Prise en compte des risques de cyber-attaques dans le domaine de la sécurité des systèmes cyber-physiques : proposition de mécanismes de détection à base de modèles comportementaux / Addressing cyber-attack risks for the security of cyber-physical systems : proposition of detection mechanisms based on behavioural models

Sicard, Franck

11 October 2018

Les systèmes de contrôle-commande industriels (Industrial Control System, ICS) sont des infrastructures constituées par un ensemble de calculateurs industriels reliés en réseau et permettant de contrôler un système physique. Ils assurent le pilotage de réseaux électriques (Smart Grid), de systèmes de production, de transports, de santé ou encore de systèmes d’armes. Pensés avant tout pour assurer productivité et respect de la mission dans un environnement non malveillant, les ICS sont, depuis le 21ème siècle, de plus en plus vulnérables aux attaques (Stuxnet, Industroyer, Triton, …) notamment avec l’arrivée de l’industrie 4.0. De nombreuses études ont contribué à sécuriser les ICS avec des approches issues du domaine de la sécurité (cryptographie, IDS, etc…) mais qui ne tiennent pas compte du comportement du système physique et donc des conséquences de l’acte de malveillance en lui-même. Ainsi, une sécurisation se limitant exclusivement à l’analyse des informations qui transitent sur un réseau industriel n’est pas suffisante. Notre approche amène un changement de paradigme dans les mécanismes de détection en y intégrant la modélisation du comportement du système cyber-physique.Cette thèse propose des mécanismes de détection d’attaques en se positionnant au plus proche de la physique. Ils analysent les données échangées entre le système de contrôle-commande et le système physique, et filtrent les échanges au travers de modèles déterministes qui représentent le comportement du système physique soumis à des lois de commande. A cet effet, une méthodologie de conception a été proposée dans laquelle l’ensemble des ordres est identifié afin de détecter les attaques brutales. Pour faire face aux autres attaques, en particulier celles plus sournoises, comme les attaques par séquences, nous proposons une stratégie de détection complémentaire permettant d’estimer l’occurrence d’une attaque avant que ses conséquences ne soient destructives. A cet effet, nous avons développé des concepts de distance d’un état caractérisé comme critique auquel nous avons adjoint un second mécanisme dit de trajectoire dans le temps permettant de caractériser une intention de nuire.L’approche proposée hybride ainsi deux techniques orientées sécurité (sonde IDS) et sûreté (approche filtre) pour proposer une stratégie de détection basée sur quatre mécanismes lié :• A la détection de contexte : basé sur l’état courant de l’ICS, un ordre émis par l’API peut être bloqué s’il conduit vers un état critique (attaque brutale).• Aux contraintes combinatoires (attaque par séquences) : vérifiées par les concepts de distance et de trajectoire (évolution de la distance).• Aux contraintes temporelles (attaque temporelle) : vérifiées par des fenêtres temporelles sur l’apparition d’évènements et d’indicateurs surveillant la durée moyenne d’exécution.• Aux sur-sollicitations basées sur un indicateur surveillant les commandes envoyées afin de prévenir un vieillissement prématuré (attaque sur les équipements).L’approche proposée a été appliquée sur différents exemples de simulation et sur une plateforme industrielle réelle où la stratégie de détection a montré son efficacité face à différents profils d’attaquant. / Industrial Control Systems (ICSs) are infrastructures composed by several industrial devices connected to a network and used to control a physical system. They control electrical power grid (Smart Grid), production systems (e.g. chemical and manufacturing industries), transport (e.g. trains, aircrafts and autonomous vehicles), health and weapon systems. Designed to ensure productivity and respect safety in a non-malicious environment, the ICSs are, since the 21st century, increasingly vulnerable to attacks (e.g. Stuxnet, Industroyer, Triton) especially with the emergence of the industry 4.0. Several studies contributed to secure the ICS with approaches from the security field (e.g. cryptography, IDS) which do not take into account the behavior of the physical system and therefore the consequences of the malicious act. Thus, a security approach limited exclusively to the analysis of information exchanged by industrial network is not sufficient. Our approach creates a paradigm shift in detection mechanisms by integrating the behavioral modeling of the cyber-physical system.This thesis proposes detection mechanisms of attacks by locating detection closer to physical system. They analyze the data exchanged between the control system and the physical system, and filter the exchanges through deterministic models that represent the behavior of the physical system controlled by control laws. For this purpose, a design methodology has been proposed in which all actions are identified in order to instantly detect brutal attacks. To deal with other attacks, especially the more sneaky, such as sequential attacks, we propose a complementary detection strategy to estimate the occurrence of an attack before its consequences are destructive. To this end, we have developed the concepts of distance of a state identified as critical to which we have added a second mechanism called trajectory which leads to a temporal notion that characterize an intention to harm.As part of this thesis, the proposed approach combines two techniques oriented security (IDS probe) and safety (filter approach) to propose a detection strategy based on four mechanisms related to:• Context detection: based on the current state of the system, an order sent by the PLC can be blocked by the control filter if it leads to a critical state (brutal attack).• Combinatorial constraints (sequential attack): verified by the concepts of distance (risk indicator for the current state) and trajectory (indicator of the intention to harm by studying the evolution of the distance on a sequence).• Temporal constraints (temporal attack): verified by time windows on the appearance of events and an indicator monitoring the average duration of execution.• Over-solicitation monitoring mechanism: based on an indicator monitoring orders sent to the actuators to prevent premature ageing of the production equipment (attack on the equipment).The proposed approach has been applied to various simulation examples and an industrial platform where the detection strategy has shown its effectiveness against different scenarios corresponding to attacker profiles.

