Fardapaper Cyber Physical Systems and Their Security Issues
Fardapaper Cyber Physical Systems and Their Security Issues
Computers in Industry
journal homepage: www.elsevier.com/locate/compind
A R T I C LE I N FO A B S T R A C T
Keywords: The creation of cyber-physical systems posed new challenges for people. Ensuring the information security of
Cyber-physical system cyber-physical systems is one of the most complex problems in a wide range of defenses against cyber-attacks.
Cyber-physical system security The aim of this paper is to analyse and classify existing research papers on the security of cyber-physical systems.
Cyber-physical system attacks Philosophical issues of cyber-physical systems are raised. Their influence on the aspects of people's lives is
Cyber-physical system security threats
investigated. The principle of cyber-physical system operation is described. The main difficulties and solutions in
Philosophical issues
Tree of attacks
the estimation of the consequences of cyber-attacks, attacks modeling and detection and the development of
security architecture are noted. The main types of attacks and threats against cyber-physical systems are ana-
lysed. A tree of attacks on cyber-physical systems is proposed. The future research directions are shown.
⁎
Corresponding author at: 9A, B. Vahabzade Street, Baku AZ1141, Azerbaijan.
E-mail addresses: [email protected] (R. Alguliyev), [email protected] (Y. Imamverdiyev), [email protected] (L. Sukhostat).
https://doi.org/10.1016/j.compind.2018.04.017
Received 6 July 2017; Received in revised form 29 April 2018; Accepted 30 April 2018
0166-3615/ © 2018 Elsevier B.V. All rights reserved.
R. Alguliyev et al. Computers in Industry 100 (2018) 212–223
• The novelty and fundamental difference of CPS from existing em- might be tempted to, or even need to, react, leading to even more in-
formation and more challenges, also in security.
bedded systems or automated process control systems (APCS), even
On the one hand, the abundance of new information allows a person
though they are similar in appearance, is that CPS integrate the
to transform it into knowledge, however, on the other hand, this entails
cybernetic beginning, computer hardware and software technolo-
an increase in information noise. If earlier such noise was most often
gies, qualitatively new actuators, embedded in their environment
found only in the virtual world, for example, in spam letters, pop-up
and able to perceive its changes, respond to them, learn and adapt
windows, contextual advertising, etc., now with the advent of CPS,
themselves.
• From the computer science point of view [6] CPS are the integration
when each object contains and transmits a large amount of information,
such noise starts to exceed the limits of the framework of virtual reality
of computing and physical processes. They include embedded
and acquires its features in the real world. A large amount of in-
computers, network monitors, and controllers, usually with feed-
formation also leads to the fact that the information itself begins to
back, where physical processes affect computations and vice versa.
• From the automation technologies point of view [7], CPSs are spe-
depreciate, and the search for necessary information becomes a difficult
task.
cialized systems which activities are controlled by computing and
Thus, the development of CPSs and their impact on the contours of
communication cores embedded in objects and structures of the
the life of modern people are extremely controversial. On the one hand,
physical environment.
• According to the US NSF, the CPS of the future will far exceed the
CPS, like any innovation, was originally conceived as a means of im-
proving human life, an innovation that could make life more comfor-
existing systems in performance, adaptability, fault tolerance, se-
table, relieve a person and allow him to get rid of routine work [12]. On
curity, and ease of use.
the other hand, the development of CPS, like any socio-technical in-
novation, posed new challenges for the person, the main of which is the
transformation of life and the partial loss of its completeness, connected
with mass distribution, virtualization of practices, and increased
213
R. Alguliyev et al. Computers in Industry 100 (2018) 212–223
information noise. The consequence of these processes is the inability to ISO/OSI model [22,23]: from the physical layer to the application layer.
identify the main priorities and benchmarks in the virtual information
space [13]. 5.1. Physical layer
Barriers of CPS include a variety of protocols and standards, security
issues, power supply devices, a psychological barrier. Also, there are The physical layer lays the groundwork for the CPS architecture.
smart contracts that are computer programs that make it easier to au- The physical layer consists of sensors, actuators, which are connected to
tomate compliance with various types of contracts/transactions. In the each other via wireless or wired networks. For example, 2G/3G/4G, Wi-
conditions of CPS and Big data, a special legal structure should be Fi, ZigBee, Bluetooth, WiMAX, RFID readers and tags and wired tech-
provided to simplify the cırculation of information as a subject of nologies (PLC, NC, etc.). 6LoWPAN (IPv6 over Low power Wireless
transactions. Personal Area Networks) is a network layer protocol and can be used
One of the issues with security, in general, is that there always are with any physical and data link layer. This layer is used to connect
multiple stakeholders involved. They all have different goals and per- ZigBee, Bluetooth and other systems to the Internet (acts as a router).
ceive different security risks and threats. Regulations and standards can The devices at this level usually have little memory and processing
be used as part of security countermeasures, but an important focus power. Attacks on this layer mainly come from external sources.
should be to provide and ensure sufficient levels of security for each of
the specific stakeholders and also for specific information in specific 5.2. Data link layer
contexts and environments. The words “sufficient” and “specific” are
key in security. The emergence of decentralized cryptocurrencies has The data link layer provides the creation, transmission, and recep-
opened new opportunities and also allowed to solve some of the fun- tion of data frames. This layer serves the network layer requests and
damental problems related to the efficiency, security, and autonomy of uses the physical layer service to receive and send packets. The data
payment systems. link layer is divided into logical channel management (LLC) sublayer
The humanitarian expertise of CPS realities and technologies and its and media access control (MAC) sublayer. LLC provides network layer
bioethical support is a non-trivial task and requires complex inter- service, and the MAC sublayer regulates access to a shared physical
disciplinary teams of developers, researchers, philosophers. Rethinking environment. An attack on this layer can lead to disruption of MAC
these issues is one of the most important tasks of the information addresses, which could result in a failure of the device identification.
technology philosophy and philosophy in general.
5.3. Network layer
4. Principle of CPS operation
At this layer, packets are routed based on converting MAC addresses
The CPS architecture often consists of two main layers [14,15]: the to network addresses. It uses the IPv4/IPv6 and RPL (“Ripple” routing)
cyber layer and the physical layer. The current state of the CPS includes protocols. The attacks that lead to the failure of sensors and actuators,
variables that represent data obtained by sensors and control variables in turn, lead to a change of information and source from which it was
representing control signals [16]. The normal value of a certain process obtained. This can subsequently lead to a mechanical failure.
parameter is called a set point. In CPS, the distance between the values
of the process variables and the corresponding control points is calcu- 5.4. Transport layer
lated by the controllers. After calculating this offset, the controllers,
using a complex set of equations, develop a local actuation, and com- At this layer, packets are broken into small fragments. The most
pute new actuation and control variables. The received control value is common transport layer protocols include TCP, UDP, and ICMP. Attacks
sent to the corresponding actuator to keep the process closer to a spe- on this level lead to a decrease in the speed of network equipment and
cific set point [17]. the failure of services.
