Return to search

Using a system-theoretic approach to identify cyber- vulnerabilities and mitigations in industrial control systems

Thesis: S.M. in Engineering and Management, Massachusetts Institute of Technology, System Design and Management Program, 2019 / Cataloged from PDF version of thesis. / Includes bibliographical references (pages 123-128). / Recent cyber-physical attacks, such as Stuxnet, Triton etc., have invoked an ominous realization about the lethality of such attacks and the vulnerability of critical infrastructure, including power, gas and water distribution control systems. The traditional industrial practice to enhance security posture by utilizing IT security-biased protection methods narrowly focuses on improving cyber hygiene and individual component protection. Albeit essential and a good countermeasure against indiscriminate, non-targeted attacks, the reality of modern industrial control systems is that they are highly complex, interdependent and software-intensive sociotechnical systems. This makes traditional methods of defense largely impotent in the face of targeted attacks by advanced cyber-adversaries - as was demonstrated by Stuxnet. / A new realization is aggressively permeating through the industry about the need to use a holistic approach that integrates safety and security considerations to rethink, reengineer and redesign these complex control systems. System-Theoretic Accident Model & Processes (STAMP) offers a powerful, holistic, structured framework to analyze safety and security of complex cyber-physical systems in an integrated fashion. The electric grid is universally acknowledged as the holy grail of a target for an advanced cyberadversary. In light of this, this work demonstrates the use of a STAMP-based analysis method on the electric generation and distribution system of the MIT central utilities plant. The analysis is presented in a robust and structured format which can be emulated to analyze larger systems. / Several hazardous control actions such as out-of-sync breaker closure, generator overfluxing, turbine overspeed etc., are identified which could be exploited to cause permanent physical damage to the plant. While traditional counter-measures exist, it is argued that they need to be rethought in the face of potential cyber-attacks by advanced adversaries. Finally, several new functional requirements are presented which do not only span individual technical components but also the broader socio-organizational system. / by Shaharyar Khan. / S.M. in Engineering and Management / S.M.inEngineeringandManagement Massachusetts Institute of Technology, System Design and Management Program

Identiferoai:union.ndltd.org:MIT/oai:dspace.mit.edu:1721.1/122437
Date January 2019
CreatorsKhan, Shaharyar,S.M.Massachusetts Institute of Technology.
ContributorsStuart Madnick and Allen Moulton., Massachusetts Institute of Technology. Engineering and Management Program., System Design and Management Program., Massachusetts Institute of Technology. Engineering and Management Program, System Design and Management Program
PublisherMassachusetts Institute of Technology
Source SetsM.I.T. Theses and Dissertation
LanguageEnglish
Detected LanguageEnglish
TypeThesis
Format129 pages, application/pdf
RightsMIT theses are protected by copyright. They may be viewed, downloaded, or printed from this source but further reproduction or distribution in any format is prohibited without written permission., http://dspace.mit.edu/handle/1721.1/7582

Page generated in 0.0018 seconds