Détection à base de modèles

Surveillance

Contrôle-Commande

Systèmes à évènements discrets

Cybersécurité

Systèmes Cyber-Physiques

Model-Based Detection

System Monitoring

Industrial Control Systems

Discrete-Event Systems

Cybersecurity

Cyber-Physical Systems

004

Analysis and coordination of mixed-criticality cyber-physical systems

Maurer, Simon

January 2018

A Cyber-physical System (CPS) can be described as a network of interlinked, concurrent computational components that interact with the physical world. Such a system is usually of reactive nature and must satisfy strict timing requirements to guarantee a correct behaviour. The components can be of mixed-criticality which implies different progress models and communication models, depending whether the focus of a component lies on predictability or resource efficiency. In this dissertation I present a novel approach that bridges the gap between stream processing models and Labelled Transition Systems (LTSs). The former offer powerful tools to describe concurrent systems of, usually simple, components while the latter allow to describe complex, reactive, components and their mutual interaction. In order to achieve the bridge between the two domains I introduce the novel LTS Synchronous Interface Automaton (SIA) that allows to model the interaction protocol of a process via its interface and to incrementally compose simple processes into more complex ones while preserving the system properties. Exploiting these properties I introduce an analysis to identify permanent blocking situations in a network of composed processes. SIAs are wrapped by the novel component-based coordination model Process Network with Synchronous Communication (PNSC) that allows to describe a network of concurrent processes where multiple communication models and the co-existence and interaction of heterogeneous processes is supported due to well defined interfaces. The work presented in this dissertation follows a holistic approach which spans from the theory of the underlying model to an instantiation of the model as a novel coordination language, called Streamix. The language uses network operators to compose networks of concurrent processes in a structured and hierarchical way. The work is validated by a prototype implementation of a compiler and a Run-time System (RTS) that allows to compile a Streamix program and execute it on a platform with support for ISO C, POSIX threads, and a Linux operating system.

支援虛實互動展演之程式環境 / Programming Support for Cyber-Physical Interactive Performance Art