Controllers also send the received measurements to the main control
servers and execute the selected commands from them. In CPS, system 5.5. Session layer
operators should be aware of the current status of the controlled ob-
jects. Thus, the graphical user interface (GUI), called the human-ma- The session layer manages the conversation (communication ses-
chine interface (HMI), provides the current state of the controlled ob- sion). It monitors the order of message transmission over the network;
ject to the human operator. in case of a fault, not to start from the beginning again, inserts labels
In general, the CPS process can be divided into the following stages into long messages. Session-level protocols are usually an integral part
[14]: 1) monitoring; 2) networking; 3) computational processing; 4) of the functions of the top three layers of the model.
actuation. The cyber layer often uses industrial protocols such as DNP3
[18], 61 850 [19] and Modbus [20] to communicate with physical layer 5.6. Presentation layer
devices.
Presentation level coordinates the data presentation (syntax) in the
5. CPS architecture interaction of two application processes: data transformation from the
external format to internal one; data encryption and decryption. An
A CPS may consist of multiple static/mobile sensor and actuator example of such a protocol is the Secure Socket Layer (SSL) protocol,
networks integrated under an intelligent decision system [21]. CPSs are which provides secret message exchange for the application-layer pro-
characterized by cross-domain sensor cooperation, heterogeneous in- tocols of the TCP/IP stack.
formation flow, and intelligent decision making.
Different types of CPS components integration are based on effective 5.7. Application layer
connectivity. CPS includes various combinations of key functions and
depends on their applications. CPS considers computational compo- The application layer covers different domains (Fig. 1). This layer
nents that use common knowledge and information from physical stores, analyses and updates information received from previous layers.
processes. Depending on the field of application, the issue arises which It makes control decisions that can be visualized using the virtual
of the characteristics should be used and to what extent. prototype interface. The protection of data privacy is the most im-
The CPS architecture can be considered at various levels. The most portant issue of this level.
common architecture of CPS is divided into seven fundamental levels of Data confidentiality is provided by various security mechanisms (for
214
R. Alguliyev et al. Computers in Industry 100 (2018) 212–223
example, data encryption, two-factor authentication, etc.). This protects information details. CPSs security protects the system from intrusions
CPS sensor data from their disclosure and transferring to an un- and reduces the likelihood of risks.
authorized party.
Real-time digital data processing and its capture are carried out by 6. Security threats of CPSs
sensors. The CPS sensors can measure physical properties and convert
them into a signal. There are different types of sensors that perform Cyber threats affect: 1) the confidentiality that is necessary to
different functions and are used in different areas. In some cases, they maintain the security of user’s personal data in the CPS and prevent an
can also have a certain degree of memory, which allows them to reg- attacker from attempting to change the state of the physical system by
ister a certain number of measurements. “eavesdropping” communication channels between the sensors and the
Sensors with a low data transfer rate form WSNs, which are in- controller, and between the controller and the actuator; 2) the integrity,
creasing in popularity, as they can have more sensor nodes than wired when data or resources can be changed without permission; 3) the
sensor networks and work offline for a long time. For example, ma- availability, when there are failures in computer technology, manage-
chine-to-machine (M2 M) communications, which are subject to addi- ment, communication, equipment; 4) the reliability, when it is neces-
tional security measures, based on their characteristics associated with sary to confirm that both parties involved are really the ones they
different protocols and their applications. pretend to be [27,28]; 5) the authenticity, when the identity of a subject
There are several security design principles that can be useful in or resource can be proved to be the one claim; 6) the non-repudiation,
constructing control systems that can survive attacks [24–26]: re- when actions or events can be proven to have taken place so that they
dundancy, diversity, a principle of least-privilege, and separation of cannot be repudiated later; 7) the accountability, when the actions of
privilege. an entity can be traced uniquely to the entity.
Architecture helps to define and explain the overall structure of CPS, One of the main characteristics of cyber threats is that they are
to describe the interaction of its components. Security should be per- scalable, i.e. they are easily automated and replicated, and you should
formed on all layers of the CPS architecture, from the physical layer to expect that they are distributed freely through unreliable domains.
the application layer. Cyber-physical threats are threats that originate in cyberspace but have
A higher level of security reduces the risk of confidential informa- an impact on the physical space of the system. Cyber-physical threats
tion disclosure, provides data anonymity, and hides important emerge from cyberspace and affect the physical space of the CPS.
215
R. Alguliyev et al. Computers in Industry 100 (2018) 212–223
Classification of CPS threats includes [29]: Spoofing identity, Tam- to errors in future requirements for their processing. If an attacker can
pering with data, Repudiation of origin, Information disclosure, Ele- only capture and forward real data packets, then an effective attack
vation of privilege, Denial of service (DoS). method is to record some “normal” data and play it back to avoid de-
In [30], key problems were identified for CPS security: 1) under- tection.
standing the threats and possible consequences of attacks; 2) de- Communication security requires the development of protocols to
termining the unique properties of CPS and their difference from tra- provide links between interference sources (active) and eavesdroppers
ditional information technology security, and 3) discussion of the (passive) between and within CPS.
security mechanisms applicable to CPS. e) In [14], a three-layered logical model of CPS and a meta-model of
On the other hand, in order to understand the new classes of CPS cyber-attacks, where the system is attacked by Feedback Integrity Attack
threats, for example, on the smart network and SCADA (Supervisory for (while only part of the control signals retains its integrity), were pro-
Control and Data Acquisition) systems, it is useful to characterize the posed. Feedback Security refers to the fact that the control systems in
interactions between the area that is the source of the threat and the CPS, which provide the necessary feedback for actuation, are protected.
area that has been affected [31]. Modern security solutions are focused only on data security, but their
impact on evaluation and management algorithms should be studied to
7. Tree of attacks on CPSs provide in-depth protection for CPS [37].
According to the ISO/IEC 27001:2013 standard, threats may be 8. Main research areas
deliberate, accidental or environmental. The examples of typical threats
include: physical damage, natural events, loss of essential services, ra- Analysis of state-of-the-art publications on this topic has shown the
diation malfunctions, compromise of information (for example, eaves- relevance and prospects of CPSs [27,38]. Scientists from different
dropping, tampering with software, etc.), technical failures, un- countries (Germany, China, the USA, etc.) have devoted thousands of
authorized actions (for example, data corruption), compromise of publications to this technology that investigate the creation of such
functions (for example, forging and abuse of rights). systems [39].
Based on the results of the analysis of existing studies in security in In [40] the systematic map of research on the CPS security was
Fig. 2, a “tree” of attacks and threats based on the functional model of presented. This paper showed the leading universities in some devel-
CPS [14] is proposed. Branches of the “tree” include the following types oped countries that are engaged in research on this issue.
of attack: a) attacks on sensor devices (Sensing); b) attacks on actuators To analyse the latest research in the field of CPS security, we have
(Actuation); c) attacks on computing components (Computing); d) at- identified four research categories. As can be seen from Tables 1–4, the
tacks on communications (Communication); e) attacks on feedback proposed classification scheme is based on the estimation of cyber-at-
(Feedback). tack consequences, modeling of CPS attacks, CPS attacks detection and
a) The researchers identified threats and vulnerabilities that affect development of security architecture.
