Security Monitoring for Industrial Control Systems

An Industrial Control System (ICS) is a system of physical entities whose functioning heavily relies on information and communication technology components and infrastructures. ICS are ubiquitous and can be found in a number of safety-critical areas including energy, chemical processes, health-care, aerospace, manufacturing, and transportation. While originally isolated and inherently secure, ICS are recently becoming more and more exposed to cyber attacks (e.g. Stuxnet). Many existing ICS do not feature cyber security protection, with liability issues and high costs in case of incidents. Since existing ICS are normally based on components and protocols that cannot be modified nor updated, redesign is usually not feasible. In this paper we propose a monitoring framework for the run-time verification of ICS. The framework is based on a formal language that supports the precise specification of high-level safety requirements as well as of the relevant threat model, and on a passive monitoring technique that detects and notifies if the system state is close to a critical state.