Bridging the Air Gap: Possible Attack Vectors The Process Matters: Cyber Security in Industrial Control System
by Prof Yuval Elovici
Department of Information Systems Engineering,
Ben-Gurion University of the Negev
  by Dr Dina Hadžiosmanović
Engineering Systems and Services, Information and Communication Technology Section, TU Delft
 dina_v1
Abstract
Information is the most critical asset of modern organisations, and accordingly it is one of the resources most coveted by adversaries. When highly sensitive data is involved, an organisation may resort to air gap isolation in which there is no networking connection between the inner network and the external world. While infiltrating an air gapped network (installing a malware) has been proven feasible in recent years (e.g., Stuxnet), data infiltration/exfiltration to/from an air gapped network is still considered to be one of the most challenging phases of an advanced cyber-attack. Several unique method to bridge the air-gap without installing any additional hardware to a computer(s) that are connected to the air-gapped networks will be presented. Each method is based on the different communication medium: sound, light, heat emissions, radio frequencies.
Abstract
Industrial processes increasingly face the risk of remote attackers getting access to their internal networks and causing serious hazards. Unfortunately, existing cyber security measures, such as network intrusion detection systems, remain blind to sophisticated semantic attacks that do not manifest as deviations at the protocol level, but rather target the process behaviour itself. In this work we present a detector that continuously tracks updates to corresponding process variables to then derive variable-specific prediction models as the basis for assessing future activity. We evaluate the capabilities of our detection approach with traffic recorded at two operational water treatment plants serving a total of about one million people in two urban areas.
Speaker Bio
Yuval joined iTrust in Sep 2014 as Research Director. He is also the director of the Telekom Innovation Laboratories at Ben-Gurion University of the Negev (BGU), head of BGU Cyber Security Research Centre, and a Professor in the Dept of Information Systems Engineering at BGU.Yuval holds B.Sc. and M.Sc. degrees in Computer and Electrical Engineering from BGU and a Ph.D. in Information Systems from Tel-Aviv University. His primary research interests are computer and network security, cyber security, web intelligence, information warfare, social network analysis, and machine learning. Yuval also consults professionally in the area of cyber security and is the co-founder of Morphisec, a startup company that develops innovative cyber-security mechanisms that relate to moving target defence.
Speaker Bio
Dina is a postdoctoral researcher in the Cyber Security Chair of TU Delft, at TBM / Engineering Systems and Services – ICT Section, since September 2013. She is part of the TUD team for analysing different aspects of security in critical infrastructures like smart grids and flood barriers. In addition, Dina is closely involved in TREsPASS project, where she works on extracting and analysing various data sources from cloud and telecom infrastructure.Dina obtained her PhD in the Distributed & Embedded Security research group under the supervision of Prof Pieter Hartel and Dr. Damiano Bolzoni at the University of Twente. She received her dipl.ing university degree from the University of Sarajevo, Faculty of Electrical Engineering, on the Department of Computer Science and Informatics.