In cyber security, a vulnerability is a weakness that can be exploited by cybercriminals to gain unauthorised access to a computer system. After exploiting a vulnerability a cyberattack can run malicious code, install malware and even steal the data.
A vulnerability can appear in cyber, cyber-physical (or) in physical state.
Ex: Communication between CPS and external world through Remote control centres can be considered as cyber.
- Isolation Assumption
- Increased Connectivity
In most of the systems the main aspect of the engineers is to focus on designing reliable and safe systems whereas the security is not given much importance for example in ICS and power grids security relied on the assumption that systems are isolated from the outside world and the monitoring, control operations were performed locally.
CPS are more connected than ever before for example manufacturers have developed CPS by adding services that rely on open networks and wireless technologies like bluetooth, cellular, satellite radio communications etc. For instance ICS and smart grids are connected to control centers via internet for any quick modifications in the system and most of the attacks origin externally through internet. Also, for fast incident response and to provide better convenience most of the devices are connected to internet continuously like medical devices, smart cars. So, due to increased connectivity they are prone for attacks.
CPS consists of components that are usually heterogeneous such that third party components, proprietary components are tightly integrated to build a CPS application. CPS are almost always multivendor system and each product has its own security problems. Hence the building components of CPS are more integrated than designed and this invites vulnerabilities of each product.
Ex: Most of the bugs that lead to successful attacks in smart cars were found at the boundaries of interconnected components manufactured by different vendors.
In general, CPS vulnerabilities are divided into three types:- Network, Platform and Management.
Network vulnerability involves configuration, hardware and monitoring vulnerabilities.
Platform vulnerability includes configuration, hardware and software vulnerabilities as well as deficiency of protection measures.
Management vulnerability is most related to the lack of security policies.
ICS relies on protocols like Modbus and DNP3 to monitor and send control commands from a control center to sensors and actuators. These protocols lacks in basic security features like lack of encryption, data integrity check, authentication measures etc thereby the data can be easily spoofed by the false data.
Direct access to remote field devices such as RTUs and PLCs used in smart grids is also a vulnerability that might be overlooked by smart grids operators, some devices are left with default passwords and also a large number of PLCs are connected to the internet thereby the same vulnerability is applicable.
The operating systems in ICS components are Real time operating system(RTOS), and they do not implement access control measures. Therefore, all users are given highest privileges but this is fundamentally insecure and clearly make the devices vulnerable to various kinds of attacks.
Applications that are used for controlling and monitoring the field devices are running on the general OS. If the OS is prone to vulnerable, the hosting computers and connected devices also posses potentially high risk towards an attack.
The power system infrastructure in smart grids also relies on the same protocols that are available in ICS like Modbus and DNP3 thereby these are also prone to same vulnerabilities.
In addition, smart grids consists of heterogeneous components run by different entities. For example, a generation plant of a grid interacts with a transmission plant, where the transmission plant, in turn, interacts with a distribution plant, and finally the distribution delivers the electricity to end users. Each type of interaction is usually run and administered by different companies, which introduces vulnerabilities in communication and collaboration.
Smart meters rely on two-way communications, which contribute to a number of new security concerns. For ex: A smart meter can have a backdoor that an attacker could exploit to have control over the device and the two way communication happens through telnet which is known as major security weakness because the data is sent in clear text format with no encryption.
A few researchers analysed a smart meter’s documentation and found out that there is “factory login account” with full access over the controls of the smart grid apart from the “customers account” with limited capabilities used for basic configurations. Once full access is gained three potential attacks arises:- Power disruption either directly or by malicious interactions, Using the meter as “bot” to launch attacks possibly against other smart meters or systems within the smart grid network and the meter’s collected data could be tampered with so that the bill reflects false data to reduce the cost of the consumer.
- Smart cars are vulnerable to many attacks due to the lack of security considerations in their design. In vehicle communication protocols like CAN and LIN are used but these protocols lacks in encryption, authentication and authorisation mechanisms. Thereby, due to lack of security tracing a car and the likelihood of DoS attacks increases in smart cars.