CPS sensors (such as Injecting false radar signals, Dazzling cameras A number of state-of-the-art publications have been studied. They
with light, GPS Spoofing, etc.) [32]. Since CPS is closely related to the were summarized in the tables according to the criteria.
physical process in which they are embedded, the reliability and ac- The tables list the main contributions and concepts of the ap-
curacy of the data acquisition process must be ensured. Sensor security proaches considered in each document. Moreover, the future research
needs methods to encourage physical authentication so that any data directions of each paper were indicated.
received from a physical process can be trusted [33]. And according to our analysis, the first five research universities
b) Djouadi et al. [34] analysed the impact of cyber-attacks on ac- dealing with this problem include University of California at Berkeley
tuators and considered two classes that cover a wide range of potential (USA), University of Science and Technology Beijing (China), KTH
attacks: the Finite Energy Attack, which includes, for example, the loss Royal Institute of Technology (Sweden), Politecnico di Milano (Italy)
and modification of personal packets, the Finite Time Attack, and Im- and Hamburg University of Technology (Germany).
pulse attacks, and the Bounded Attack, which leads to the suppression of The development of attack detection for industrial CPSs is reviewed
the control signal. according to the categories of detection approaches [41]: 1) Bayesian
The actuation control security refers to the fact that during a pas- detection with binary hypothesis; 2) weighted least square (WLS) ap-
sive-active or active mode of operation, no action can take place proaches; 3) χ2-detector based on Kalman filters; and 4) quasi-FDI
without the appropriate permission. The specification of permissions (fault detection and isolation) techniques. Robustness, security, and
must be dynamic, as the CPS requirements change over time. resilience, as well as stability, have been discussed to govern the cap-
c) Attacks on computing resources have been discussed in detail in ability of weakening various attacks.
the paper and include Trojans, Viruses, Worms and DoS attacks [35]. In According to [42] any CPS security model should include security
[36], information is provided on methods of data mining (DM) that can defense layers with the following characteristics: difficult penetration;
be used to increase cybersecurity. robust authentication and access control mechanism; high response
A malicious attack can secretly damage the CPS. Since there are time; upgrade capability and attack mitigation abilities. This paper
violations and measurement errors in control systems, the detection presents an analysis of the security issues at the various layers of CPS
mechanisms must ensure that these regular errors will not cause a false architecture, risk assessment, and techniques for securing CPS.
alarm. This gives the attacker a space to hide. Consequently, the various research communities are very active in
If an attacker changes real data by obtaining a key for secure the direction of CPS security, which confirms the importance of this
communication (communication key) or capturing some network de- problem. However, there are still many unresolved issues. As a result,
vices, this is called an integrity attack. Storage security includes the the following CPS security studies are highlighted in this paper:
development of solutions to ensure the security of stored data in CPS
platforms from physical or cyber hacking. From the attacker’s point of 1) Estimation of cyber-attack consequences. Complex and sophisti-
view, the construction of a strategy of false attacks, as a rule, deals with cated attacks are designed to cause significant damage to the cyber
a number of factors, resources and security constraints. and physical characteristics of CPS. For example, Stuxnet [43,44],
d) Communication attacks include Selective Forwarding, Packet which is the first malicious software specifically designed to inflict
Spoofing, Packet Replaying, Sybil, etc. attacks (can be used to disrupt physical damage on industrial infrastructures (reprogramming
resource allocation between nodes in favor of malware) that violate the control systems by modifying the PLC code). Thus, it is necessary to
routing of system packages [33]. Any intervention in the data may lead assess the impact of cyber-attacks on the normal functioning of
216
R. Alguliyev et al. Computers in Industry 100 (2018) 212–223
Table 1
A literature overview on the estimation of cyber-attacks consequences.
References Proposed approach Main contribution Future directions
physical processes. In such situations, it is extremely important not provide a systematic review of the papers and perform an analysis of
only to demonstrate and evaluate the destructive impact of cyber- cyber-attacks consequences, each work was represented in Table 1.
attacks, but also to quantify the consequences and, ultimately, to 2) Modeling of CPS attacks. Attack and vulnerability models are used
ensure the availability of specific cyber activities. In order to to identify weaknesses in CPS systems to support their search
Table 2
A literature overview of CPS attacks modeling.
References Proposed approach Main contribution Future directions
Martins et al. Systematically identify the potential threats at A tool to perform systematic threat modeling for Merging of the different threat modeling techniques
(2015) [83] the design phase of building CPSs. CPS using a real-world railway temperature in order to enable the expansion of threat
monitoring system as the case study was presented. identification and system vulnerabilities.
Mavani and Asawa
(2017) [71]
Description of IPv6 spoofing attack, which
corrupts the border router’s routing table of the
• It is shown that path loss exponent affects the
probability of attack success.
Assessment of the impact of multiple attackers on
the network communication in CPS and to propose
6LoWPAN network. • The systematic mathematical analysis using an
attack tree model was performed.
a countermeasure.
Mitchell and Chen An analytical model based on SPN techniques The analytical model allows the optimal design Investigation of countermeasures for improving
(2015) [58] for modeling and analysis of attacks and parameter settings for maximizing the mean time to CPS survivability.
countermeasures for CPSs. failure (MTTF) of the CPS.
Srivastava et al.
(2013) [64]
• The attack modeling using the vulnerability
of information, communication, and
Integration of cyber and physical vulnerability
models given incomplete information
Development of mitigation techniques to avoid
coordinated cyber-physical attacks on the smart
electric grid network grid.
• Cyber vulnerability index based on
discovery, feasibility, access, detection
threat and connection speed
217
R. Alguliyev et al. Computers in Industry 100 (2018) 212–223
Table 3
A literature overview of CPS attacks detection.
References Proposed approach Main contribution Future directions
Finogeev and Classification of external attacks and intrusion The existing routing procedures for the simultaneous Carry out a covert transfer of open or
Finogeev detection in sensor networks. exchange of key information allow reducing energy encrypted key information by the
(2017) [46] consumption during the information transmission. steganographic methods.
Friedberg et al. A novel anomaly detection approach that utilizes • APT detection approach. Development of a more intelligent approach
(2015) [51] log-lines produced by various systems and • Anomaly detection model. for the generation of event classes.
components in ICT networks. • Real-World evaluation.
Giani et al. (2013)
[49]
An efficient algorithm to find all unobservable
attacks in Energy Management Systems.
• Detection of irreducible attacks that involve the
compromise of exactly two power injection meters.
A comprehensive and realistic analysis of
cybersecurity threats to electricity grids under
• Countermeasures against arbitrary unobservable
attacks using known-secure PMUs.
normal and contingency operations.
Table 4
A literature overview of security architecture development.