蕭奕凱, Hsiao, Yi Kai

Unknown Date

本研究係發想自政治大學「未來馬戲團」的展演活動表演方式，嘗試改進表演方式中的程式技術，以程式化方式整合展演藝術中實體與虛擬的互動平台，我們希望提供導演撰寫較為口語或展演描述方式的腳本敘述如『when ... other-wise ...』，如此一來就可以任意組合實體演員的肢體動作與指示虛擬環境的特效，因此我們採用了一套介接實體與虛擬環境應用程式的領域專屬語言- Digital In-teractive Performance Sketch (DIPS)，用以開發客製化的展演程式庫，並佈署於本團隊自行開發的執行引擎 Wearable Item Service runtimE (WISE)，提供導演在這個引擎上透過這個DIPS編寫前述口語的程式腳本，讓程式自行互動，達成展演效果的自動變化。 我們的系統會接收來自展演人員穿配的連網感應器上的訊號，並且根據導演寫好的腳本規則，自動根據接收到的裝置訊號判斷出該指示虛擬環境做出什麼樣的效果，以達到展演效果自動變化，完成虛擬與實體展互動的程式支援。 為了減少腳本程式撰寫前須具備的程式邏輯訓練，本研究開發一款所見即所得(WYSIWYG)的視覺化腳本編輯器 DIPS Creator，提供腳本編寫者可以直覺的方式組合編輯器中的展演詞彙方塊，完成腳本設計。 本研究展示了如何以較為口語或展演語意的方式敘述展演規則，以實現虛實互動的程式化，並且提供了具有彈性的客製化展演函式庫及圖形化展演規則編輯器的製作方式，未來可增加多演員層次的抽象支援以展現本研究系統的更多程式化能力，並加入表演階段設計、雙向溝通與規則互斥等能力，擴充系統功能。 / This research was inspired by “The Future Circus”, a cyber-physical interactive performance art developed in National Chengchi University. In this thesis, we pro-pose some mechanisms to support such performance art programmatically in a more effective manner. Specially, we provide a high-level scripting tool for directors to de-scribe the performance rules abstractly in the form of “when ... otherwise ...”, so that directors can compose arbitrary actions and effects easily. Underlying such abstract rules are a domain specific language – Digital Interactive Performance Sketch (DIPS), and a middleware. Wearable Item Service runtime (WISE), developed by our research team. Given a script with those abstract rules, our system will receive signals sent from a sensor on wearable devices of actors, and then it will command cyber environment perform effects, the performance effects or actions according to rules written by the director. Through our integration efforts, the performance effects in the cyber environment will change automatically in a programmatic way. Besides, for users without prior scripting experience, we developed a WYSIWYG GUI editor, DIPS Creator, that allows users to write a script intuitively by dragging and dropping pre-built rule blocks. We conduct a few experiments with real sensor device to demonstrate the programming support of our tool. The preliminary results are satisfactory in terms of prototype support. To further extend our tool for practical performance, we describe in detail a few directions such as support for multiple actor performance stage model-ing, and integrity check of related rules that will make our system more powerful.

展演藝術

虛實互動

程式支援

領域專屬語言

所見即所得編輯器

performance art

cyber-physical interactive

programming support

domain specific language

WYSIWYW editor

IoMT-Based Accurate Stress Monitoring for Smart Healthcare

Rachakonda, Laavanya

05 1900

This research proposes Stress-Lysis, iLog and SaYoPillow to automatically detect and monitor the stress levels of a person. To self manage psychological stress in the framework of smart healthcare, a deep learning based novel system (Stress-Lysis) is proposed in this dissertation. The learning system is trained such that it monitors stress levels in a person through human body temperature, rate of motion and sweat during physical activity. The proposed deep learning system has been trained with a total of 26,000 samples per dataset and demonstrates accuracy as high as 99.7%. The collected data are transmitted and stored in the cloud, which can help in real time monitoring of a person's stress levels, thereby reducing the risk of death and expensive treatments. The proposed system has the ability to produce results with an overall accuracy of 98.3% to 99.7%, is simple to implement and its cost is moderate. Chronic stress, uncontrolled or unmonitored food consumption, and obesity are intricately connected, even involving certain neurological adaptations. In iLog we propose a system which can not only monitor but also create awareness for the user of how much food is too much. iLog provides information on the emotional state of a person along with the classification of eating behaviors to Normal-Eating or Stress-Eating. This research proposes a deep learning model for edge computing platforms which can automatically detect, classify and quantify the objects in the plate of the user. Three different paradigms where the idea of iLog can be performed are explored in this research. Two different edge platforms have been implemented in iLog. The platforms include mobile, as it is widely used, and a single board computer which can easily be a part of network for executing experiments, with iLog Glasses being the main wearable. The iLog model has produced an overall accuracy of 98% with an average precision of 85.8%. Smart-Yoga Pillow (SaYoPillow) is envisioned as a device that may help in recognizing the importance of a good quality sleep to alleviate stress while establishing a measurable relationship between stress and sleeping habits. A system that analyzes the sleeping habits by continuously monitoring the physiological changes that occur during rapid eye movement (REM) and non-rapid eye movement (NREM) stages of sleep is proposed in the current work. In addition to the physiological parameter changes, factors such as sleep duration, snoring range, eye movement, and limb movements are also monitored. The SaYoPillow system is processed at the edge level with the storage being at the cloud. SaYoPillow has 96% accuracy which is close to other existing research works. This research can not only help in keeping an individual self-aware by providing immediate feedback to change the lifestyle of the person in order to lead a healthier life, but can also play a significant role in the state-of-the-art by allowing computing on the edge devices.

