Cybersecurity management for distributed control system: systematic approach

Abstract

Distributed control systems are the backbone of modern industrial revolution. Its utilization ranges from industries like agriculture, automobiles, petrochemical and refineries to nuclear power plants. Inclusion of cyber capabilities to distributed control systems exposed it to security risk especially once used for critical infrastructure of a country. It is critical for distributed control systems to effectively manage its cybersecurity risks and attacks. In this research, a consolidated cybersecurity management approach is developed which is based on cyclic phases that addresses the risk, security, testing and trust factors of distributed control systems within cyber physical systems domain. This research also identified trust and reputation as two additional components to be included in managing distributed control systems’ cybersecurity. This method enhances the level of security required to safeguard distributed control systems.

Full text

Translate

Turn on search term navigation

Introduction

Distributed control systems (DCS) is digitalized automated industrial control systems in which autonomous controllers distributed throughout the systems that uses geographically distributed control loops. In recent industrial revolution, DCS become the backbone of the modern industrial era and is being utilized in industries like agriculture, nuclear power plants, petrochemical and refineries, automobiles, airplanes, water management, healthcare, smart grids etc. (Stouffer et al. 2011a; Pagani and Aiello 2012). DCS allows each section of a machine of its network to have its own dedicated controller that runs the operation while maintaining the characteristics like accuracy, sensitivity, stability, reliability, speed, noise reduction and communication bandwidth. DCS employ sensors and actuators, which run with specialized processes to form a cyber physical systems (CPS). Due to the linkage of DCS with cyber world and its utilization in critical infrastructure, it attracts the attention of cyber espionage (Ali et al. 2015, 2018). Current risk mitigation and cybersecurity strategies to deal with threats, the DCS exposed to is not meeting the objectives; therefore, it requires a distinctive approach towards cybersecurity.

This manuscript attempted to provide cybersecurity approach for the DCS through understanding its design, architecture, modeling and management perspectives. The following section presents the distributed control systems and reflecting cybersecurity issues and countermeasures. Later, it presents an approach for managing distributed control systems security followed by conclusion and future work.

Distributed control systems, cybersecurity and related work

Distributed control systems are process-oriented systems, composed of sub-systems limited in its size and geographical distribution (Ali et al. 2018; Alcaraz and Zeadally 2015). The basic architecture of the DCS is consists of four major components; controller controls the configuration of different devices and executes the control algorithms among those devices. Distributed controller receives instructions from the main controller and control field devices directly and mostly situated new field devices. Human machine interface (HMI) visualize plant parameters such as alarming indicators in graphical form. Whereas, communication channel through which the field devices and controllers can communicate. These can be wired, wireless or both. Table 1 presents the general overview of distributed control systems where number of scientific contributions are made towards enhancements of such systems.

Table 1. Control systems/distributed control systems/SCADA based systems: an overview

Control systems/distributed control systems/SCADA based systems
Bae et al. (2015)	Hybrid systems, model checking, multirate PALS (physically asynchronous but logically synchronous), real-time Maude
Zhong and Nof (2015)	Systematic collaborative response, four performance measures designed to compare different parametric settings. Smart water distribution network (WDN)
Mocci et al. (2015)	Control of loads based multi-agent systems for demand side integration (DSI) implementation
Alcaraz et al. (2016)	International electro-technical commission (IEC) 62351-8 standard recommend role based access control model for policy enforcement system
Alcaraz and Zeadally (2015)	Analysis and protection of industrial control systems against integration with legacy technologies
Davé et al. (2016); Lampesberger (2016); Mohsin and Janjua (2018)	Enabling cloud monitoring through integration of service oriented architecture (SOA) into cyber-physical manufacturing execution system
Qian et al. (2015)	Automatic line based CPS technology for hybrid numerical control (NC) system
Bolognani et al. (2015)	Proposed feedback strategy for optimal reactive power flow in smart grid
Zhu and Basar (2015)	Work on hybrid game-theoretic framework
Colombo et al. (2014)	Work on monitoring and controlling industrial applications specifically on programmable logic controllers (PLC), supervisory control and data acquisition (SCADA) and DCS systems
Karnouskos et al. (2014a)	Work on complex functionalities of industrial processes depends on SCADA and DCS based systems
Karnouskos et al. (2014b)	Proposed procedure for migrating SCADA/DCS to cloud
Harrison et al. (2014)	Work on ISA-95 (international standard for the integration of enterprise and control systems) integration for SOA based SCADA solutions. They also worked on experimental approach on next generation SCADA/DCS systems.
Zhang et al. (2015)	Proposed and developed controller verification method for detecting unstable learning behaviors as a result of unanticipated physical faults and ambiguous software and unanticipated physical faults
Yu et al. (2010)	Proposed distributed computational and logical foundation for declarative control of networked cyber physical systems (NCPS)
Stouffer et al. (2011b)	Guide for configurations of industrial control systems and other control system like PLCs
Giordano et al. (2014)	Proposed real time distributed, decentralized approach to control an urban drainage network
Zhang and Chow (2012)	Exploratory study on the use of consensus algorithms embedded in generation units to minimize the operational costs in the power system
Loos et al. (2011)	Proposed distributed car control system
Boyer and McQueen (2007)	Worked on the proposal for distributed control systems’ security metrics used in chemical processing plant
Ralston et al. (2007)	Exploratory study on cybersecurity of the SCADA and DCS networks implemented in critical infrastructures
Li et al. (2015)	Proposed protocols utilizing event based communication and slot stealing for efficient real-time emergency communication
Zhu et al. (2013)	Establishment of a framework for illustrating interactions between cyber and physical components within CPS and their interdependencies among multiple CPS. They also investigate resilient control design for multi-agent CPS
Mangharam and Pajic (2013)	Time critical closed loop wireless networks control systems and their challenges
C´ardenas et al. (2009)	Analyzed CPS secure control system
Li et al. (2014)	Work on controlling systems dynamics through scheduling algorithms for data traffic in CPS
Morris et al. (2011)	Developed testbed for industrial control systems’ discovering vulnerabilities and solution research
Wasicek et al. (2014)	Worked on design contracts, agreements, functionalities, negotiations etc. among control and embedded software engineering teams
Kim and Kumar (2012)	Exploratory study on technologies developed for early generations of control systems
Teixeira et al. (2012)	Presents analysis of network control systems security
Posadas et al. (2008)	Work on a modular and general hybrid architecture, especially mobile robot control systems
Bradley and Atkins (2015)	Research on cyber and physical control strategies to develop new models and abstractions to couple interaction for CPS demands creative approaches

These systems coordinate among themselves to perform defined tasks in order to achieve collective outcomes (Ge et al. 2015). The distributed control systems are composed of different components, layers and specifications. Central computer and control room responsible for invigilating activities belong to operational layer. Data management and activity action logs are stored in various linked servers and report to master controller. The supervisory control and data acquisition (SCADA) and programmable logic controllers (PLCs) used to manage concerned devices motions. These systems exchange their information through sensors and actuators. DCS implementation ranges from critical infrastructure such as power and energy to large-scale industrial application like healthcare, defense and finance (Sandberg et al. 2015; Derbal 2009). Communication, control, computation and security are considered as main challenges to DCS while maintaining a balance between other services (Ilic et al. 2010).

