ABSTRACT
Industrial Control Systems (ICS) control critical industrial processes. For example, there are ICS networks that control electricity, water distribution, food, and pharmaceutical and beverage production. Historically, ICS networks were safe from network attacks because they were not interconnected to business Information Technology (IT) networks and the Internet. However, with the passage of time, ICS were interconnected to business networks. Because traditional IT networks are built on the TCP/IP suite, ICS became susceptible to network attacks that already existed in TCP/IP networks and to ICS specific attacks.
Successful attacks in ICS networks may compromise the ICS infrastructure, system configurations and components. ICS security standards and frameworks were drafted and approved by different organisations for use in the implementation of ICS security. ICS can be secured using these standards or any other means as recommended by ICS security experts. Even though ICS are secured using these recommended methods, they are still being successfully attacked by Advanced Persistent Threats (APTs). APTs are targeted attacks which are successful because they do not attack any system that they might be in but become active in only those systems they were designed for. APTs have the ability to circumvent available security control and regular intrusion detection systems, and in addition, antiviruses are not able to detect APTs.
There is no known technique available to identify APTs that attack ICS because APTs are discovered after they have been in the system for some time and usually only after they have executed their payload. Subsequently, this means that present ICS security implementations are not capable of defending ICS when they are attacked by APTs.
By design, ICS security systems should be capable of defending ICS components from any attacks. They are likened to the biological immune system which is responsible for detecting and protecting the biological body from harmful microorganisms. The biological immune system’s most crucial function is that of preventing infections and eradicating already established infections. The biological immune system can identify unknown and harmful pathogens and eliminate them by continuously evolving in anticipation of new pathogens.
Thus, the research endeavoured to design a bio-immunology inspired security model to harden existing ICS defence from APTs, with the aim that the new ICS security system will constantly evolve in anticipation of new attack scenarios.
Design science research, which is a mixed method approach, was used because it is a problem solving paradigm. To find out how, where and why APTs attack ICS, systematic analysis of literature on APTs was used. Systematic analysis of literature on current ICS defence mechanisms was used to inform the theories, frameworks, instruments, models, methods and weaknesses of current ICS defence mechanisms. Finally, systematic analysis of biological immune systems and artificial immune systems was used to find out how the biological immune system defends the body from pathogens and to find out about the theories, models, methods and weaknesses of current artificial immune systems.
It was discovered that the biological immune system properties such as the fact that it is environmentally self-aware, distributed, intelligent, capable to do message transfers and that it is resilient, enable it to identify unknown but harmful pathogens and to eliminate them. Armed with these properties, it was possible in this research to design a bio-immunology inspired ICS security model. Even though all the identified properties were used to design the bio-immunology inspired security, it was established that collaboration, defence-in-depth and decentralisation properties were already established security parameters in ICS security. Thus, only the property of environmental self-awareness and its enhancement to resilience were tested within the model.
A Model Predictive Controller (MPC) was used as a device that can showcase environmental self-awareness by using prediction intelligence in an ICS depicted by a continuously stirred tank reactor simulation experiment using MATLAB. Demonstration and evaluation of the bio-immunology inspired security model results show that the MPC controlled process does detect APTs effects and can stop APTs from affecting the process when the attack happens before the process starts. MPC is not able to stop attacks after the process has started, but is able to return the process to a steady state in a short time. Therefore, it was inferred to mean that if few biological immune system properties are used in a security system like in the case of this experiment, then APT will be able to attack ICS but if defence-in-depth strategies are used, then better results are expected.
Flores, A. & Chitauro, M (2021). A Bio-Immunology Inspired Security Model to Defend Industrial Control Systems from Advanced Persistent Threats. Afribary. Retrieved from https://track.afribary.com/works/a-bio-immunology-inspired-security-model-to-defend-industrial-control-systems-from-advanced-persistent-threats
Flores, Alyssa, and Mercy Chitauro "A Bio-Immunology Inspired Security Model to Defend Industrial Control Systems from Advanced Persistent Threats" Afribary. Afribary, 09 May. 2021, https://track.afribary.com/works/a-bio-immunology-inspired-security-model-to-defend-industrial-control-systems-from-advanced-persistent-threats. Accessed 23 Nov. 2024.
Flores, Alyssa, and Mercy Chitauro . "A Bio-Immunology Inspired Security Model to Defend Industrial Control Systems from Advanced Persistent Threats". Afribary, Afribary, 09 May. 2021. Web. 23 Nov. 2024. < https://track.afribary.com/works/a-bio-immunology-inspired-security-model-to-defend-industrial-control-systems-from-advanced-persistent-threats >.
Flores, Alyssa and Chitauro, Mercy . "A Bio-Immunology Inspired Security Model to Defend Industrial Control Systems from Advanced Persistent Threats" Afribary (2021). Accessed November 23, 2024. https://track.afribary.com/works/a-bio-immunology-inspired-security-model-to-defend-industrial-control-systems-from-advanced-persistent-threats