References Proposed approach Main contribution Future directions
218
R. Alguliyev et al. Computers in Industry 100 (2018) 212–223
strategy and understanding of the attacks. It is necessary to develop impact of Advanced Persistent Threats (APTs) (for example, direct ac-
attack models to assess them and take adequate countermeasures to cess to database servers, copying large amounts of data) was proposed.
ensure CPS security (Table 2). The attacker needs to understand the Anomaly detection in this approach is possible only through the use of a
failure conditions of the equipment, control principles, process be- combination of different rules describing the model. It was concluded
havior, etc. [45]. that the proposed approach performs very well in the limited SCADA
3) CPS attacks detection. It is important to develop detection algo- dataset. Despite this, according to the authors, the proposed approach
rithms and countermeasures for all well-known attacks in advance can work well on real data.
to reduce the impact of attacks for a limited time and minimize The paper [52] presented a framework encompassing a novel fea-
system damage. Table 3 summarizes the papers on CPS attacks de- ture set and customized pattern recognition algorithms for identifying
tection, the main contributions, and future research directions. integrity attacks affecting CPSs. It is important to make informed de-
4) Development of security architecture. The development of CPSs is cisions regarding accommodation actions and future usage of the in-
constrained by security factors. The main task of designing complex frastructure. Frequency and wavelet values were used to train a
CPS architectures is to test and validate “secure design” to ensure Random Forest for identifying integrity attacks. The proposed method
the security and reliability of physical and cyber components. It is is able to detect previously unseen data reducing potential mis-
necessary to develop new reliable control and evaluation algorithms classifications.
that consider more realistic attack models from a security perspec- In [45], a method for estimating the consequences of the attacks
tive. Table 4 shows a summary of the literature on the development spread in CPSs, assessing the direct and indirect consequences of attacks
of security architecture. on control parameters, including measurements of CPS sensors and
controller signals was proposed. The proposed approach was considered
By classifying the publications under consideration, we have for a Boiling Water Power Plant (BWPP). The “normal” behavior of the
grouped them into four categories related to SCADA systems security system is compared without any malfunctions with the abnormal be-
and Smart Grid security, countermeasures against cyber-attacks and havior during the attacks (DoS and deviation attacks). The system
communication security. parameters are divided into two classes of cause-and-effect parameters,
which may be the same or may differ from each other. New indicators
8.1. SCADA systems security that can be used to quantify the level of importance of each parameter
in a physical process were proposed. The priorities in the sensors and
The problems of detecting attacks in WSN of SCADA systems were control signals readings were determined to depend on their attacks
introduced in [46]. Authors developed the detailed classification of sensitivity using the obtained quantitative values. Unlike most of the
external attacks and intrusion detection in sensor networks and brought proposed methods that are applicable to attacks that cause a physical
a detailed description of attacking impacts on components of SCADA process to shut down (for example, [53,54]); the proposed method can
systems in accordance with the selected directions of attacks. In- consider attacks that do not necessarily lead to SCADA system outage.
formation security problems are often caused not so much by external In [55], the authors discussed the concept and strategies for creating
attacks, but the staff non-compliance with regulations and rules of the a reliable and fault-tolerant CPS. They defined fault tolerance as a 3S-
enterprise information security policy. It may result in an unauthorized oriented model (Stability, Security, and Systematicness). They also
infection by computer viruses, Trojans, and worms. Finding the infec- pointed out the problems associated with CPS modeling.
tion in the SCADA system may cause a need of hard reset to clean the
virus and will stop the most of the enterprise’s processes, but it is not 8.2. Countermeasures against cyber-attacks
always feasible from the economic standpoint.
Li et al. proposed a new type of cyber-physical attacks on SCADA Countermeasures to improve the stability of Kalman filtering to
systems [47]. Even though this paper was focused on the neutralization defend against false data injection attacks were developed in [56]. The
process, many other physical processes controlled by SCADA systems proposed countermeasures have been implemented on IEEE 14-bus, 30-
could also be the targets. bus, and 118-bus systems. Unscented Kalman filter (UKF) approach
A model that simulates attempts by a highly skilled attacker to achieves the best performance on random benign noise and reduces the
execute a premeditated malevolent scheme and calculates the prob- impact of attacks. According to authors, the proposed temporal-based
ability of attacker’s mission success was proposed in [48]. Attacker’s detection technique can identify compromised meters accurately and
mission success probability is dependent on the quality of intelligence quickly.
gathered prior to launching his attack. The proposed model can be used Due to the increasing use of IoT and Internet of Autonomous
for simulating what-if scenarios for security drills to better understand Vehicles in the near future VANETs (Vehicular ad hoc networks) de-
vulnerabilities in critical infrastructures. velop continuously and attract increased attention. An attacker could
In [49], the authors presented and characterized the unreasonable compromise some vehicles and turn them into zombie vehicles,
cyber-attacks using intentionally secure phasor measurement units awaiting orders from a command and control server. In [57] the ap-
(PMUs). It has been shown that (p + 1) PMUs are quite effective for proaches for intrusion/misbehavior detection were provided. Proactive
disabling p attacks. A deeper problem with the investigation of the and reactive solutions that could be employed as countermeasures to
cybersecurity of SCADA/EMS components of the power grid is related attacks were also discussed.
to grid operations. Therefore, a complete and realistic analysis of the Attack has consequences only when the network operator is misled,
cybersecurity threats of electrical networks should include both the which leads to data compromise. The countermeasures against arbi-
normal technological regime and emergency situations. trary unobservable attacks using known-secure PMUs were proposed
In [50], a new methodology for assessing the effects of cyber-attacks [49].
on physical processes was proposed. The study is based on the beha- In [58], an approach was proposed to model and evaluate attacks
vioral evaluation of physical processes and sensitivity analysis. For this, and defensive actions for CPS. The model is based on stochastic Petri
the covariance of the observed variables before and after performing nets (SPNs). In this approach, attrition, pervasion and exfiltration fail-
individual attacks against control variables was calculated. One of the ures were considered. Determining the optimal model of conditions in
main features of this methodology is its applicability to situations CPS, such as the intrusion detection interval and the modeling of the
where the physical process is unavailable. It only considers individual redundancy level, are the results of this study.
attacks on control signals. In [59], the model of the replay attack on CPS was determined, and
In [51] an approach for anomaly detection that is the result of the the effectiveness of the control system was analysed. The relationship
219
R. Alguliyev et al. Computers in Industry 100 (2018) 212–223
between loss of performance, detection rate and the strength of the parameters, such as packet loss, communication delay, timing man-
authentication signal has been described. A technique for optimizing agement logic, and network traffic can affect the consequences of at-
noisy authentication signals based on a trade-off between the desired tacks. The main contribution of the authors is that the most important
detection efficiency and permissible loss of control performance was parameters that could affect the stability of physical processes were
also presented. In the paper, it was suggested to introduce an authen- identified. The authors noted that communication parameters (for ex-
tication signal into the system at random intervals of time, rather than ample, communication delay) have a limited impact on the result of the
continuously, thus, only affecting performance for some time. attacks and the scheduling parameters of the tasks can affect the sta-
Yoo and Shon [60] discussed vulnerabilities, security requirements, bility of physical processes.