Cybersecurity is the growing concern for DCS and considered as the most vital issue (Knapp and Langill 2014; Sandberg et al. 2015), its security breach could cause catastrophic effects including financial, information loss and physical harms through causing disruption in systems operations. After the introduction of internet to DCS to achieve remote access, efficiency and ubiquity, DCS becomes the realm of CPS.

Cybersecurity is a rising concern for DCS and its main objective is to protect its assets including human, data, systems, organization and/or country from its known and unknown vulnerabilities, threats and advisories (Jagadamba et al. 2014; Felderer et al. 2014; Ansari and Janghel 2013; House 2014); and its main objectives includes confidentiality, integrity, availability, authenticity and validation (Kriaa et al. 2015).

The integrity is the trust of truthfulness on the resources in the systems, which guarantee that performed operations are carried out by the intended user. Thus, it is important for DCS to maintain its data integrity for smooth functioning and will be maintain at hardware level (Rauter 2016). This will be difficult for attacker to manipulate data, but has the ability to eavesdrop the communication channel between sub systems of DCS; therefore, it is also mandatory to maintain the confidentiality of control traffic communication.

It is very critical for DCS to deliver its services uninterrupted. Unavailability of any service for any amount of time could be disastrous. An attacker exploit this sensitivity of being available through occupying system resources, requesting useless activities to delay system critical processes (Pappas et al. 2008; Solomon and Chapple 2009). It is important for DCS to ensure complete security of the systems and achieve sense of availability, authenticity, validation for data and transactions (Hieb et al. 2007b; Sinopoli et al. 2003), while maintaining trust and reputation among components of DCS infrastructure.

Based on the known objectives of DCS, it is expose to number of cyber-attacks; Table 2 depicts the DCS related cyber-attacks of great importance. Cyber-attacks are carried out through DCS communication channel and exploiting remote terminal unit (RTU) authorization.

After knowing the types of the cyber-attacks it is important to identify the threats resources of cyber-attack and security vulnerabilities on DCS (Doddi 2018). There can be both external and internal threats for the cyber-attack on DCS. It is necessary to deal with both types of threats. External threats include hackers, competitor organizations etc. Internal threats can be incorrect behaviors, angry employees, and technology used.

Table 2. Cyber-attacks on DCS based environments

Type of attack	Description
Denial of service (DoS) (Govindarasu et al. 2012; Habash et al. 2013)	Flooding the communication channels of a network through massive resources exhaustion, which make network being inaccessible
Eavesdropping (Ali et al. 2015)	Monitoring and obtaining sensitive information about the DCS environment for traffic analysis attack
Man-in-middle attack (Ali et al. 2015)	Outsider eavesdrop and control the communication channel between two sub systems of the DCS
Time synchronization attack (Aloul et al. 2012)	Manipulating the timing information of smart grid to affect event localization, phasor measurement units, and voltage stability monitoring
Routing attacks (Ali et al. 2015)	Attacking routing information of the target network infrastructure
Malwares (Harrison and Pagliery 2015)	Systems software, PLCs or protocols of the control systems’ vulnerabilities can be exploited through malicious software through replicating its payload for self-propagation
Network-based intrusion (Dacer et al. 2014; Ramachandruni and Poornachandran 2015)	Attack can be achieved through injecting malicious payload into the control system through exploiting the poorly configured/designed firewalls for both inbound and outbound rules for network traffic management
Structured query language (SQL) injection attack (Nabil et al. 2016)	Attacker injects the SQL queries into the control system to extract, insert or delete database of the control system. This attack can cause information loss of the organization
Cross-site scripting attack (Security 2007)	Attacker use third-party resources to run scripts into the control system which can extract cookies, key stroke data and even screenshots
Malware attack (Govil et al. 2017)	It is the most powerful cyber-attack which can do many things like infecting and deleting files, virus injection, collecting information, ads running, etc.

In recent years, there are number of cyber-attacks on the control systems which are exposed; one of the main cyber-attack was on the power company in Ukraine which resulted in power outage; others examples includes i.e. Aurora attack in 2007, Stuxnet worm attack, Shamoon attack and slammer worm attack (Botezatu 2016). The Texas City refinery explosion in 2005 caused due to safety failures and human error which led to a huge disaster in the American petroleum industry. This was started by a worker who entered wrong input in the system and the system sensors could not detected that fault and caused a big explosion; this is the example of internal attacks.

Security vulnerabilities

Control systems are defenseless to the external threats mainly due to using the commercial off the shelf (COTS) technology in which the industries buy the readymade control systems available for general public (Doddi 2018; Sorouri and Vyatkin 2018). Internal threats can occur due to mistaken activities where worker in the industry unintentionally run the set of programs in the live control system which causes production loss of half of the day just due to not communicating appropriately with the designer who actually designed that system.

The main vulnerabilities of the control systems are improper input validation, insufficient verification of data authenticity, deficient arrangements/methods, lack of depth designing defense, poor programming, inadequate remote access, inability to watch the improper movement in the control system, using unencrypted plain-text network communications protocols, etc. The threats can use many ways to enter in to control systems.

According to recent researches it is known that the demand of DCS is increased in recent years but the security concerns like recent cyber-attacks and malware targeting held back its demand.

DCS systems and current era

In recent years; the increase in cyber-attacks on the industrial control systems has bring implementation of defensive techniques to safeguard from the cyber-attacks. The techniques like strengthening the network and communication channels. Through strengthening the network, the internal threats cannot be measured and controlled. Previous work on DCS security is done by using the securing communication channel and by RTU authorization (Hieb et al. 2007a). Let’s discuss how these previous techniques were used for securing DCS in the following sub sections.

Digital signature authentication

Authentication of digital signature technique is used to secure the communication channel. The method uses distributed network protocol 3 (DNP3) channel for communication or exchanging information. This method includes authentication fragment (AF) to each message. The AF consists of encrypted hash digest of the message with the time-stamp which is used by the receiver to verify that time of receiving the message is not different from the pre specified time. In this method message is not itself encrypted to reduce the time of processing but the sender’s private key is encrypted. If the message is not delayed, then it means there is no altered message or information and the receiver can decrypt it safely.