Computer Science

Health Sciences, Mental Health

Simulation temps-réel distribuée de modèles numériques : application au groupe motopropulseur / Distributed real-time simulation of numerical models : application to power-train

Ben Khaled-El Feki, Abir

27 May 2014

De nos jours, la validation des unités de contrôle électronique ECU se fonde généralement sur la simulationHardware-In-the-Loop où les systèmes physiques qui manquent sont modélisés à l’aide deséquations différentielles hybrides. La complexité croissante de ce type de modèles rend le compromisentre le temps de calcul et la précision de la simulation difficile à satisfaire. Cette thèse étudie et proposedes méthodes d’analyse et d’expérimentation destinées à la co-simulation temps-réel ferme de modèlesdynamiques hybrides. Elle vise notamment à définir des solutions afin d’exploiter plus efficacement leparallélisme fourni par les architectures multi-coeurs en utilisant de nouvelles méthodes et paradigmesde l’allocation des ressources. La première phase de la thèse a étudié la possibilité d’utiliser des méthodesd’intégration numérique permettant d’adapter l’ordre comme la taille du pas de temps ainsi quede détecter les événements et ceci dans le contexte de la co-simulation modulaire avec des contraintestemps-réel faiblement dures. De plus, l’ordre d’exécution des différents modèles a été étudié afin dedémontrer l’influence du respect des dépendances de données entre les modèles couplés sur les résultatsde la simulation. Nous avons proposé pour cet objectif, une nouvelle méthode de co-simulationqui permet le parallélisme complet entre les modèles impliquant une accélération supra-linéaire sanspour autant ajouter des erreurs liées à l’ordre d’exécution. Enfin, les erreurs de retard causées par lataille de pas de communication entre les modèles ont été améliorées grâce à une nouvelle méthoded’extrapolation par contexte des signaux d’entrée. Toutes les approches proposées visent de manièreconstructive à améliorer la vitesse de simulation afin de respecter les contraintes temps-réel, tout engardant la qualité et la précision des résultats de simulation sous contrôle. Ces méthodes ont été validéespar plusieurs essais et expériences sur un modèle de moteur à combustion interne et intégrées àun prototype du logiciel xMOD. / Nowadays the validation of Electronic Control Units ECUs generally relies on Hardware-in-The-Loopsimulation where the lacking physical systems are modeled using hybrid differential equations. Theincreasing complexity of this kind of models makes the trade-off between time efficiency and the simulationaccuracy hard to satisfy. This thesis investigates and proposes some analytical and experimentalmethods towards weakly-hard real-time co-simulation of hybrid dynamical models. It seeks in particularto define solutions in order to exploit more efficiently the parallelism provided by multi-core architecturesusing new methods and paradigms of resource allocation. The first phase of the thesis studied the possibilityof using step-size and order control numerical integration methods with events detection in thecontext of real-time modular co-simulation when the time constraints are considered weakly-hard. Moreover,the execution order of the different models was studied to show the influence of keeping or not thedata dependencies between coupled models on the simulation results. We proposed for this aim a newmethod of co-simulation that allows the full parallelism between models implying supra-linear speed-upswithout adding errors related to their execution order. Finally, the delay errors due to the communicationstep-size between the models were improved thanks to a proposed context-based inputs extrapolation.All proposed approaches target constructively to enhance the simulation speed for the compliance toreal-time constraints while keeping the quality and accuracy of simulation results under control and theyare validated through several test and experiments on an internal combustion engine model and integratedto a prototype version of the xMOD software.

