Protecting Building Automation Networks From Insider Attacks
Grant
Overview
Affiliation
View All
Overview
abstract
Infrastructure is now intimately interwoven with communication networks for effective operation. Infrastructures such as process control, power, water and buildings are now controlled by different control and command networks (SCADA networks) that employ protocols such as Modbus, DNP3 and bacnet. As the penetration of these communication protocols increases in controlling larger share of the infrastructure, it has become imperative to secure these communication networks from attacks. Vulnerabilities in these protocols can leave critical infrastructures susceptible to attack. This proposal will try to address this critical need in improving the security of the infrastructure communication networks. With all the development projects that Qatar is planning to achieve its 2030 vision, Qatar's infrastructure networks have been growing at a very rapid rate. Infrastructure security is of paramount importance to Qatar, especially within the oil and gas process control facilities. The PIs have been working with a large network to understand the security issues in the current protocols used in infrastructure networks. This proposal builds on this experience and addresses the identified vulnerabilities. The current networks suffer from the assumption that security belongs to the network domain, and not the protocol/architecture domain. Hence, current infrastructures are heavily dependent on the network deployment practices of end users. The current proposal plans to build enhancements to protocols and architectures such that the security can be improved without depending on the proven end user deployment practices. The proposal plans to address: (1)measure and characterize the infrastructure networks, (2) understand vulnerabilities in the infrastructure networks and develop solutions including effective anomaly detection techniques, (3) develop mechanisms to reflect physical systems impact on cyber operations to enable more effective security solutions, (4) develop middleboxes that enable cost-effective deployment of developed solutions and evaluate the solutions in lab and real settings. We will initially focus on bacnet and Modbus protocols that are widely used to control building automation (of cooling, air, compression and other equipment) and water infrastructures respectively. While we focus on these protocols, we plan to build general solutions that can be useful across multiple networks as augmented services. The proposal plans to: - Collect traces of these infrastructure networks to understand the communication patterns and to enable anomaly detection on such networks, - Build a formal framework for reflecting the impact of cyber operations on physical systems in such cyber-physical systems. - Effective deployment mechanisms through middleboxes that allow backward compatibility and flexibility. - Evaluate the developed solutions in realistic settings