Challenge-response authentication

This technique is also used for securing the communication channel for control system. In this technique one party shows a challenge in the form of question and the other party must give a valid response in the form of answer to be authenticated. The basic and simplest example to understand the challenge-response is password authentication in which the password is required from you as a challenge and the correct password is your valid response to be authenticated. This method’s mechanism consists of four stages i.e. one party sends random challenge to other, the other party gives response to first party, the challenger party checks the response’s validity then it will proceed to process otherwise it terminates the session or process, again an authenticator sends new challenges and repeat the process (Hieb et al. 2008).

RTU authorization model

Unlike communication channel; RTU has to suffer from both external and internal threats. RTU have five layers in its architecture i.e. protocol layer, software application layer, middleware layer, operating system kernel and hardware. Each layer is expose to threats like if it operates on insecure protocol it can be attacked easily, at software layer COTS components may affect the whole system. So it is necessary to plan authorization of the RTU to keep the control system secure. For that a security hardened RTU architecture is presented in which only one input output (IO) controller have access to input output ports and access control enforcement and security functions module is used to give access to RTU status and command points which made it harder to break (Hieb et al. 2007a).

DCS systems and technological enhancements

Currently; research and development work is going on to enhance the DCS security. From those recent developments; two approaches came out which can be helpful for the securing distributed control systems (Botezatu 2016).

Retrofitting

Retrofitting is the approach to add the additional components or parts to the system which is not installed or configured while manufacturing. This happened to measure different things in the control systems like how files are passed over critical network; does the whole system has secure architecture to deal all the operations like authentication, processes, interactions, RTU security etc., (Botezatu 2016).

Cyber by design

The second approach for avoiding cyber-attacks on DCS is cyber by design approach which ensures that operations from the very first day are secured. In this approach the security strategies are first planned and then selected and implemented by the architecture designers and then used as guidelines for developers to build the control system. This is the most adaptive approach now a day because in this approach the security is measured design level of the system and grows up as a secure and robust architecture system. This involves the phases of defining, planning, execution, reporting and monitoring (Botezatu 2016).

In addition to the above discussed approaches, number of other approaches has been developed and utilized to safeguard the DCS; which includes; use of intrusion detection system (IDS) to monitor the network and control system for dangerous activities and/or policy violations; implementation of virtual private networks (VPNs), installing demilitarized zone (DMZ); and firewalls on the network to avoid threats and attacks (Doddi 2018).

These discussed and highlighted approaches used for DCS security are used against external threats. For securing DCS from internal threats, it is important to address physical, personnel and environmental security. Physical security requirements involve controlling approach to restricted areas, sensors, cameras etc. Environment security consists of temperature maintenance, dust proof area, etc., and the most important is the personnel security requirements which involves the awareness, policies and procedures for the employees to be avoided from the internal and accidental threats (Doddi 2018).

Distributed control systems are widely used in the most critical industries where complex systems have to be installed. The market of the DCS grows up during recent years but at the same time their security issues affect its market. As DCS implementation is in critical industries than their security is also one of the main concerns. Previous few year's statistics show that there is an increase in the attacks on the DCS and those attacks cause a lot of financial and physical loss. From two decades there is continuous research on making the distributed control systems secure and prevent them from the cyber-attacks. Many approaches are being used from couple of recent years like using DNP3 communication channel and using security hardened RTUs. Future research will concentrate on using the retrofitting and cyber-by-design approaches which are most feasible than the previous techniques of securing the DCS. Efforts are also being done on reducing the RTU’s Kernel to embed security on it.

Hence from above study it is cleared that the main concern is the security of DCS. These systems have to be controlled and watched over by both external and internal threats so that they can perform their tasks easily.

Physical and cyber components of DCS are interconnected, which created interdependencies among their cybersecurity protection objectives. Primarily, cybersecurity is dependent on the weakest link i.e. human and its decision actions ability making over the system from within or outside the premises of DCS. Recent industrial revolution forced DCS environments to be link to the cyber world, which expose it to cyber threats and vulnerabilities (Knowles et al. 2015). These threats and vulnerabilities needs to be address through security measures and countermeasures. Numerous industry organizations, governments, standard making bodies, researchers and other stakeholders realize the importance of DCS and CPS security therefore; guidelines, standards and protocols developed in attempt to safeguard the DCS and CPS (Knowles et al. 2015). Department of Homeland Security, United Kingdom (UK) and Government of United States (Scarfone 2009; Stouffer et al. 2011b) developed guidelines to deal with cyber threats associated with distributed control systems. Brief list of researches working on DCS security and related areas, listed in Table 1.

For securing DCS, it was found out that SCADA systems are most vulnerable systems because of its feedback loops and unprotected channels (Teixeira et al. 2012). DCS risk assessment techniques to countermeasure the cyber-attacks includes are risk filtering and management (Haimes et al. 2002); inoperability of input output model (Liu and Xu 2013) and holographic modeling (Haimes 2015).

In the following section, phase based approach to manage DCS security is presented.

Managing cybersecurity for DCS: an approach

To provide and manage an effective security to the distributed control systems, a stepwise approach has been developed. The proposed approach consists of four process phases.

Phase 1: Risk management.
Phase 2: Security management.
Phase 3: Trust and reputation management.
Phase 4: Testing and evaluation.

Risk management

Risk management is executed by a cyclic process of risk assessment and risk mitigation. Risk assessment enables the user to identify the weaknesses in the system and take the concerned measure. The risk assessment also helps prioritize the mitigation process. The Federal Information Security Management Act (FISMA) risk framework is the procedure that is implemented for the risk assessment in the DCS (Stouffer et al. 2011a). This framework was approved by National Institute of Standards and Technology (NIST) for industrial control systems. The framework consists of nine step procedure to assess the security risks within the given system. We adopt this framework to develop a risk assessment procedure in the context of DCS. The risk assessment procedure with step-wise tasks is shown in Fig. 1.

Fig. 1 [Images not available. See PDF.]

