CSL/ADSC researchers on team working to bolster critical system defense
It is fairly common knowledge that technology people use daily such as cell phones, laptops, and tablets, could be susceptible to a cyberattack. A lesser known threat is that the power grid, water treatment plants, and other daily-use systems, are also susceptible. This is why the University of Illinois at Urbana-Champaign Coordinated Science Lab’s (CSL) Zbigniew Kalbarczyk and Binbin Chen of the Advanced Digital Sciences Center (ADSC) are working on a project to bolster the defense of such critical systems as part of their new project “Towards Practical Attestation Solutions for Countering Advanced Attacks to Industrial Control Systems.”
“These systems (Industrial Control Systems, or ICS) use a lot of software to implement controls, so they have increasingly been the target of malware-based attacks,” said Chen, ADSC principal research scientist, who is also an associate professor at the Singapore University of Technology and Design (SUTD). “This project is focused on software integrity of large systems. They are important to protect because the attackers can cause a lot of damages, inconvenience or even safety risks to our people.”
As systems, like those used in power grids or water treatment plants, are upgraded, many are integrated into a network to improve the use and efficiency of the process, they are now hooked up to a cyber physical system. If malicious users attack software, they can manipulate it, or inject malicious logic into it. This could result in the software doing something it’s not supposed to, or not doing something it is supposed to. This creates large security issues for all users within the system.
One of the first elements of the project, which is a collaboration between SUTD, Singapore Management University (SMU), ADSC, and CSL, is to develop a way to make sure the system hasn’t been attacked. This verification would involve checking to detect changes in the software’s image or behavior. There are some solutions currently available that can perform this verification process with a single device, but rarely are they able to scale up to the size of a power grid.
“Even when smartphones boot up there is a mechanism to check whether the software you’re trying to run is the right one,” said Kalbarczyk, a research professor in electrical and computer engineering at Illinois. “The key software on your phone can identify it is original to make sure nobody touched it since the manufacturer loaded the software. We want to do this for ICS software throughout the lifetime of the devices.”
While this work can be used in a number of ICS applications, Kalbarczyk and Chen focused on the power grid system, so they would be able to test their research at the Singapore University of Technology and Design’s power grid testbed, before implementing it at an operational cyber physical system, such as a subway line, or gas and oil delivery. While there is no general solution that will fit all the domains this research could cover, Kalbarczyk believes their work is a step in the right direction.
“What I like about this project is whatever we do will be improvement, and will be something new,” said Kalbarczyk. “It will require thinking about what is and is not practical and require demonstrating our project. It will be small scale but I think we can do something.”
This research is funded by the National Research Foundation (NRF) – Singapore, under its National Satellite of Excellence Design Science and Technology for Secure Critical Infrastructure (NSoE DeST-SCI) grant.