Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Consider the consequences: Understanding and limiting physical impacts caused by an ICS cyberattack
Cyber Security: A Peer-Reviewed Journal,
4
(1),
14-28
(2020)
Abstract
Industrial control systems have significantly improved the quality of life for most of the world’s population by controlling manufacturing processes that produce high-quality products at lower costs. Many products would be impossible to manufacture without the speed and accuracy provided by these computerised marvels. They are also crucial in transporting people (airlines, trains, public transport) and information (voice and data), as well as supporting essential utilities such as electricity, gas, water and sewage. Computerised control systems have also improved operating safety, resulting in fewer injuries, deaths, environmental impacts and equipment damage. Because of their potential to shut down critical infrastructure and cause physical damage, however, they have become high-value targets for cyberattacks. This paper explores the relationship between cyber exploit and physical impact and how engineers and IT specialists can use this understanding to build more robust control systems and processes. It also describes a recently patented controller architecture that prevents the malicious modification of control algorithms from a remote adversary.
Keywords: ICS cyber security; cyberattacks; physical impacts; risk analysis
The full article is available to subscribers to the journal.
Author's Biography
Richard Wyman was a senior control systems engineer at Idaho National Laboratory (INL) before semi-retiring and starting his own consulting firm, CS 7 Consulting. He continues to retain a close working relationship with the lab. During his tenure at INL, he supported the US Department of Homeland Security (DHS) Industrial Control Systems Cyber Emergency Response Team (now called Cybersecurity and Infrastructure Security Agency [CISA]) assessment and training programmes. As one of the original members of the assessment team, Richard has evaluated over 100 control systems. Before his INL career, he worked as a project manager and technical lead for a northern California water utility where he was responsible for the design and installation of a large distributed supervisory control and data acquisition (SCADA) system. In addition to his technical expertise, Richard has given presentations on controls and communications at several professional conferences and presented workshops on industrial communications, instrumentation and control systems in North America and Europe. He graduated with a bachelor’s degree from Brigham Young University and a master’s degree from University of Washington in mechanical engineering.