Proposed risk assessment procedure [based on NIST (Stouffer et al. 2011a)]

System characterization
The first step for a risk assessment process is to define the system characteristics. In the context of DCS, based on the implantation of the system, its model must be defined. Within the system model, the system boundaries must be identified. All the components like the remote terminal units, computers, servers, programmable logic controllers, micro-controllers, sensors, routers and actuators at various levels must be placed in their respective levels. The boundaries need to be well define in terms of location, operating conditions and operating capabilities.
Threat identification
Studying the system model and the boundaries, the threats to the DCS must be identified and listed. Threats can be from the internal sources, electro-mechanical sources and the external sources. The threats like intrusion, denial of services, malware and other external attacks must be identified. The threats like the deliberate and unintentional human errors in the system must also be considered. The errors that may occur due to the malfunction and wear and tear of components constitute the technical issues. The threats can be categorizing into defined, credible, potential and minimal. Defined threats are the threats that have occurred in the past on the given DCS system, the credible threats are the threats that have occurred on other similar DCS in the past, the potential threats are the threats that have a possibility of being used in the future.
Vulnerability identification
Vulnerability identification will assist the designer to gain knowledge on the issues with the system that could benefit an attacker. The vulnerabilities in the communication protocol used in the DCS must be listed. Since the DCS is built using a distributed network of controllers, sensors and processors, each component is identified using their address and geographical location. Disclosure of this information to the adversaries is vulnerability. Extending the disclosure of location to a higher level may lead to the adversary to decipher the architecture of the complete DCS. This would make the DCS even more vulnerable to attacks.
Control analysis
Every system including the DCS implements some basic prevention and defensive for security. The security measures like the authorization, authentication, auditing, encryption methodology, access control and recovery strategies that are pre-built in the system must be defined and listed.
Likelihood determination
The likelihood of an attack is based on various factors. One of the factors is the attractiveness of the component and vulnerability to the attacker. In a DCS, the central computer is the most attractive to the adversary, since gaining control of the central computer will enable the attacker to gain access over the whole system. The least attractive would be the individual sensors or actuators at the lowest hierarchical level. The probability of successful attack depends on the attractiveness as well as the weaknesses to the component. A component with maximum protection will have low probability of successful attack, even if it turns out to be the most attractive component. Based on the probability and the attractiveness, a quantitative analysis must be conducted for every successful attack that may occur. For clear analysis the obtained values must be divided into categories such as almost certain, likely, even chance, unlikely and remote.
Impact analysis
The impact of an attack is to be analyzed mathematically to determine the consequences and the downtime of the system before it could recover. In the case of DCS, multiple sensors and actuators are installed to minimize the impact in case of lower level attack. Although, a successful attack on the field level or control level may have low impact on the overall system due to their redundancy, an attack on the higher level may lead to heavier damage and malfunction. Thus the impact depends on three factors as listed below.
- Likelihood of a successful attack by a given threat.
- The component under attack.
- The probability that the component under attack fails when attacked.

Based on these three factors, the impact matrix is to be built for respective component and threats (Abercrombie et al. 2013). The relationship is given below.

P [C_{i}] = \sum_{j = 1}^{h + 1} P (C_{i} |T_{j}) \times P (T_{j})

$P [C_{i}]$ : Probability that the Component $(C_{i})$ fails.

$P (E_{i} |T_{j})$ : Probability that Component $(C_{i})$ fails if Threat $(T_{i})$ is successful.

$P (T_{j})$ : Probability that Threat $(T_{i})$ is successful.

Based on the values obtained in the matrix, they can be categories into devastating impact, severe impact, noticeable impact and minor impact (Renfroe and Smith 2010).

Risk determination
The risk is determined by analyzing the impact matrix and the stake matrix. The impact matrix assists in studying the risks to each individual component in the DCS. The stake matrix provides the measure of the mean failure cost from the stakeholder’s point of view (Chen et al. 2015). Thus the risk will be determined based on the combined study of impact analysis and mean failure cost (MFC) analysis.
Control recommendations
It is important to address the defined concerned issues right after the successful completion of risk identification, quantification and categorization phase. DCS safety measures normally split into two kinds; control measures such as physical enclosure of objects, training and awareness to employees, knowledge management, standardization, integration of multiple technologies and monitoring of processes, communication and human whereas; security measures include intrusion detection systems, authentication, authorization, encryption, security policies, individual node security and software security.
Results documentation
All the results obtained during the entire process of risk assessment must be well documented to as to be used later for the next risk assessment procedure. It is important to define the method of documenting the data and the procedure of organizing the data. The risk assessment must be conducted periodically and compared to the earlier documents to determine the progress and the differences in risk scenarios.

Security management

The DCS is a combination of the cyberspace and the physical hardware. It requires both, cyber and physical security and protection. Since the DCS is very connected to the external world, the security can further be divided based on the internal and external threats. Figure 2 demonstrates a typical security scenario of a DCS. The risk analysis provides the holistic view of the risks involved in the given distributed control system.

Fig. 2 [Images not available. See PDF.]

Security issues in a distributed control system

The physical risks like tampering and damage must be dealt with protection and enclosure. The high stake components like the servers and computers must be protected in heavy security enclosures. The physical system must also be equipped with sensors, cameras and alert systems. Features such as locking the enclosures in case of a physical attack, biometric security and redundancy of systems must be implemented. The physical enclosures must be monitor to observe physical harms and attacks. The cyber-attacks are harder to detect and counter than the physical ones. Most of the times, the attack is unnoticeable physically, while incurring heavy damage in the cyber realm. The cyber-attack may be initiated internally or externally.

Internal threats

Internal threats arise mainly from the human presence within the distributed system. The attack on the system may be deliberate or unintentional. Unintentional attacks may rise from the loyal employees who unknowingly may bring malware or threats into the internal space of the system. This could be through the universal serial bus (USB) storage devices, the personal laptops, infected disks and the unchecked connection to internet. The employees may also fall into a trap while allowing friends into the security perimeter or leaving the secured area open for outsiders (Zhang et al. 2013; Doodi 2018). These issues must be tackled with the following techniques.

Security policies.
Workshops and awareness programs.
Security education for the employees.
Create a security culture.

The second kind of internal threat is the deliberate attack by the human within the system. Generally, these attacks are due to the reasons like dissatisfaction in the work environment, revenge, financial motives and political pressure. To tackle such issues, it is always recommended to conduct a background check of the employees who are being employed into the critical system. The promotion and privileges must be granted only after rigorous evaluation and verification that the employee is trustworthy and capable. The remuneration and benefits given to the employees must be within the satisfactory levels. This will make the employees be more loyal to the employers. Any hint of dissatisfaction, annoyance, suspicious behaviors, abnormal attitude and psychological concerns must be immediately reported and addressed. It should also be taken care that the employees are not motivated by the competitors to gain information or control over the rivals. The systems, organizations and employees needs to be disconnected from any external influence or interruptions. The hardware, software and operating systems installed within the system may also contribute to the internal threats. A device or the software manufactured by a third party provider may install extra components so as to leak the information to the unauthorized agent. It is thus recommended to obtain the kind of devices and software from multiple providers to avoid fraud. There also must be remote attestation and verification process, which makes sure that the devices and software are working as instructed.