Simulation temps-réel

Functional Mockup Interface (FMI)

Simulation multi-coeurs

Systèmes Cyber-Physiques

Groupe motopropulseurs (GMP)

Ordonnancement

Real-time simulation

Functional Mock-up Interface (FMI)

Multi-core simulation

Cyber Physical System

Powertrain

Scheduling

620

雲端多租戶互動展演平台的設計與實作 / Design and Implementation of a Multi-tenant Cloud Platform for Cyber-Physical Interactive Performance Art

王佑霖, Wang, You Lin

Unknown Date

傳統展演中，觀眾和表演者被視為是兩個獨立的個體，表演者與表演者間及表演者與觀眾間互動不多，若使用穿戴式裝置結合科技與藝術的「虛實互動數位展演」，能協助營造現場的互動氣氛，是既新穎又富有創意的表演模式，還能結合故事劇情與觀眾互動，此種互動的情境氛圍，會比一般的資訊傳遞更容易讓觀眾有所感受。 而目前許多表演活動的展演特效系統，都是由特效控制技術人員根據展演人員的動作與節目進程來呈現。如果由展演人員自行操作、建置與管理的話，便需要瞭解特效控制的相關技術，此外也需要和技術人員互相溝通與合作。而彼此觀念、資訊與背景的不同，難免容易造成控制上的失誤、延遲或是溝通不良導致表演效果不佳以致於觀眾不好的視聽感受。基於上述問題，本研究將設計一個基於多租戶概念的雲端互動展演系統整合平台，展演人員只需透過網路連結至展演系統網站，配合連網感應器的穿戴式裝置，不需自行建置、管理系統平台，登入後可依個人需求使用直覺圖形化邏輯編輯器，使用滑鼠拖拉，控制需求，不需繁複的技術教學訓練，便根據穿戴式裝置回傳的感測訊號做出響應式的展演效果變化，達到展演人員可簡單好上手地自行操作展演特效系統，減少與特效控制技術人員合作上的失誤。 / In traditional performance art, viewers and performers are regarded as two independent individuals. There is less interaction between performers and performers, performers and audiences. If wearable devices are used in the "cyber-physical interactive digital performance art", it can help create an interactive atmosphere in the scene. It is a creative, innovative mode of performance, and it also creates a combination between scenario and the interaction of the audiences. The interactive atmosphere is easier for the audience to be affected than ordinary information transmission. Currently, many special effects are presented by the technical staff. They are based on the performers and progression of show. If the special effects are managed by the performer-selves, they need to understand the relative technologies. In addition, they have to cooperate and communicate with technical staff. However, the difference of concept and background between each other, it's hard to avoid the mistake, delay, or misunderstanding of control. It may cause that the poor performance bring audience about the bad auditory and visual feeling. According to above issues, this study will design and implement a multi-tenant cloud platform for cyber-physical interactive performance art. The performers just connect to the performance art system website via the Internet, with the wearable device, and they do not need to set up and manage system platform by themselves. They log in the website, with the GUI editor, and use mouse to control demand. Without complex technical training, the variety of special effects are presented which based on the wearable device’s signal. We suppose that the platform makes the performers operate special effects system by themselves simply and easily. It also reduces the misunderstanding with the technical staff.

雲端多租戶

虛實互動數位展演

領域專屬語言

Multi-tenant cloud

Domain specific language

Model-Free Optimization of Trajectory and Impedance Parameters on Exercise Robots with Applications to Human Performance and Rehabilitation

De las Casas Zolezzi, Humberto Jose

06 July 2021

No description available.

