Available Technologies

Technology

Industrial control systems (ICSs) manage critical infrastructure through a network of systematic, real-time, cyber-physical processes controlled by Programmable Logic Controllers (PLCs). These systems are vulnerable to cyberattacks, and a major concern for cybersecurity researchers are “zero-day attacks.” In a zero-day attack, the vulnerability that the attacker exploited is unknown to cybersecurity engineers. Therefore, methods to defeat any given zero-day attack do not exist, which makes it necessary to understand how to detect and defend against them.

Researchers at UAH have developed a technology in the form of an intrusion prevention system (IPS) within the PLC, which can defend against zero-day attacks by capitalizing on the unique traits of ICSs. When a packet containing commands and programs is delivered to a controller of the system, this technology will examine the packet before it is run. Then, it will run a simulation to estimate the outcome that the packet will have on the physical processes of the controller. The outcome of that simulation will allow the IPS to determine if the packet contains a malicious command or program. The unique placement of the IPS within the PLC was chosen so that the IPS would be at the inner-most layer of defense relative to the PLC, and this placement is one of many key features that distinguishes this technology from other works.

Previously, these cyberattack techniques had been successful due to their ability to appear as a legitimate command. This technology is successful when dealing with these sorts of attacks that are designed to look like valid commands, and it is also an efficient and comprehensive method to defend against zero-day attacks. In addition, its low latency means that it does not adversely impact the cyber-physical system that the controller regulates. The implementation of this technology in industrial control systems will secure them from attacks that had previously been nearly impossible to prevent.