Distinguishing Attacks and Failures in Industrial Control Systems: Knowledge-based Design of Bayesian Networks for Water Management Infrastructures

Research output: ThesisDissertation (TU Delft)

Abstract

Water management infrastructures such as floodgates are critical and increasingly operated by Industrial Control Systems (ICS). These systems are becoming more connected to the internet, either directly or through the corporate networks. This makes them vulnerable to cyber-attacks. Abnormal behaviour in floodgates operated by ICS could be caused by both (intentional) attacks and (accidental) technical failures. When operators notice abnormal behaviour, they should be able to distinguish between those two causes to take appropriate measures, because for example replacing a sensor in case of intentional incorrect sensor measurements would be ineffective and would not block corresponding the attack vector.

In this thesis, we developed the attack-failure distinguisher framework for constructing Bayesian Network (BN) models which enable operators to distinguish between those two causes, including the knowledge elicitation method to construct the directed acyclic graph and conditional probability tables of BN models.

As a full case study of the attack-failure distinguisher framework, we constructed a BN model to distinguish between attacks and technical failures for the problem of incorrect sensor measurements in floodgates, addressing the problem of floodgate operators. We utilised experts who associate themselves with the safety and/or security community to construct the BN model and validate the qualitative part of constructed BN model. The constructed BN model is usable in water management infrastructures to distinguish between attacks and technical failures in case of incorrect sensor measurements. This could help to decide on appropriate response strategies and avoid further complications in case of incorrect sensor measurements.
Original languageEnglish
QualificationDoctor of Philosophy
Awarding Institution
  • Delft University of Technology
Supervisors/Advisors
  • van Gelder, P.H.A.J.M., Supervisor
  • Pieters, W., Supervisor
  • Herdeiro Teixeira, A.M., Advisor
Thesis sponsors
Award date15 Dec 2020
Print ISBNs978-94-6384-178-8
DOIs
Publication statusPublished - 2020

Keywords

  • Bayesian network
  • Cyber security
  • Intentional attack
  • Knowledge elicitation
  • Risk assessment
  • Safety
  • Technical failure
  • Water management

Fingerprint Dive into the research topics of 'Distinguishing Attacks and Failures in Industrial Control Systems: Knowledge-based Design of Bayesian Networks for Water Management Infrastructures'. Together they form a unique fingerprint.

Cite this