Robotics

Robots

Engineering

Mechanical Engineering

robotics

optimization

optimal control

control systems

Extremum Seeking Control

human performance

artificial intelligence

neural networks

cyber-physical machines

advanced exercise machines

Návrh digitálního dvojčete CNC obráběcího stroje / Design of digital twinn of CNC machine tool

Staněk, Václav

January 2019

The Master’s thesis deals with design of digital twins of machine tools and application of designed procedure on a case study – digital twin of the machine tool MCV 754 Quick. In the first part are described current roles of digital twins in the field of machine tools and also hardware and software options for creating them. Software and hardware tools by Siemens (Mechatronics Concept Designer and SIMIT) are used for the case study. The complex procedure of creating the digital twin is designed in the second part, starting with preparation of a model, ending with the virtual commissioning of the machine tool MCV 754 Quick. The procedure is described in detail, including preparation of 3D model of the machine tool, assignment of physical properties and joints, preparation of PLC, connection all the elements of the whole system: Sinumerik – SIMIT – Mechatronics Concept Designer and controlling the twin via CNC automation system. Output of the thesis is the virtually commissioned machine tool, capable of being controlled by Sinumerik 840D sl. This is the first step in development of the full-fledged digital twin of machine tool, which can be used for testing the functionality and capability of this new technology in industry.

Verteilte Mobilität - Eine spannende Herausforderung

Werner, Matthias

05 July 2013

Cyber-physikalische Systeme (CPS) sind eine erweitere Sicht auf eingebettete Systeme, die die konkreten umgebenden Elemente in das Systemdesign einbeziehen. Das Design solcher Systeme erfordert neue Herangehensweisen: Während beispielsweise in "normalen" verteilten Systemen Aspekte wie "Bewegung" oder "Ort" möglichst transparent und damit für den Nutzer unsichtbar gestaltet werden, benötigen CPS-Anwendungen häufig Bewusstsein für Bewegung oder Ort, d.h., sie sind _motion aware_ oder _location aware_. Die Professur "Betriebssysteme" der TUC hat sich die Frage gestellt, wie eine generische Unterstützung für solche verteilte mobile Systeme aussehen könnte. Im Vortrag werden Probleme, Konzepte und erste Lösungsansätze für ein künftiges Betriebssystem für diese Art von Systemen vorgestellt.

info:eu-repo/classification/ddc/005

ddc:005

Nuclear Safety related Cybersecurity Impact Analysis and Security Posture Monitoring

