Using a system-theoretic approach to identify cyber- vulnerabilities and mitigations in industrial control systems
Thesis: S.M. in Engineering and Management, Massachusetts Institute of Technology, System Design and Management Program, 2019
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Thesis |
| Language: | eng |
| Published: |
Massachusetts Institute of Technology
2019
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/1721.1/122437 |
| _version_ | 1826216041326313472 |
|---|---|
| author | Khan, Shaharyar,S.M.Massachusetts Institute of Technology. |
| author2 | Stuart Madnick and Allen Moulton. |
| author_facet | Stuart Madnick and Allen Moulton. Khan, Shaharyar,S.M.Massachusetts Institute of Technology. |
| author_sort | Khan, Shaharyar,S.M.Massachusetts Institute of Technology. |
| collection | MIT |
| description | Thesis: S.M. in Engineering and Management, Massachusetts Institute of Technology, System Design and Management Program, 2019 |
| first_indexed | 2024-09-23T16:41:22Z |
| format | Thesis |
| id | mit-1721.1/122437 |
| institution | Massachusetts Institute of Technology |
| language | eng |
| last_indexed | 2024-09-23T16:41:22Z |
| publishDate | 2019 |
| publisher | Massachusetts Institute of Technology |
| record_format | dspace |
| spelling | mit-1721.1/1224372019-10-05T03:00:48Z Using a system-theoretic approach to identify cyber- vulnerabilities and mitigations in industrial control systems Khan, Shaharyar,S.M.Massachusetts Institute of Technology. Stuart Madnick and Allen Moulton. Massachusetts Institute of Technology. Engineering and Management Program. System Design and Management Program. Massachusetts Institute of Technology. Engineering and Management Program System Design and Management Program Engineering and Management Program. System Design and Management Program. Thesis: S.M. in Engineering and Management, Massachusetts Institute of Technology, System Design and Management Program, 2019 Cataloged from PDF version of thesis. Includes bibliographical references (pages 123-128). Recent cyber-physical attacks, such as Stuxnet, Triton etc., have invoked an ominous realization about the lethality of such attacks and the vulnerability of critical infrastructure, including power, gas and water distribution control systems. The traditional industrial practice to enhance security posture by utilizing IT security-biased protection methods narrowly focuses on improving cyber hygiene and individual component protection. Albeit essential and a good countermeasure against indiscriminate, non-targeted attacks, the reality of modern industrial control systems is that they are highly complex, interdependent and software-intensive sociotechnical systems. This makes traditional methods of defense largely impotent in the face of targeted attacks by advanced cyber-adversaries - as was demonstrated by Stuxnet. A new realization is aggressively permeating through the industry about the need to use a holistic approach that integrates safety and security considerations to rethink, reengineer and redesign these complex control systems. System-Theoretic Accident Model & Processes (STAMP) offers a powerful, holistic, structured framework to analyze safety and security of complex cyber-physical systems in an integrated fashion. The electric grid is universally acknowledged as the holy grail of a target for an advanced cyberadversary. In light of this, this work demonstrates the use of a STAMP-based analysis method on the electric generation and distribution system of the MIT central utilities plant. The analysis is presented in a robust and structured format which can be emulated to analyze larger systems. Several hazardous control actions such as out-of-sync breaker closure, generator overfluxing, turbine overspeed etc., are identified which could be exploited to cause permanent physical damage to the plant. While traditional counter-measures exist, it is argued that they need to be rethought in the face of potential cyber-attacks by advanced adversaries. Finally, several new functional requirements are presented which do not only span individual technical components but also the broader socio-organizational system. by Shaharyar Khan. S.M. in Engineering and Management S.M.inEngineeringandManagement Massachusetts Institute of Technology, System Design and Management Program 2019-10-04T21:34:37Z 2019-10-04T21:34:37Z 2019 2019 Thesis https://hdl.handle.net/1721.1/122437 1120724236 eng MIT theses are protected by copyright. They may be viewed, downloaded, or printed from this source but further reproduction or distribution in any format is prohibited without written permission. http://dspace.mit.edu/handle/1721.1/7582 129 pages application/pdf Massachusetts Institute of Technology |
| spellingShingle | Engineering and Management Program. System Design and Management Program. Khan, Shaharyar,S.M.Massachusetts Institute of Technology. Using a system-theoretic approach to identify cyber- vulnerabilities and mitigations in industrial control systems |
| title | Using a system-theoretic approach to identify cyber- vulnerabilities and mitigations in industrial control systems |
| title_full | Using a system-theoretic approach to identify cyber- vulnerabilities and mitigations in industrial control systems |
| title_fullStr | Using a system-theoretic approach to identify cyber- vulnerabilities and mitigations in industrial control systems |
| title_full_unstemmed | Using a system-theoretic approach to identify cyber- vulnerabilities and mitigations in industrial control systems |
| title_short | Using a system-theoretic approach to identify cyber- vulnerabilities and mitigations in industrial control systems |
| title_sort | using a system theoretic approach to identify cyber vulnerabilities and mitigations in industrial control systems |
| topic | Engineering and Management Program. System Design and Management Program. |
| url | https://hdl.handle.net/1721.1/122437 |
| work_keys_str_mv | AT khanshaharyarsmmassachusettsinstituteoftechnology usingasystemtheoreticapproachtoidentifycybervulnerabilitiesandmitigationsinindustrialcontrolsystems |