CPS architecture and presented countermeasures. The suggested se- Attacks can alter a manufacturing system, resulting in impaired
curity architecture for IEC 61850-to-DNP3 conversion environment communication, functionality or reduced performance [67]. An ap-
model, suggested by IEC 61850 80-2/IEEE 1815.1, was applied and its proach proposed in this paper combines the key principles of modern
potential was verified. methods for Trojans detection that affect the physical changes of
The language for describing possible attacks on CPS and their con- manufactured parts in the industry. It incorporates the use of structural
sequences was proposed in [61]. The main advantage of this language is health monitoring techniques to detect changes in a part’s intrinsic
the definition and description of features describing attacks and coun- behavior and brings manufacturing cybersecurity considerations to the
termeasures. Although they are not considered in the security assess- product/process design stages.
ment process, the authors believe that the proposed attack description The vulnerability of IoT infrastructure under intentional attacks has
language can be used to assess the level of security. been investigated in [68]. The network robustness of the Internet-or-
iented network and the CPS-oriented network were analysed. Both
8.3. Smart grid security analytical and empirical results showed that the proposed mechanism
enhances the robustness of IoT, even in the weak local detection cap-
In [62] a novel cyber-physic fusion approach by developing an ability and fragile network structure regime.
abnormal traffic-indexed state estimation (ATSE) method for attack In [69], an architecture for IoT-based healthcare (where the most
detection in Smart Grid was described. ATSE was applied to detect the devices and their communications are wireless) using distributed smart
attacks, including IDS (Snort) and bad data detection algorithm (Chi- e-health gateways was proposed. It is more secure than the centralized
square Test). The basic idea of ATSE is that the discrete event is delegation based architecture because it is more resistant to DoS attacks
quantified as the index of a physical system model. It demonstrates a and uses a more secure key management technique.
low-cost and easy-implement solution to integrate heterogeneous data Two broad challenges in CPSs information security (preventing re-
in Smart Grids. ATSE could be extended to detect other attacks in trieval of internal physical system information through monitored ex-
various CPS. ternal cyber communication links, and limiting the modification of
A novel distributed host-based collaborative detection (DHCD) physical system functioning through compromised cyber communica-
method to identify and mitigate FDI attacks in smart grid CPS was tion links) were analysed in [70]. Information-theoretic approaches
proposed in [63]. A rule specification based real-time collaborative against passive and active security attacks were developed.
detection system was designed to identify the anomalies of measure- Authors in [71] have attempted to describe IPv6 spoofing attack
ment data. In addition, a new reputation system with an adaptive re- that impacts on network communication, which corrupts the border
putation updating (ARU) algorithm was presented to evaluate the router’s routing table of the 6LoWPAN network. This study uses Attack
overall running status of the PMUs, which can be used to identify Tree (where the nodes of the tree represent attacks, and the root of the
compromised PMUs. tree is the global goal of an attacker) [72] as an attack modeling tool to
The authors in [64] turned to the attack modeling, using the vul- dissect it into micro-attacks and analyse each of them.
nerability of information, communication, and the electrical network, The estimation of communication, computing and control attacks
analysed the vulnerabilities of the electrical network with incomplete consequences on CPS can be successfully implemented in accordance
information using an approach from graph theory. In addition, a with the risk assessment model and the algorithm proposed in [73],
comprehensive cyber vulnerability index was introduced and used to which calculates the overall risk of CPS based on attack severity and
model in real time while demonstrating the impact of the Aurora attack. attack success probability. The weight was given to each system node
The game theory approach to the security assessment of smart (that was under attack). A risk curve can help users better understand
networks was proposed in [65]. First of all, the authors focused on the and respond to systemic risk in time. In addition, it can also be used to
cyber-physical security (monitoring, protection, and control in terms of predict future risks.
coordinated cyber-attacks) of the vast territory. The main focus of this The work [74] is aimed at minimizing the associated risks by letting
paper is to study pertinent issues in the cyber-physical security of users and applications be aware of the security and data quality level.
WAMPAC (Wide-Area Monitoring, Protection and Control). The solution is integrated into IoT middleware and is called as Net-
wOrked Smart objects (NOS). It is used to dynamically specify the level
of security and data quality. This solution is better than conventional
8.4. Communication security
one-size-fits-all approaches that often do not consider consumers’ re-
quirements in terms of security, privacy and data quality.
Genge et al. [66] have described the problem of how network
Table 5
Summary of the importance of CPS security issues.
Domain Authenticity Confidentiality Reliability Resilience Integrity
SCADA systems security [45], [49], [46], [55] [51], [55] [45], [50], [48], [51], [45], [50], [48], [49], [45], [50], [49], [51], [52],
[52], [55] [55] [47], [46], [55]
Countermeasures against cyber- [61], [58], [59], [49], [58], [59], [57] [58], [59], [56], [57], [61], [49], [56] [59], [49], [57], [60]
attacks [57], [60] [60]
Smart Grid security [65], [64], [62] [64], [62] [65], [64], [63], [62] [62] [65], [64], [62]
Communication security [73], [74], [71], [69], [73], [74], [71], [69], [73], [74], [69], [68], [73], [66], [74], [71], [73], [66], [74], [71], [67],
[70] [70] [70] [67], [69], [68] [69]
220
R. Alguliyev et al. Computers in Industry 100 (2018) 212–223
Table 5 discusses the above categories in terms of security issues, background and distinctive features of CPS, the principle of CPS op-
including authenticity, confidentiality, reliability, resilience, and in- eration and philosophical issues were discussed in detail. It was noted
tegrity. The table provides an overview of the trends in CPSs security that the development of CPS and their impact on the life of modern
research. It shows that information security goals have been touched in people is extremely contradictory.
almost all of the considered papers. The problems of attacks in the cyberspace, which have different
consequences and goals (such as to change some safety attributes, to
9. Open issues cause catastrophic damage to system equipment and resources, to lead
to production losses, to endanger life and safety of people, and to cause
CPSs have a high potential for creating new markets and solutions to damage to the environment), were investigated. We considered the
social risks, but impose high demands on quality, safety, security and impact of cyber threats on authenticity, confidentiality, reliability, re-
privacy [75–78]. Fundamental scientific research is necessary to silience, and integrity. This was reflected as a tree of attacks and threats
achieve a predictable level of verification and measurement quality, to on sensor devices, actuators, computing components, communications,
effectively combat external and internal changes. and feedback.