External threats

The external threats are mainly from the rivals and adversaries who can gain benefits by causing damage into the system or discovering confidential information from the system. Numerous kinds of attacks, as discussed in previous section, has been designed by the attackers to execute their motives. A context aware security framework must be implemented for the distributed control systems. The framework must be aware of the factors like the geographical location, architectural location, situation, the user, time and system. It must be enhanced with an intrusion detection system to avoid the routing and denial of service attacks. The framework must also be capable of predicting attacks and isolating compromised nodes when attacked. This also leads to the requirement of redundant components which will assist the cause of availability even when components are attacked. It is also important for every component to encrypt its own location and architectural level.

The distributed nature of DCS necessitates the need to communication among its components. It is recommended to mask the information by injecting the noise to confuse attacker. The components must also insert dummy instructions and also have multiple commands for the same task. This will protect the system from eavesdropping. Random clock must be used with a sequence known only to the nodes. This will help protect from time sync attacks. The man in the middle attack must be overcome by frequent change of passwords, encrypted data communication and multifactor authentication. The replay attack is related to this and it can be overcome by the transmission of random signals by each node regularly so that it is verified that the node is active. The components and the nodes in the DCS must be placed intelligently so that an algorithm can easily detect intrusion or compromise in the nodes. Data from one node must be broken down into smaller packets and sent through various different routes to the other node so that the routing attack is avoided. The data and the program memory must be kept separately. The storage must be scrambled and random, with no trace between the data and the concerned profile. Multiple frequencies and identities must be used by the nodes, so that different kind of data can be communicated in different channels.

Trust and reputation approach

The DCS is a system that contains multiple components with varied capabilities, responsibilities and privileges. Although the techniques like encryption, authentication, authorization and security policies are effective with the top layer components like computers and servers, it is too heavy for the low level components like actuators, sensors and controllers. This leads to the requirement of trust and reputation in the DCS. The trust and reputation system will enable the nodes and components to free itself from the security burden and capability constraints. A two tier system could form the best solution to the DCS by taking care of the internal and external trusts separately.

At every level of the DCS, the components must maintain an internal trust among other components in the same or lower levels. The external trust takes care of the interaction between the components and its higher level. The reputation of every node will be obtained using the trust values that other nodes have on the given node. Every particular node can then combine the trust and reputation to obtain the trustworthiness of the other nodes in its network.

The trust is based upon the factors like packets forwarded, packets dropped, packets misrouted, packets falsely injected, packets received from a particular node and packets sent to that particular node. These values can be compared with the predetermined threshold to detect the deviations (Chatterjee et al. 2009). The trust value for a given node A, can then be computed using the formula given below (Chatterjee et al. 2009). The $f_{dA}$ , $d_{dA}$ , $m_{dA}$ and $i_{dA}$ are the deviation values for packets forwarded, packets dropped, packets misrouted and packets falsely injected at node A. The corresponding weightage of the behaviors are given by $w_{f}$ , $w_{d}$ , $w_{m}$ and $w_{i}$ .

T r u s t (N_{A}) = (w_{f} + f_{dA}) - (w_{d} + d_{dA}) + (w_{m} + m_{dA}) + (w_{i} + i_{dA})

The trust management of the DCS involves maintaining a parameter list and a storage system which can store the parameters. A processing technique is used, which implements a trust model to calculate and update the trust and reputation models. The proposed trust management system is shown in Fig. 3. In the context of DCS, the parameters on concern are factors related to the communication, security, data, location and control signals. These factors are then used by the trust model implemented in the trust management system. Some of the models that can be implemented are Bayesian model (Teacy et al. 2012), entropy model (Gao and Liu 2014), fuzzy logic (Liu et al. 2013), human trust (Capra 2004), bio-inspired trust model (Marzi and Li 2013), and weighted mean (Messina et al. 2013). Based on the trust model used, the trust values are accordingly calculated and updated.

Fig. 3 [Images not available. See PDF.]

Trust management system for distributed control system

Testing and evaluation

The security techniques and management systems, once deployed, must be tested and evaluated to identify the strengths and weaknesses of the security approach (Scarfone 2009; Stouffer et al. 2011b). This phase of the security approach helps to identify the factors that require attention and security solution.

Best practices

The first step in this phase is to conduct the vulnerability assessment at the physical, personnel and technical levels. The details are discussed below.

Physical: regular inspection of the physical components and devices must be conducted. The visitors must be physically searched and the access control policies must be monitored.
Personnel: regular interviews must be conducted to verify the knowledge on security techniques and policies. The training records of the personnel must be examined.
Technical: the security tools must be kept updated. Software capable of performing the vulnerability tests, security tests and evaluation must be implemented. The day-to-day operations of the system must be well documented and stored.

Penetration testing

The next step in this phase would be to conduct various testing and evaluation procedures. One of the most commonly used procedure is the penetration testing. It is a process in which the testers try to understand the architecture and design of the systems using the resources available to them. They then make attempts to explore and break into the security features of the system. This procedure involves three steps.

The planning and preparing to study and penetrate into the DCS.
Identifying the targets that are to be attacked and breached.
Assessing the security features using techniques like exploitation of resources, installation of devices, initiation of control commands and execution of actions on security objectives.
Applying techniques like network sniffing, log review, documentation analysis and integrity checking.
Reporting the findings and cleaning up all the testing materials from the system.

Fuzzing

The fuzzing or the fuzz testing is used to test the security and effectiveness of the software in a system. In the context of DCS, this test can test the software in the higher level like operational level and master control level. These two levels contain more software components than physical and thus they are more vulnerable to software-targeted attacks. The fuzzing will test the system with random inputs, invalid data and unexpected commands to study the system reactions and weaknesses. This procedure requires software experts who are equipped with vast knowledge on the software and protocol.

The proposed methodology can be applied and utilized in industries adopting distributed control systems such as agriculture, nuclear power plant, petrochemical and refineries, automobiles, airlines, water management, healthcare, smart grids etc. The proposed methodology will act as guidelines or a road map for such industries to enhance their current security posture through effective security management.

Conclusion

Distributed control systems are utilize in critical infrastructure applications such as agriculture, smart grid, healthcare, defense and finance. Intersection of the control systems and the computer security raised number of concerns to its infrastructure including cyber and physical attacks. This concern raised the requirement for mechanism to secure distributed control systems environment, which is systematic risk assessment techniques to ensure, secure availability of the critical infrastructure.

