a new class of lightweight block or stream cipher
algorithms to secure CPS resource constrained real-time communications. Digital Evidences: to overcome eliminating sources
of evidence that trace back to the attack source, such as the case of Shamoon, Duqu, Flame and Stuxnet malware types.
Enforcing Compliance: respecting users' privacy by ensuring data access regulatory compliance, especially when stored by
utility providers. The definitions of CPS and IoT are converging over time to include a common emphasis on hybrid systems
of interacting digital, analog, physical, and human components in systems engineered for function through integrated physics
and logic. Recognizing this convergence can bring currently isolated fields and sectors together for progress around shared
research, application, and innovation goals and opportunities. Effectively designing, building, and assuring CPS/IoT systems
requires consideration of the system’s functional context, including how the system is used and for what purpose or outcome.
A unified perspective on CPS/IoT systems allows a common classification structure for components, illuminating a path
forward for enabling open composability and reliable compositionality for innovation in the creation of novel systems and
systems-of-systems applications. This unified perspective also allows for prioritizing research, development, and deployment
goals, including enabling tight physical and logical state linkages and developing hybrid discrete and continuous methods for
conceptualization, realization, and assurance of CPS/IoT systems. The hybrid nature of CPS/IoT systems has important
implications for engineering, including design assurance, cyber-physical security, lifecycle management, timing and
synchronization, and more. Collectively, these conclusions can inform research; commercial; standards; and legal, policy, and
regulatory efforts designed to realize the value to society of advanced CPS/IoT technologies. Defining Privileges: This should
be considered as the most suitable access control policy, which assigns permissions and rights depending on the users’
roles/tasks/attributes when it comes to accessing CPS, and removing these access rights upon completing the task or upon the
employee’s leave. This also includes the use of the least privilege policy. Therefore, the definition of privilege should be done
based on Attribute Based Access Control (ABAC), where policies combined with attributes specify access authorizations.
Note that ABAC makes access control decisions based on Boolean conditions of attribute values. It provides a high level of
granularity, which is necessary to make CPS control access scheme more secure.” - Lu Y. Industry 4.0: a survey on
technologies, applications and open research issues. J. Ind. Inf. Integr. 2017;6:1–10. [Google Scholar]
7
REFERENCES
1. KyaSupa.(2021). LEXFO Hacking a capsule hotel Ghost in the bedrooms : Black Hat USA
2021.https://i.blackhat.com/USA21/Wednesday-Handouts/us-21-Hacking-A-Capsule-Hotel-Ghost-In-The-Bedrooms.pdf
2. Ben Seri , Barak Hadad (2021). A Hole In The Tube Uncovering Vulnerabilities in Critical Infrastructure of Healthcare
Facilities.https://www.blackhat.com/us-21/briefings/schedule/#a-hole-in-the-tube-uncovering-vulnerabilities-in-critical-
infrastructure-of-healthcare-facilities-23546
3. Kelly Jackson Higgins.(2021). Multiple Zero-Day Flaws Discovered in Popular Hospital Pneumatic Tube
System.https://info.armis.com/rs/645-PDC-047/images/Armis-PwnedPiper-WP.pdf
4. Horvath I, Gerritsen B (2012) Cyber-Physical Systems: Concepts, Technologies and Implementation Principles.
Proceedings of the Tools and Methods of Competitive Engineering (Delft Faculty of Industrial Design Engineering, Delft
University of Technology, Karlsruhe, Germany), pp. 7–11.
https://www.researchgate.net/publication/229441298_CYBER PHYSICAL_SYSTEMS_CONCEPTS_TECHNOLOGIES_
AND_IMPLEMENTATION_PRINCIPLE
5. Humayed A, Lin J, Li F, Luo B (2017) Cyber-Physical Systems Security—A Survey. IEEE Internet of Things (IoT) Journal
4 (6): 1802-1831.https://ieeexplore.ieee.org/document/7924372