Until now, electronic communication was considered a single avenue for delivering attack payload. However, when it comes to cyber-physical systems, this assumption does not hold true. When field devices (sensors, valves, pumps, etc.) are inserted into the process, they become related to each other by the physics of the process. Physical process is a communication media for equipment and can be leveraged for delivering malicious payload even if the devices are segregated electronically. Sensors, valves, safety systems on an isolated network, analog equipment are all vulnerable to this attack vector.
In proposed scenario, an analog pump is damaged by a targeted manipulation of the upstream valve positioner, evoking cavitation process. The final attack payload is delivered to the pump in form of cavitation bubbles over the liquid flow. We will show the damage scenario "in action" with a physical demo on stage. To make things complicated for the defender, we will forger the valve positioner sensor signal to hide the attack from the operator and to confuse operator about true cause of process upset.
The second part of the talk will deal with the detection of this attack. After all, it is bad form to introduce a problem without having remedy. Forged sensor signals cannot be detected with any traditional IT security methods. The detection has to take form of process data plausibility and consistency checks. By monitoring health of pump we will be able to figure out the ongoing detrimental state of the process and accurately determine the ongoing cavitation process and its likely cause – all with a live demo on stage.
By the end of this talk the audience will recognize that security and safety zoning should expand all the way into the physical process (to consider interaction of equipment via the physical process).