This research investigates the DCS with respect to the CPS. Based on the above inference and the knowledge gained from the literature review, a cyber-security management approach has been proposed. The proposed approach consists of a four phase cyclic process that is capable to provide effective and managing security to the distributed control system. The phases are the risk management, security management, trust and reputation management, testing and evaluation. This approach expected to bring about safer and secure distributed control systems of the new era. In future work, trust, reputation and risk management together will be investigated in order to improve the security and performance of DCS.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

References

Abercrombie RK, Sheldon FT, Hauser KR, Lantz MW, Mili A (2013) Risk assessment methodology based on the NISTIR 7628 guidelines. In: System sciences (HICSS), 2013 46th Hawaii international conference on, IEEE, pp 1802–1811

Alcaraz, C; Zeadally, S. Critical infrastructure protection: requirements and challenges for the 21st century. Int J Crit Infrastruct Prot; 2015; 8, pp. 53-66. [DOI: https://dx.doi.org/10.1016/j.ijcip.2014.12.002]

Alcaraz, C; Lopez, J; Wolthusen, S. Policy enforcement system for secure interoperable control in distributed smart grid systems. J Netw Comput Appl; 2016; 59, pp. 301-314. [DOI: https://dx.doi.org/10.1016/j.jnca.2015.05.023]

Ali, S; Anwar, RW; Hussain, OK. Cyber security for cyber physical systems: a trust-based approach. J Theor Appl Inf Technol; 2015; 71, pp. 144-145.

Ali S, Balushi TA, Nadir Z, Hussain OK (2018) Distributed control systems security for CPS. In: Ali S (ed) Cyber security for cyber physical systems, vol 768. Studies in computational intelligence. Springer-Verlag, pp 141–160

Aloul, F; Al-Ali, A; Al-Dalky, R; Al-Mardini, M; El-Hajj, W. Smart grid security: threats, vulnerabilities and solutions. Int J Smart Grid Clean Energy; 2012; 1, pp. 1-6. [DOI: https://dx.doi.org/10.12720/sgce.1.1.1-6]

Ansari, S; Janghel, RR. A dynamic approach to generate behavior patterns of virus and worms for intrusion detection system. Int J Adv Res Comput Sci; 2013; 4, 2 pp. 1-5. [DOI: https://dx.doi.org/10.26483/ijarcs.v4i2.1505]

Bae, K; Krisiloff, J; Meseguer, J; Ölveczky, PC. Designing and verifying distributed cyber-physical systems using multirate PALS: an airplane turning control system case study. Sci Comput Program; 2015; 103, pp. 13-50. [DOI: https://dx.doi.org/10.1016/j.scico.2014.09.011]

Bolognani, S; Carli, R; Cavraro, G; Zampieri, S. Distributed reactive power feedback control for voltage regulation and loss minimization. IEEE Trans Autom Control; 2015; 60, pp. 966-981.MathSciNet ID: 3340788[DOI: https://dx.doi.org/10.1109/TAC.2014.2363931]

Botezatu R (2016) Cyber security SCADA and DCS systems: a summary of the current situation and key points to consider. In: ICARE Cyber Security white paper, ICARE cyber services SA, Rue Faucigny, Firbourg, Switzerland, pp 1 -11. https://www.icare-cybersecurity.com/assets/icareics-white-paper-.pdf

Boyer W, McQueen M (2007) Ideal based cyber security technical metrics for control systems. In: International workshop on critical information infrastructures security, Springer, pp 246–260

Bradley, JM; Atkins, EM. Coupled Cyber–Physical system modeling and coregulation of a CubeSat. IEEE Trans Robot; 2015; 31, pp. 443-456. [DOI: https://dx.doi.org/10.1109/TRO.2015.2409431]

C´ardenas AA, Amin S, Sinopoli B, Giani A, Perrig A, Sastry S (2009) Challenges for securing cyber physical systems. Paper presented at the Workshop on future directions in cyber-physical systems security

Capra L (2004) Towards a human trust model for mobile ad-hoc networks. In: Proceedings of 2nd UK-UBiNet Workshop, Cambridge University, Cambridge, UK, pp 1–2. https://discovery.ucl.ac.uk/id/eprint/816/1/5.2_ukubinet04.pdf

Chatterjee P, Sengupta I, Ghosh SKA (2009) Trust based clustering framework for securing ad hoc networks. In: International conference on information systems, technology and management, Springer, pp 313–324

Chen, Q; Abercrombie, RK; Sheldon, FT. Risk assessment for industrial control systems quantifying availability using mean failure cost (MFC). J Artif Intell Soft Comput Res; 2015; 5, pp. 205-220. [DOI: https://dx.doi.org/10.1515/jaiscr-2015-0029]

Colombo AW, Karnouskos S, Bangemann T (2014) Towards the next generation of industrial cyber-physical systems. In: Industrial cloud-based cyber-physical systems, Springer, pp 1–22

Dacer, M; Kargl, F; König, H; Valdes, A. Network attack detection and defense: securing industrial control systems for critical infrastructures (Dagstuhl Seminar 14292). Dagstuhl Rep; 2014; 4, pp. 62-79.

Davé, A; Salonitis, K; Ball, P; Adams, M; Morgan, D. Factory eco-efficiency modelling: framework application analysis. Proc CIRP; 2016; 40, pp. 214-219. [DOI: https://dx.doi.org/10.1016/j.procir.2016.01.105]

Derbal, Y. Midland: a service-oriented cluster computing infrastructure. Serv Orient Comput Appl; 2009; 3, pp. 109-125. [DOI: https://dx.doi.org/10.1007/s11761-009-0042-y]

Doodi S (2018) Understanding industrial control systems security basics. https://www.controleng.com/articles/understanding-industrial-control-systems-security-basics/. Accessed 10 Jan 2019

Felderer, M et al. Evolution of security engineering artifacts: a state of the art survey. Int J Secur Softw Eng; 2014; 5, pp. 48-98. [DOI: https://dx.doi.org/10.4018/ijsse.2014100103]

Gao Y, Liu W (2014) BeTrust: a dynamic trust model based on Bayesian inference and tsallis entropy for medical sensor networks. J Sens 2014:649392. https://doi.org/10.1155/2014/649392. https://www.hindawi.com/journals/js/2014/649392/

Ge X, Yang F, Han Q-L (2015) Distributed networked control systems: a brief overview. Inf Sci 380:117-131. https://doi.org/10.1016/j.ins.2015.07.047. https://dl.acm.org/doi/abs/10.1016/j.ins.2015.07.047

Giordano A, Spezzano G, Vinci A, Garofalo G, Piro P (2014) A cyber-physical system for distributed real-time control of urban drainage networks in smart cities. In: International conference on internet and distributed computing systems, Springer, pp 87–98

