Industrial Control Systems

April 5, 2020

Industrial Control Systems (ICS) are used to manage the internal operations of facilities by allowing communication with physical devices. They are used in automated plants, factories, and many other types of facilities. Places using ICS allow operators to control, command and monitor whatever is going on. For example, in a gas facility, they allow operators to control valve pressure and receive alerts if something is not working correctly.

As facilities become more connected and automated, they become more productive. At the same time, they are exposed to new risks – including cybersecurity attacks – because they are operated (and can be reached) remotely. That makes these systems very tempting for cyber-attackers. The intentions of cyber attackers are not always clear, but usually they seek to: (1) block or delay the flow of information; (2) introduce unauthorized changes to instructions, commands, or alarm thresholds; (3) send inaccurate information regarding system operations; (4) modify ICS software and configuration settings; (5) interfere with the operation of equipment protection systems; and (6) interfere with the operation of safety systems.

MITRE Corporation has produced a matrix (ATT&CK for ICS Matrix) that categorizes eleven techniques attackers are using to attack ICS. These are: Initial (network or system infiltration), Execution (executing code in the infected machines), Persistence (holding on after being detected or after strict measures are set in place to wipe the infection from the system), Evasion (trying to avoid being detected), Discovery (scan the ICS to have better knowledge of its vulnerabilities), Lateral Movement (internally moving through the systems and network), Collection (gathering more intel about the networks' or systems' attributes), Command and Control (communicating to physical ports and sending instructions to devices inside the ICS), Inhibit Response Function (disabling devices and/or interrupting communication to physical elements), Impair Process Control (meddling with devices' responses, procedures and information), and Impact (direct attacks that can damage property or make operators lose control). Public agencies need to increase their awareness of the kinds of attacks on Industrial Control Systems that could affect the operation of critical urban infrastructure.

MIT Cybersecurity Clinic

The new MIT Cybersecurity Clinic (11.274 and 11.074) will be offered in both the fall and spring semester at MIT.

The Cybersecurity Clinic will consist of four-modules : Cybersecurity for Critical Urban Infrastructure: Understanding the Problem; How the MIT Cybersecurity Clinic Makes Initial Contact with potential Client Agencies; Onsite Assessment of Cybersecurity Vulnerability by MIT Clinic Staff; and Prepare and Submit a Final Cybersecurity Vulnerability Assessment to a Client Agency. MIT students who want to take on field assignments with the Cybersecurity Clinic (for academic credit) must pass the certification examination offered at the end of the fourth module.

Students who have achieved certification, will work in teams supervised by advanced doctoral and post-doctoral students during the last nine weeks of the spring semester to collaborate with an assigned client agency to prepare a Cyberattack Vulnerability Assessment for a client agency.

Social Cyberdefense of Critical Urban Infrastructure

MIT Cybersecurity Clinic

Who We ARe

Resources

About this Blog

Recent Blogs