Introduction

In the last chapter, we explored how to determine a cyber-attacker's optimal strategy for attacking a computer system based on malware and exploits available on the darkweb. In this chapter, we look at the case where the attacker is focused on industrial control systems (ICS): IT infrastructure that controls physical systems (electricity, water, industrial machinery, etc.). A critical feature of these complex ICS systems is the interdependencies among various components.

However, despite the prevalence of markets for malware and exploits, and their potential threat to ICS, existing paradigms, including the framework presented in the previous chapter, do not account for the complex nature of ICS systems consisting of multiple interconnected components. In particular, it would prove useful to simulate a cyber-attack on a model of an existing system, to assess its degree of vulnerability. Such a model would also prove useful for automated cybersecurity systems that can learn defense and contingency strategies based on the model's simulations. This chapter takes the first steps toward addressing this need. In particular, we introduce a framework that allows for modeling of ICS systems with highly interconnected components (Section 7.3) and study this model through the lens of lattice theory [57]. We then turn our attention to the problem of determining the optimal/most dangerous strategy for a cyber-adversary with respect to this model and find it to be an NPComplete problem (Section 7.4). Next, we present a suite of algorithms for this problem based on A* search and introduce provably correct algorithms (Section 7.5). Our intuition is that these algorithms will obtain satisfactory performance in practice due to heuristic functions (for which we show admissibility). We demonstrate the performance of these algorithms by implementing them and performing a suite of experiments using both simulated and actual vulnerability data (Section 7.6). This chapter also includes some background on ICS (Section 7.2) and a brief overview of related work (Section 7.7).

Background

Contemporary cyber threat actors rely on a variety of malware and exploits purchased through various channels such as the darkweb [99] in order to carry out their attacks. The trend toward automation of industrial control systems (ICS) and toward “smart” utilities [50] has made understanding such adversarialbehavior directed against ICS a priority. For instance, code from the infamous Stuxnet [97] attack against Iranian nuclear facilities is available for public download.