Based on the above analysis of the latest CPS security studies, the In order to shed light on the current security problems of CPS, the
future research directions include the following tasks: paper presented a review of relevant literature on the discussion of
practical applications in the areas of SCADA and Smart Grid security,
1) The development of methods for CPS components authentication. countermeasures against cyber-attacks and communication security
The presence of component authentication mechanisms, as well as a and the dominant areas of research.
secure channel between sensors and controllers, makes it possible to The tables provide the main contributions and concepts of ap-
increase the security of CPS from any tampering [79]. proaches in the areas of cyber-attack consequences estimation, mod-
2) The development of metrics to determine the level of trust in CPS eling of CPS attacks, CPS attacks detection and development of security
components. According to Table 5 from the previous section, en- architecture, discussed in the papers and outline the future research
suring the authenticity, confidentiality, reliability, resilience, and directions of each article.
integrity of CPS against various attacks must be performed at a Finally, based on the latest CPS security research, we have identified
certain level of trust, depending on the level of risks. CPS uses data future research areas for CPS deployment, including the development of
from several sensors for full information. There is a conflict between methods for CPS components authentication, to determine the level of
reliable in case of a failure of one sensor and faulty sensors, and trust in CPS components, for ensuring the security of personal data, the
therefore the user may receive false information [80]. development of countermeasures to increase the survivability of CPS
3) The development of methods for ensuring the security of personal and security protocol development. We hope that this work will help
data. The growing popularity and development of DM technologies researchers in the field of CPS security.
pose a serious threat to the security of confidential personal in-
formation. Data privacy may be violated due to unauthorized access References
to personal data. The wide application of DM and machine learning
algorithms allow malicious users to use intelligent data analysis to [1] S. Zeadally, N. Jabeur, Cyber-Physical System Design with Sensor Networking
access private information. This problem can be solved with the help Technologies, The Institution of Engineering and Technology, London UK, 2016.
[2] S.H.H.N. Ghazani, J.J. Lotf, R.M. Alguliev, A study on QoS models for mobile ad-
of two aspects: ethical and technological. Security through trans- hoc networks, Int. J. Model. Optim. 2 (5) (2012) 634–636.
parency is one of the solutions [81]. [3] A. Sheth, P. Anantharam, C. Henson, Physical-cyber-social computing: an early
4) The development of CPS security architecture. Analysis of the main 21 st century approach, IEEE Intell. Syst. 28 (1) (2013) 78–82.
[4] J. Zeng, L.T. Yang, M. Lin, H. Ning, J. Ma, A survey: cyber-physical-social systems
CPS problems arising with the growth of rapidly developing cyber and their system-level design methodology, Future Gener. Comput. Syst. (2016),
and physical threats shows that it is necessary to create a reliable http://dx.doi.org/10.1016/j.future.2016.06.034.
and fault-tolerant architecture that ensures a high level of security [5] C.H. Liu, Y. Zhang, Cyber Physical Systems: Architectures, Protocols and
Applications, CRC Press, Taylor & Francis Group Florida, 2016.
and cost-effectiveness. [6] E.A. Lee, Cyber physical systems: design challenges, 11th International Symposium
5) The development of countermeasures to increase the survivability of on Object/Component/Service-Oriented Real-Time Distributed Computing,
CPS. The development of countermeasures is an urgent task in order Orlando, Florida, USA, 2008.
[7] K.H. Johansson, Control of cyber-physical systems: fundamental challenges and
to minimize the number of vulnerabilities in the CPS. Analysis of
applications to transportation networks, 27th International Conference on
recent work to improve the reliability and resiliency of CPS has Architecture of Computing Systems, Lübeck Germany, 2014.
shown the need to develop defensive mechanisms and evaluate their [8] J.A. Stankovic, Research directions for the Internet of Things, IEEE IoT J. 1 (1)
impact on the survivability of CPSs. (2014) 3–9.
[9] L. Wang, X.V. Wang, Cloud-Based Cyber-physical Systems in Manufacturing,
6) Security protocol development. The growing number of devices in Springer International Publishing, London, 2018.
CPSs raises many questions about the suitability and adaptability of [10] P. Sobhrajan, S.Y. Nikam, Comparative study of abstraction in cyber physical
state-of-the-art security standards and protocols to ensure the con- system, Int. J. Comput. Sci. Inf.Technol. (IJCSIT) 5 (1) (2014) 466–469.
[11] R. Davies, The Internet of Things Opportunities and Challenges, European
fidentiality and integrity of data. The use of smart security proto- Parliamentary Research Service, 2015 PE 557.012 http://www.europarl.europa.
cols, which allow the self-adopting and self-controlling of CPS ar- eu/RegData/etudes/BRIE/2015/557012/EPRS_BRI(2015)557012_EN.pdf ).
chitecture, and their integration into innovative, state-of-the-art [12] A. Hakansson, R. Hartung, E. Moradian, Reasoning strategies in smart cyber-phy-
sical systems, Procedia Comput. Sci. 60 (2015) 1575–1584.
devices are among the priority tasks. The interaction between se- [13] H. Ning, Q. Li, D. Wei, H. Liu, T. Zhu, Cyberlogic paves the way from cyber phi-
curity technologies of CPS components leads to interoperability is- losophy to cyber science, IEEE IoT J. 4 (3) (2017) 783–790.
sues. Providing built-in security and privacy from components to the [14] A. Hahn, R.K. Thomas, I. Lozano, A. Cardenas, A multi-layered and kill-chain based
security analysis framework for cyber-physical systems, Int. J. Crit. Infr. Prot. 11
CPS as a whole requires special attention. (2015) 39–50.
[15] M. Krotofil, J. Larsen, Are you threatening my hazards? 9th International Workshop
10. Conclusion on Security, Hirosaki Japan, 2014.
[16] M. Krotofil, A. Cardenas, Resilience of process control systems to cyberphysical
attacks, 18th Nordic Conference on Secure IT Systems, Ilulissat Greenland, 2013.
CPSs are a promising paradigm for the development of current and [17] H. Kopetz, Real-Time Systems Design Principles for Distributed Embedded
future engineering systems and are expected to have an important Applications, Springer, USA, 2011.
impact on the real world. The idea of CPS focuses on the design of [18] M. Majdalawieh, Security Framework for DNP3 and SCADA, VDM Verlag,
Saarbruken, Germany, 2008.
complex systems, not the cyber or physical system separately. [19] C.R. Ozansoy, A. Zayegh, A. Kalam, Time synchronisation in a IEC 61850 based
This paper gives a definition and background of CPS. The technical
221
R. Alguliyev et al. Computers in Industry 100 (2018) 212–223
substation automation system, IEEE −2008 Australasian Universities Power propagation of security attacks in cyber?physical systems, Future Gen. Comput.
Engineering Conference, IEEE, Sydney Australia, 2008. Syst. 67 (2017) 57–71.
[20] Modbus-IDA, Modbus Application Protocol Specification V.1.1b, Modbus-IDA, [54] Y.L. Huang, A.A. Cardenas, S. Amin, Z.S. Lin, H.Y. Tsai, S. Sastry, Understanding the
Hopkinton, Massachusetts, 2016www.modbus.org/docs/Modbus_Application_ physical and economic consequences of attacks on control systems, Int. J. Crit. Infr.
Protocol_V1_1b.pdf. Prot. 2 (2009) 73–83.