Govil N, Agrawal A, Tippenhauer NO (2017) On ladder logic bombs in industrial control systems. In: International workshop on security of industrial control systems and cyber physcial systems (SECPRE 2017, CyberICPS 2017), vol 10683. Lecture notes in computer science book series, Springer, Cham

Govindarasu M, Hann A, Sauer P (2012) Cyber-physical systems security for smart grid. The future grid to enable sustainable energy systems. PSERC publication

Habash, RW; Groza, V; Burr, K. Risk management framework for the power grid cyber-physical security. Br J Appl Sci Technol; 2013; 3, pp. 1070-1085. [DOI: https://dx.doi.org/10.9734/BJAST/2013/3682]

Haimes, YY. Risk modeling, assessment, and management; 2015; Hoboken, John Wiley & Sons:zbMath ID: 1105.91001

Haimes, YY; Kaplan, S; Lambert, JH. Risk filtering, ranking, and management framework using hierarchical holographic modeling. Risk Anal; 2002; 22, pp. 383-397. [DOI: https://dx.doi.org/10.1111/0272-4332.00020]

Harrison V, Pagliery J (2015) Nearly 1 million new malware threats released every day. CNN money. http://money.cnn.com/2015/04/14/technology/security/cyber-attack-hacks-security/. Accessed 13 Oct 2015

Harrison R et al (2014) Next generation of engineering methods and tools for SOA-based large-scale and distributed process applications. In: Industrial cloud-based cyber-physical systems, Springer, pp 137–165

Hieb J, Graham J, Patel S (2007a) Security enhancements for distributed control systems. In: Goetz E, Shenoi S (eds) Critical infrastructure protection. Vol IFIP WG 11.10 Series of criticial infrastrucutre protection, Springer, pp 133–146

Hieb J, Graham J, Patel S (2007b) Security enhancements for distributed control systems. In: International conference on critical infrastructure protection, Springer, pp 133–146

Hieb, J; Graham, J; Patel, S. Security enhancements for distributed control systems. Critical infrastructure protection; 2008; Boston, Springer: pp. 133-146.

House TW (2014) Co-ordination of federal information security policy. The United States Government. https://www.whitehouse.gov/sites/default/files/omb/legislative/letters/coordination-of-federal-information-security-policy.pdf. Accessed 15 July 2016

Ilic, MD; Xie, L; Khan, UA; Moura, JM. Modeling of future cyber–physical energy systems for distributed sensing and control. IEEE Trans Syst Man Cybern Part A Syst Hum; 2010; 40, pp. 825-838. [DOI: https://dx.doi.org/10.1109/TSMCA.2010.2048026]

Jagadamba G, Sharmila S, Gouda T (2014) A secured authentication system using an effective keystroke dynamics. In: Emerging research in electronics, computer science and technology, Springer, pp 453–460

Karnouskos S, Colombo AW, Bangemann T (2014a) Trends and challenges for cloud-based industrial cyber-physical systems. In: Industrial cloud-based cyber-physical systems, Springer, pp 231–240

Karnouskos S et al (2014b) The IMC-AESOP architecture for cloud-based industrial cyber-physical systems. In: Industrial cloud-based cyber-physical systems, Springer, pp 49–88

Kim, K-D; Kumar, PR. Cyber–physical systems: a perspective at the centennial. Proc IEEE; 2012; 100, pp. 1287-1308. [DOI: https://dx.doi.org/10.1109/JPROC.2012.2189792]

Knapp, ED; Langill, JT. Industrial network security: securing critical infrastructure networks for smart grid, SCADA, and other industrial control systems; 2014; Burlington, Syngress:

Knowles, W; Prince, D; Hutchison, D; Disso, JFP; Jones, K. A survey of cyber security management in industrial control systems. Int J Crit Infrastruct Prot; 2015; 9, pp. 52-80. [DOI: https://dx.doi.org/10.1016/j.ijcip.2015.02.002]

Kriaa, S; Pietre-Cambacedes, L; Bouissou, M; Halgand, Y. A survey of approaches combining safety and security for industrial control systems. Reliab Eng Syst Saf; 2015; 139, pp. 156-178. [DOI: https://dx.doi.org/10.1016/j.ress.2015.02.008]

Lampesberger, H. Technologies for web and cloud service interaction: a survey. Serv Orient Comput Appl; 2016; 10, pp. 71-110. [DOI: https://dx.doi.org/10.1007/s11761-015-0174-1]

Li, H; Han, Z; Dimitrovski, AD; Zhang, Z. Data traffic scheduling for cyber physical systems with application in voltage control of distributed generations: a hybrid system framework. IEEE Syst J; 2014; 8, pp. 542-552. [DOI: https://dx.doi.org/10.1109/JSYST.2013.2260915]

Li B, Nie L, Wu C, Gonzalez H, Lu C (2015) Incorporating emergency alarms in reliable wireless process control. In: Proceedings of the ACM/IEEE sixth international conference on cyber-physical systems, ACM, pp 218–227

Liu M, Xu W (2013) The approach for critical infrastructure sectors classification using the inoperability input-output model (IIM). In: 2013 6th International conference on information management, innovation management and industrial engineering, IEEE, pp 7–10

Liu S, Yu H, Miao C, Kot AC (2013) A fuzzy logic based reputation model against unfair ratings. In: Proceedings of the 2013 international conference on autonomous agents and multi-agent systems, 2013. International foundation for autonomous agents and multiagent systems, pp 821–828

Loos SM, Platzer A, Nistor L (2011) Adaptive cruise control: hybrid, distributed, and now formally verified. In: International symposium on formal methods, Springer, pp 42–56

Mangharam, R; Pajic, M. Distributed control for cyber-physical systems. J Indian Inst Sci; 2013; 93, pp. 353-387.MathSciNet ID: 3137507

Marzi, H; Li, M. An enhanced bio-inspired trust and reputation model for wireless sensor network. Proc Comput Sci; 2013; 19, pp. 1159-1166. [DOI: https://dx.doi.org/10.1016/j.procs.2013.06.165]

Messina F, Pappalardo G, Rosaci D, Santoro C, Sarné GM (2013) A trust-based approach for a competitive cloud/grid computing scenario. In: Intelligent distributed computing VI. Springer, pp 129–138

Mocci, S; Natale, N; Pilo, F; Ruggeri, S. Demand side integration in LV smart grids with multi-agent control system. Electr Power Syst Res; 2015; 125, pp. 23-33. [DOI: https://dx.doi.org/10.1016/j.epsr.2015.03.021]

