Cyber-attacks on critical infrastructures are of growing societal concern. Several malicious attacks have been reported over the last few years and in many cases they have targeted control systems. The increasing use of off-the-shelf software and hardware components and open communication networks makes networked control systems vulnerable to cyber-attacks. As the cyber and physical components of these systems are tightly interconnected, traditional IT security focusing on the cyber part does not provide appropriate solutions. In this talk, we will discuss how to model, analyze and design cyber-secure networked control systems. We will introduce an adversary modeling framework and use it for quantifying cyber-security of control systems by means of constrained optimization problems. An attack space defined by the adversary's model knowledge, disclosure, and disruption resources is presented. It is shown that attack scenarios corresponding to denial-of-service, replay, zero-dynamics, and bias injection attacks can be analyzed using this framework. Applications to power networks and process industry will be used to illustrate the attack scenarios, their consequences, and potential countermeasures.