[21] W. Fang-Jing, K. Yu-Fen, T. Yu-Chee, Review: from wireless sensor networks to- [55] F. Hu, Y. Lu, A.V. Vasilakos, Q. Hao, R. Ma, Y. Patil, T. Zhang, J. Lu, X. Li,
wards cyber physical systems, Pervasive Mob. Comput. 7 (4) (2011) 397–413. N.N. Xiong, Robust cyber-physical systems: concept, models, and implementation,
[22] H. Li, L. Lai, H.V. Poor, Multicast routing for decentralized control of cyber physical Future Gen. Comput. Syst. 56 (2016) 449–475.
systems with an application in smart grid, IEEE J. Sel. Areas Commun. 30 (2012) [56] Q. Yang, L. Chang, W. Yu, On false data injection attacks against kalman filtering in
1097–1107. power system dynamic state estimation: int, J. Security Commun. Networks 9
[23] A. Koubaa, B. Andersson, A vision of cyber-physical internet, 8th International (2016) 833–849.
Workshop on Real-Time Networks, Dublin, Ireland, 2009. [57] F. Sakiz, S. Sen, A survey of attacks and detection mechanisms on intelligent
[24] A.A. Cardenas, S. Amin, B. Sinopoli, A. Giani, A. Perrig, S. Sastry, Challenges for transportation systems: vANETs and IoV, Ad Hoc Networks 61 (2017) 33–50.
securing cyber physical systems, Workshop on Future Directions in Cyber-physical [58] R. Mitchell, I.R. Chen, Modeling and analysis of attacks and counter defense me-
Systems Security, Newark, NJ, 2009. chanisms for cyber physical systems, IEEE Trans. Reliab. 65 (2015) 350–358.
[25] J.H. Saltzer, M.D. Schroeder, The protection of information in computer systems, [59] Y. Mo, R. Chabukswar, B. Sinopoli, Detecting integrity attacks on SCADA systems,
Proc. IEEE 63 (9) (1975) 1278–1308. IEEE Trans. Control Syst. Technol. 22 (4) (2013) 1396–1407.
[26] A. Avizienis, J.-C. Laprie, B. Randell, C. Landwehr, Basic concepts and taxonomy of [60] H. Yoo, T. Shon, Challenges and research directions for heterogeneous cyber–-
dependable and secure computing, IEEE Trans. Dependable Secure Comput. 1 (1) physical system based on IEC 61850: vulnerabilities, security requirements, and
(2004) 11–32. security architecture, Future Gen. Comput. Syst. 61 (2016) 128–136.
[27] E.K. Wang, Y. Ye, X. Xu, S.M. Yiu, L.C.K. Hui, K.P. Chow, Security issues and [61] M. Yampolskiy, P. Horvath, X.D. Koutsoukos, Y. Xue, J. Sztipanovits, A language for
challenges for cyber physical system, IEEE/ACM International Conference on Cyber, describing attacks on cyber-physical systems, Int. J. Crit. Infr. Prot. 8 (2014) 40–52.
Physical and Social Computing, Hangzhou, China, 2010. [62] T. Liu, Y. Sun, Y. Liu, Y. Gui, Y. Zhao, D. Wang, C. Shen, Abnormal traffic-indexed
[28] S. Sicari, A. Rizzardi, L.A. Grieco, A. Coen-Porisini, Security, privacy and trust in state estimation: a cyber–physical fusion approach for Smart Grid attack detection,
Internet of Things: the road ahead, Comput. Networks 76 (2015) 146–164. Future Gen. Comput. Syst. 49 (2015) 94–103.
[29] D. Xu, M. Tu, M. Sanford, L. Thomas, D. Woodraska, W. Xu, Automated security test [63] B. Li, R. Lu, W. Wang, K.K.R. Choo, Distributed host-based collaborative detection
generation with formal threat models, IEEE Trans. Dependable Secure Comput. 9 for false data injection attacks in smart grid cyber-physical system, J. Parallel
(4) (2012) 525–539. Distrib. Comput. 103 (2016) 32–41.
[30] Z. Xinlan, H. Zhifang, W. Guangfu, Z. Xin, Information security risk assessment [64] A. Srivastava, T.H. Morris, T. Ernster, C. Vellaithurai, S. Pan, U. Adhikari, Modeling
methodology research: group decision making and analytic hierarachy process, cyber-physical vulnerability of the smart grid with incomplete information, IEEE
Second WRI World Congress on Software Engineering, Wuhan, China, 2010. Trans. Smart Grid 4 (2013) 235–245.
[31] C. Neuman, K. Tan, Mediating cyber and physical threat propagation in secure [65] A. Ashok, A. Hahn, M. Govindarasu, Cyber-physical security of wide-area mon-
smart grid architectures, Second International Conference on Smart Grid itoring, protection and control in a smart grid environment, J. Adv. Res. 5 (2014)
Communications, IEEE, Brussels Belgium, 2011. 481–489.
[32] Z. Brooks, Hacking Driverless Vehicles, DEFCON, 2016, https://www.defcon.org/ [66] B. Genge, C. Siaterlis, M. Hohenadel, Impact of network infrastructure parameters
images/defcon-21/dc-21-presentations/Zoz/DEFCON-21-Zoz-Hacking-Driverless- to the effectiveness of cyber attacks against industrial control systems, Int. J.
Vehicles.pdf. Comput. Commun. Control 7 (2014) 674–687.
[33] M. Krotofil, J. Larsen, D. Gollmann, The process matters: ensuring data veracity in [67] H. Vincent, L. Wells, P. Tarazaga, J. Camelio, Trojan detection and side-channel
cyber-physical systems, 10th ACM Symposium on Information, Computer and analyses for cyber-security in cyber-physical manufacturing systems, 43rd SME
Communications Security, ACM Singapore, 2015. North American Manufacturing Research Conference, Charlotte, North Carolina,
[34] S.M. Djouadi, A.M. Melin, E.M. Ferragut, J.A. Laska, J. Dong, Finite energy and 2015.
bounded actuator attacks on cyber-physical systems, 14th IEEE European Control [68] P.-Y. Chen, S.-M. Cheng, K.-C. Chen, Information fusion to defend intentional attack
Conference, Linz Austria, 2015. in Internet of Things, IEEE IoT J. 1 (4) (2014) 337–348.
[35] A. Singhal, Data Warehousing and Data Mining Techniques for Cyber Security, [69] S.R. Moosavi, T.N. Gia, A.M. Rahmani, E. Nigussie, S. Virtanen, J. Isoaho,
Springer Science + Business Media, USA, 2007. H. Tenhunen, SEA: a secure and efficient authentication and authorization archi-
[36] R. Mitchell, I.R. Chen, Effect of intrusion detection and response on reliability of tecture for IoT-based healthcare using smart gateways, Procedia Comput. Sci. 52
cyber physical systems, IEEE Trans. Reliab. 62 (1) (2013) 199–210. (2015) 452–459.
[37] A.A. Cardenas, S. Amin, S. Sastry, Research challenges for the security of control [70] P. Venkitasubramaniam, J. Yao, P. Pradhan, Information-theoretic security in sto-
systems, 3rd Conference on Hot Topics in Security, San Jose, CA, 2008. chastic control systems, Proc. IEEE 103 (10) (2015) 1914–1931.
