Abstract

The modernization of Industrial Control Systems (ICS), primarily targeting increased efficiency and controllability through integration of Information Technologies (IT), introduced the unwanted side effect of extending the ICS cyber-security threat landscape. ICS are facing new security challenges and are exposed to the same vulnerabilities that plague IT, as demonstrated by the increasing number of incidents targeting ICS. Due to the criticality and unique nature of these systems, it is important to devise novel defense mechanisms that incorporate knowledge of the underlying physical model, and can detect attacks in early phases. To this end, we study a benchmark chemical process, and enumerate the various categories of attack vectors and their practical applicability on hardware controllers in a Hardware-In-The-Loop testbed. Leveraging the observed implications of the categorized attacks on the process, as well as the profile of typical disturbances, we follow a data-driven approach to detect anomalies that are early indicators of malicious activity.