A survey of critical infrastructure control system effects

The critical infrastructure control systems of the United States have long been shielded, through obscurity and the slow introduction of technology, from the onslaught of malicious crackers, worms and viruses that brought about security awareness and change to the Internet. Availability of information, access to attack tools, and the advantages of highly-networked organizations have created precarious links between the vital underpinnings of society and the security test range of the web. Remote or geographically dispersed nodes present high-value targets to a technology aware foe whose tactics thrive on attacks that do not require extensive resources. The common solution of layering a typical network security infrastructure upon a control system (CS) does not address the different perceptions held by the IT staff and control engineers. This paper examines the various implementations of control systems and explains how integration of modern technology has introduced security flaws. Plausible uses of cyberspace for physical effects are theorized with attention paid to the cascading (second and third order) effects of critical infrastructure disruption. Discussion of process control specific hardware, vulnerabilities, and practices unveil potential risks unprotected by incorporating a standard network / host based security structure into a critical infrastructure control system.