[38] K. Wan, K.L. Man, D. Hughes, Specification analyzing challenges and approaches for [71] M. Mavani, K. Asawa, Modeling and analyses of IP spoofing attack in 6LoWPAN
cyber-physical systems (CPS), Eng. Lett. 18 (3) (2010) 308–315. network, Comput. Security 70 (2017) 95–110.
[39] L. Sha, J. Meseguer, Design of Complex Cyber Physical Systems with Formalized [72] S. Mauw, M. Oostdijk, Foundations of attack trees, in: D.H. Won, S. Kim (Eds.),
Architectural Patterns, Software-Intensive Systems and New Computing Paradigms, Information Security and Cryptology − ICISC 2005. ICISC 2005. Lecture Notes in
Springer-Verlag, Berlin, 2008. Computer Science, vol. 3935, Springer Berlin, Heidelberg, 2006.
[40] Y.Z. Lun, A.D. Innocenzo, I. Malavolta, M.D. Di Benedetto, Cyber-physical Systems [73] W. Wu, R. Kang, Z. Li, Risk assessment method for cyber security of cyber physical
Security: a Systematic Mapping Study, (2016) (arXiv preprint arXiv: 1605.09641). systems, 1 St International Conference On Reliability Systems Engineering, Beijing,
[41] D. Ding, Q.-L. Han, Y. Xiang, X. Ge, X.-M. Zhang, A survey on security control and China, 2015.
attack detection for industrial cyber-physical systems, Neurocomputing 275 (1) [74] S. Sicari, A. Rizzardi, D. Miorandi, C. Cappiello, A. Coen-Porisini, A secure and
(2018) 1674–1683. quality-aware prototypical architecture for the Internet of Things, Inf. Syst. 58
[42] Y. Ashibani, Q.H. Mahmoud, Cyber-physical systems security: analysis challenges (2016) 43–55.
and solutions, Comput. Secur. 68 (2017) 81–97. [75] S. Barnum, S. Sastry, J.A. Stankovic, Roundtable: reliability of embedded and cyber-
[43] S. Karnouskos, Stuxnet worm impact on industrial cyber-physical system security, physical systems, IEEE Secur. Privacy 8 (5) (2010) 27–32.
37th Annual Conference of the IEEE Industrial Electronics Society, Melbourne, [76] K.D. Kim, P.R. Kumar, Cyber-physical systems: a perspective at the centennial, Proc.
Victoria Australia, 2011. IEEE 100 (2012) 1287–1308.
[44] S. Collins, S. McCombie, Stuxnet: the emergence of a new cyber weapon and its [77] P. Derler, E.A. Lee, A. Sangiovanni-Vincentelli, Modeling cyber-physical systems,
implications, Journal of Policing, Intell. Counter Terror. 7 (1) (2012) 80–91. Proc. IEEE 100 (1) (2012) 1–28.
[45] M. Krotofil, A.A. Cardenas, J. Larsen, D. Gollmann, Vulnerabilities of cyber-physical [78] R. Baheti, H. Gill, Cyber-physical Systems, The Impact of Control Technology vol.
systems to stale data-determining the optimal time to launch attacks, Int. J. Crit. 12, (2011), pp. 161–166.
Infr. Prot. 7 (2014) 213–232. [79] A. Nourian, S. Madnick, A systems theoretic approach to the security threats in
[46] A.G. Finogeev, A.A. Finogeev, Information attacks and security in wireless sensor cyber physical systems applied to Stuxnet, IEEE Trans. Dependable Secure Comput.
networks of industrial SCADA systems, J. Ind. Inf. Integr. 5 (2017) 6–16. 99 (2015) 1–19.
[47] W. Li, L. Xie, Z. Deng, Z. Wang, False sequential logic attack on SCADA system and [80] L.-A. Tang, X. Yu, S. Kim, Q. Gu, J. Han, A. Leung, T. La Porta, Trustworthiness
its physical impact analysis, Comput. Secur. 58 (2016) 149–159. analysis of sensor data in Cyber-Physical Systems, J. Comput. Syst. Sci. 79 (3)
[48] Y.F. Khalil, A novel probabilistically timed dynamic model for physical security (2013) 383–401.
attack scenarios on critical infrastructures, Process Saf. Environ. Prot. 102 (2016) [81] A. Ouaddah, H. Mousannif, A.A. Elkalam, A.A. Ouahman, Access control in the
473–484. Internet of Things: big challenges and new opportunities, Comput. Netw. 112
[49] A. Giani, E. Bitar, M. Garcia, M. McQueen, P. Khargonekar, K. Poolla, Smart grid (2017) 237–262.
data integrity attacks, IEEE Trans. Smart Grid 4 (3) (2013) 1244–1253. [82] A. Wasicek, P. Derler, E. Lee, Aspect-oriented modeling of attacks in automotive
[50] B. Genge, I. Kiss, P. Haller, A system dynamics approach for assessing the impact of cyber-physical systems, 51 St Annual Design Automation Conference, San
cyber attacks on critical infrastructures, Int. J. Crit. Infr. Prot. 10 (2015) 3–17. Francisco, CA USA, 2014.
[51] I. Friedberg, F. Skopik, G. Settanni, R. Fiedler, Combating advanced persistent [83] G. Martins, S. Bhatia, X. Koutsoukos, K. Stouffer, C. Tang, R. Candell, Towards a
threats: from network event correlation to incident detection, Comput. Secur. 48 Systematic Threat Modeling Approach for Cyber-physical Systems, Resilience Week
(2015) 35–57. (RSW), Philadelphia, PA USA, 2015.
[52] S. Ntalampiras, Automatic identification of integrity attacks in cyber-physical sys-
tems, Expert Syst. App. 58 (2016) 164–173.
[53] H. Orojloo, M. Abdollahi Azgomi, A method for evaluating the consequence
222
R. Alguliyev et al. Computers in Industry 100 (2018) 212–223
Rasim M. Alguliyev. He is director of the Institute of Lyudmila V. Sukhostat works in the Research Lab at
Information Technology of Azerbaijan National Academy of Institute of Information Technology, Azerbaijan National
Sciences (ANAS) and academician-secretary of ANAS. He is Academy of Sciences. She received the M.Sc. degree in 2011
full member of ANAS and full professor. He received BSc in Applied Mathematics at Azerbaijan State Oil Academy
and MSc in electronic computing machines from the and Ph.D. degree in 2015 in Computer Science at Institute
Azerbaijan Technical University in 1979. He received his of Information Technology, Azerbaijan.S he has over 20
PhD and Doctor of Science (higher degree after PhD) in papers published in international journals and conferences.
Computer Science in 1995 and 2003, respectively. His re-
search interests include: Information Security, E-govern-
ment, Data Mining, Big Data, Online Social Network
Analysis, Cloud Computing, Evolutionary and Swarm
Computation, and Scientometrics. He is author more than
580 papers, 4 monographs, 4 patents, several books.
223