Gupta, Deeksha

05 April 2022

The Electrical Power Systems (EPS) are indispensable for a Nuclear Power Plant (NPP). The EPS are essential for plant start-up, normal operation, and emergency conditions. Electrical power systems are necessary not only for power generation, transmission, and distribution but also to supply reliable power for plant operation and control system during safe operation, Design Basis Conditions (DBC) and Design Extension Conditions (DEC). According to IAEA Specific Safety Guide SSG-34, EPS are essentially the support systems of many plant equipment. Electrical system, which supply power to plant systems important to nuclear safety, are essential to the safety of an NPP. In recent years, due to the digitization of Instrumentation and Control (I&C) systems, along with their enhanced accuracy, ease of implementing complex functions and flexibility, have been also exposed to sophisticated cyber threats. Despite physical separation and redundant electrical power supply sources, malicious cyber-attacks performed by insiders or outsiders might disrupt the power flow and result in an interruption in the normal operation of an NPP. Therefore, for the uninterrupted operation of a plant, it is crucial to contemplate cybersecurity in the EPS design and implementation. Considering multiple cyber threats, the main objectives of this research work are finding out security vulnerabilities in electrical power systems, simulating potential cyber-attacks and analyzing the impacts of these attacks on the electrical components to protect the electrical systems against these cyber-attacks. An EPS testbed at a small scale was set up, which included commercial I&C and electrical equipment significant for the cybersecurity analysis. The testbed equipment comprises of electrical protection relay (IEC 60255), controller, operating panel, engineering workstation computer, simulation model, etc. to monitor and control the power supply of one or more electrical equipment responsible for a regular operation in an NPP. Simulated cybersecurity attacks were performed using this testbed and the outcomes were examined in multiple iterations, after adding or changing security controls (cybersecurity countermeasures). Analyzing the cybersecurity and performing cyber-attacks on these systems are very advantageous for a real power plant to prepare and protect the plant equipment before any malicious attack happens. This research work conclusively presents cybersecurity analysis, including basic and sophisticated cyber-attack scenarios to understand and improve the cybersecurity posture of EPS in an NPP. The approach was completed by considering the process engineering systems (e.g. reactor core cooling systems) as attack targets and investigating the EPS specific security Defense-in-Depth (DiD) design together with the Nuclear Safety DiD concepts.:CHAPTER 1 INTRODUCTION 1.1 Motivation 1.2 Technical Background 1.3 Objectives of the Ph.D. Project 1.4 State of the Art in Science and Technology CHAPTER 2 FUNDAMENTALS OF CYBERSECURITY AND ELECTRICAL CONTROL AND PROTECTION CONCEPTS 2.1 Electrical Power System 2.2 Electrical Protection System 2.3 Cyber-Physical System 2.4 Industrial Control System 2.5 Safety I&C and Operational I&C Systems 2.6 Safety Objective Oriented Top-Down Approach 2.7 Cybersecurity Concept 2.8 Threat Identification and Characterization in NPP 2.8.1 Design Basis Threat 2.8.2 Attacker Profile 2.8.1 Reported Real-Life NPP Cyber-Attack Examples 2.9 Security Levels 2.10 Summary CHAPTER 3 CYBER-PHYSICAL PROCESS MODELING 3.1 Introduction 3.2 Single Line Diagrams of Different Operational Modes 3.3 Design 3.4 Block Diagram of Simulink Model 3.5 Implementation of Simulink Blocks 3.5.1 Power Generation 3.5.2 Grid Feed 3.5.3 House Load (Feed Water Pump) 3.6 OPC UA Communication 3.7 Summary CHAPTER 4 CYBER THREAT SCENARIOS FOR EPS 4.1 Introduction 4.2 Cyber-Physical System for EPS 4.3 Cyber Threats and Threat Sources 4.3.1 Cyber Threats 4.3.2 Threat Sources 4.4 Cybersecurity Vulnerabilities 4.4.1 Vulnerabilities in EPS 4.4.2 Vulnerabilities in ICS 4.5 Attacker Modeling 4.6 Basic Cyber Threat Scenarios for EPS 4.6.1 Scenario-1: Physical Access to Electrical Cabinets 4.6.2 Scenario-2: Modification of Digital Protection Devices 4.7 Potential Advanced Cyber Threat Scenarios for EPS 4.7.1 Scenario-1: Alteration of a Set-point of the Protection Relay 4.7.2 Scenario-2: Injection of Malicious Packets 4.7.3 Scenario-3: False Trip Command 4.7.4 Scenario-4: Availability Attack on Protection Relay or SCADA System 4.7.5 Scenario-5: Permanent Damage to Physical Component 4.7.6 Scenario-6: Protocol-wise Attack on Operator Panel 4.8 Threat Scenario for Simulink model 4.9 Summary CHAPTER 5 EPS TESTBED DESCRIPTION 5.1 Introduction 5.2 Basic Industrial Automation Architecture 5.3 Need for Testbeds 5.4 Proposed EPS Testbed 5.4.1 Testbed Architecture 5.4.2 Testbed Implementation 5.5 EPS Physical Testbed Applications 5.5.1 Modeling and Simulation of Power System Faults 5.5.2 Modeling of Cyber-Attacks 5.6 Summary CHAPTER 6 EXPERIMENTAL AND IMPACT ANALYSIS OF CYBER THREAT SCENARIOS 6.1 Outline 6.2 Normal Operation and Control 6.3 Possibilities to Cause Failure in the Primary or Secondary Cooling Systems 6.4 Implementation of Cybersecurity Threat Scenarios 6.4.1 Alteration of a Relay Set-Point during Plant Start-Up Phase 6.4.2 Alteration of a Controller Set-Point during Normal Operation Phase 6.4.3 Availability Attack on Control and Protection System 6.4.4 Severe Damage to a Physical Component due to Overcurrent 6.5 Experimentally Assessed Cyber-attacks 6.6 Summary CHAPTER 7 SUMMARY AND OUTLOOK REFERENCES SCIENTIFIC PUBLICATIONS GLOSSARY

info:eu-repo/classification/ddc/621.3

ddc:621.3