Mohsin, A; Janjua, NK. A review and future directions of SOA-based software architecture modeling approaches for System of Systems. Serv Orient Comput Appl; 2018; 12, pp. 183-200. [DOI: https://dx.doi.org/10.1007/s11761-018-0245-1]

Morris T, Vaughn R, Dandass YS (2011) A testbed for SCADA control system cybersecurity research and pedagogy. In: Proceedings of the seventh annual workshop on cyber security and information intelligence research, ACM, p 27

Nabil, S; Bourennane, E-B; Benmohammed, M. Cyber security for wireless semantic SCADA/DCS systems. Int J Syst Control Commun; 2016; [DOI: https://dx.doi.org/10.1504/IJSCC.2016.079399]

Pagani, GA; Aiello, M. Service orientation and the smart grid state and trends. Serv Orient Comput Appl; 2012; 6, pp. 267-282. [DOI: https://dx.doi.org/10.1007/s11761-012-0117-z]

Pappas V, Athanasopoulos E, Ioannidis S, Markatos EP (2008) Compromising anonymity using packet spinning. In: International conference on information security, Springer, pp 161–174

Posadas, JL; Poza, JL; Simó, JE; Benet, G; Blanes, F. Agent-based distributed architecture for mobile robot control. Eng Appl Artif Intell; 2008; 21, pp. 805-823. [DOI: https://dx.doi.org/10.1016/j.engappai.2007.07.008]

Qian, F; Xu, G; Zhang, L; Dong, H. Design of hybrid NC control system for automatic line. Int J Hybrid Inf Technol; 2015; 8, pp. 185-192.

Ralston, PAS; Graham, JH; Hieb, JL. Cyber security risk assessment for SCADA and DCS networks. ISA Trans; 2007; 46, pp. 583-594. [DOI: https://dx.doi.org/10.1016/j.isatra.2007.04.003]

Ramachandruni RS, Poornachandran P (2015) Detecting the network attack vectors on SCADA systems. In: Advances in computing, communications and informatics (ICACCI), 2015 international conference on, IEEE, pp 707–712

Rauter T (2016) Integrity of distributed control systems. In: Student forum of the 46th annual IEEE/IFIP international conference on dependable systems and networks

Renfroe NA, Smith JL (2010) Threat/vulnerability assessments and risk analysis. Applied Research Associates, Inc

Sandberg, H; Amin, S; Johansson, K. Cyberphysical security in networked control systems: an introduction to the issue. IEEE Control Syst; 2015; 35, pp. 20-23.MathSciNet ID: 3311286[DOI: https://dx.doi.org/10.1109/MCS.2014.2364708]

Scarfone, K. Technical guide to information security testing and assessment: recommendations of the National Institute of Standards and Technology; 2009; Collingdale, DIANE Publishing:

Security H (2007) Recommended practice case study: cross site scripting. Control Syst Secur Program 1–15

Sinopoli, B; Sharp, C; Schenato, L; Schaffert, S; Sastry, SS. Distributed control applications within sensor networks. Proc IEEE; 2003; 91, pp. 1235-1246. [DOI: https://dx.doi.org/10.1109/JPROC.2003.814926]

Solomon, MG; Chapple, M. Information security illuminated; 2009; Sudbury, Jones & Bartlett Publishers:

Sorouri, M; Vyatkin, V. Intelligent product and mechatronic software components enabling mass customisation in advanced production systems. SOCA; 2018; 12, pp. 73-86. [DOI: https://dx.doi.org/10.1007/s11761-018-0230-8]

Stouffer K, Falco J, Scarfone K (2011a) Guide to industrial control systems (ICS) security. NIST special publication 800:16–16

Stouffer KA, Falco JA, Scarfone KA (2011b) Sp 800 – 82. guide to industrial control systems (ics) security: supervisory control and data acquisition (scada) systems, distributed control systems (dcs), and other control system configurations such as programmable logic controllers (plc)

Teacy, WL; Luck, M; Rogers, A; Jennings, NR. An efficient and versatile approach to trust and reputation using hierarchical bayesian modelling. Artif Intell; 2012; 193, pp. 149-185.MathSciNet ID: 2988875[DOI: https://dx.doi.org/10.1016/j.artint.2012.09.001]

Teixeira A, Pérez D, Sandberg H, Johansson KH (2012) Attack models and scenarios for networked control systems. In: Proceedings of the 1st international conference on high confidence networked systems, ACM, pp 55–64

Wasicek A, Derler P, Lee EA (2014) Aspect-oriented modeling of attacks in automotive cyber-physical systems. In: Design automation conference (DAC), 51st ACM/EDAC/IEEE, 2014, IEEE, pp 1–6

Yu, H; Shen, Z; Miao, C; Leung, C; Niyato, D. A survey of trust and reputation management systems in wireless communications. Proc IEEE; 2010; 98, pp. 1755-1772. [DOI: https://dx.doi.org/10.1109/JPROC.2010.2059690]

Zhang, Z; Chow, M-Y. Convergence analysis of the incremental cost consensus algorithm under different communication network topologies in a smart grid. IEEE Trans Power Syst; 2012; 27, pp. 1761-1768. [DOI: https://dx.doi.org/10.1109/TPWRS.2012.2188912]

Zhang, L; Zhang, H; Conti, M; Pietro, RD; Jajodia, S; Mancini, LV. Preserving privacy against external and internal threats in WSN data aggregation. Telecommun Syst; 2013; 52, pp. 2163-2176. [DOI: https://dx.doi.org/10.1007/s11235-011-9539-8]

Zhang X, Clark M, Rattan K, Muse J (2015) Controller verification in adaptive learning systems towards trusted autonomy. In: Proceedings of the ACM/IEEE sixth international conference on cyber-physical systems, ACM, pp 31–40

Zhong, H; Nof, SY. The dynamic lines of collaboration model: collaborative disruption response in cyber–physical systems. Comput Ind Eng; 2015; 87, pp. 370-382. [DOI: https://dx.doi.org/10.1016/j.cie.2015.05.019]

Zhu, Q; Basar, T. Game-theoretic methods for robustness, security, and resilience of cyberphysical control systems: games-in-games principle for optimal cross-layer resilient control systems. IEEE Control Syst; 2015; 35, pp. 46-65.MathSciNet ID: 3311288[DOI: https://dx.doi.org/10.1109/MCS.2014.2364710]

Zhu Q, Bushnell L, Basar T (2013) Resilient distributed control of multi-agent cyber-physical systems. In: Tarraf DC (ed) Lecture notes in control and information sciences, The Johns Hopkins University, Springer, pp 301–316

Word count: 8480

Show less

Cybersecurity management for distributed control system: systematic approach

Content area

Abstract

Full text