Kindle

Read Online 2.4 MB Download

What is a cyber-physical attack? A cyber-physical attack is one in which a wholly digital attack against Cyber-Physical Systems (CPS) caused physical destruction of equipment. A cyber-physical attack is different from an enterprise network attack designed to steal money, exfiltrate information, or hold a computer hostage for ransom. Those attacks are fairly simple and can be carried out by a cyber-criminal, or even a garden variety cracker. Designing an attack scenario to exploit a particular physical process requires a solid engineering background and in-depth destructive knowledge of the target SCADA system (Cyber-Physical Attack Engineering), but a cracker doesn’t need an engineering background to figure out how to turn equipment off. Basically, it's the weaponization of the Internet. A typical Industrial Controls System contains multiple control loops and sometimes the control loops are nested and/or cascading, so the set point for one loop is based on the process variable output from another loop. Supervisory control loops and lower-level loops operate continuously over the duration of a process with cycle times of milliseconds. Interrupting one process can have a ripple effect through the factory. So, what is the big deal? On December 3 1984, in Bhopal, India there was an industrial accident at a pesticide plant that immediately killed at least 3,800 people and caused significant morbidity and premature death for many thousands more. That was only one incident with a release of only 40 tons of methyl isocyanate gas. Of course, this was an accident and not a cyber-physical attack, but it should give you an idea what could happen in a worst-case scenario.