Cyber-Physical Attacks
eBook - ePub

Cyber-Physical Attacks

A Growing Invisible Threat

George Loukas

Share book
  1. 270 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Cyber-Physical Attacks

A Growing Invisible Threat

George Loukas

Book details
Book preview
Table of contents
Citations

About This Book

Cyber-Physical Attacks: A Growing Invisible Threat presents the growing list of harmful uses of computers and their ability to disable cameras, turn off a building's lights, make a car veer off the road, or a drone land in enemy hands. In essence, it details the ways cyber-physical attacks are replacing physical attacks in crime, warfare, and terrorism.

The book explores how attacks using computers affect the physical world in ways that were previously only possible through physical means. Perpetrators can now cause damage without the same risk, and without the political, social, or moral outrage that would follow a more overt physical attack.

Readers will learn about all aspects of this brave new world of cyber-physical attacks, along with tactics on how to defend against them. The book provides an accessible introduction to the variety of cyber-physical attacks that have already been employed or are likely to be employed in the near future.

  • Demonstrates how to identify and protect against cyber-physical threats
  • Written for undergraduate students and non-experts, especially physical security professionals without computer science background
  • Suitable for training police and security professionals
  • Provides a strong understanding of the different ways in which a cyber-attack can affect physical security in a broad range of sectors
  • Includes online resources for those teaching security management

Frequently asked questions

How do I cancel my subscription?
Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Cyber-Physical Attacks an online PDF/ePUB?
Yes, you can access Cyber-Physical Attacks by George Loukas in PDF and/or ePUB format, as well as other popular books in Ciencia de la computación & Ciberseguridad. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Butterworth-Heinemann
Year
2015
ISBN
9780128014639
Topic
Ciencia de la computación
Subtopic
Ciberseguridad
1

A Cyber-Physical World

Chapter Summary

Conventional cyber attacks affect primarily the confidentiality, integrity, and availability of data and services in cyberspace. Cyber-physical attacks are the particular category of cyber attacks that, whether intentionally or not, also adversely affect physical space by targeting the computational and communication infrastructure that allows people and systems to monitor and control sensors and actuators. This chapter provides a brief introduction to the concepts and components that bridge cyberspace with physical space, and defines what is and what is not a cyber-physical attack in relation to its impact on sensing and actuation.

Key Terms

Actuator; sensor; wireless sensor network; controller; embedded system; cyber-physical system; Internet of Things; cyber-physical attack
In the past, it was safe to assume that the primary aim of a cyber attack would be to cause damage in cyberspace, and of a physical attack to cause damage in physical space. This is no longer the case.
Our increasing dependence on computerized and highly networked environments is generating considerable new threats where the two spaces overlap. For clarity, by physical space, we refer to the space governed by the laws of physics. Cyberspace cannot be defined as succinctly. For our purposes, it is a metaphor referring to the electronic transmission, manipulation, storage, and retrieval of information in computer systems and networks.
Modern automobiles, smart buildings, wireless implants, intelligent traffic lights, full-body scanners, and industrial control systems are realistic targets for an attacker who wants to cause damage in physical space. An autonomous vehicle that has been compromised electronically can be used to intercept communications, transmit false data, launch a cyber attack from a convenient location, or even drive or fly itself into a crowd. Because documentation and code for exploiting weaknesses of widely used industrial control systems are available online, a cyber attack against a gas pipeline or water management facility may require considerably less planning and resources than a physical attack with the same aim.
Note that an attack in cyberspace can affect one or more of the three basic information security attributes collectively known as the CIA triad: confidentiality, integrity, and availability. In broad terms, confidentiality ensures that information can be accessed only by those authorized to access it; integrity ensures that information or a system’s configuration can be modified only by those authorized to modify it; and availability ensures that those authorized to access particular information or a service can indeed access it when necessary. To these, it is common to add authenticity, accountability, nonrepudiation, and other increasingly overlapping attributes.1 For the sake of simplicity, throughout this book we will refer mainly to the CIA triad and occasionally to authenticity. We will also frequently use five information security terms: adversary, threat, vulnerability, attack, and countermeasure, for which the explanations (following the Internet Engineering Task Force’s Internet Security glossary2) can be seen in Box 1.1, Basic Information Security Terminology.
Box 1.1
Basic Information Security Terminology
Vulnerability: A flaw or weakness in a system’s design, implementation, operation, or management that could be exploited to violate the system’s confidentiality, integrity, or availability.
Threat: Any circumstance or event with the potential to exploit a vulnerability and adversely affect a system through unauthorized access, destruction, disclosure, or modification of data, or denial of service.
Attack: An intentional assault on system security that derives from an intelligent threat. An active attack is one that attempts to alter system resources or affect their operation, while a passive attack is one that attempts to learn or make use of information from a system but does not affect that system.
Adversary: An entity that attacks a system or is a threat to a system. The terms “intruder,” “attacker,” “cyber attacker,” “cracker,” and “hacker” can also be used.
Countermeasure: An action, device, procedure, or technique that meets or opposes (i.e., counters) a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken.

Basic Concepts and Definitions of a Cyber-Physical World

Few like definitions. They can be too specific and limiting, or so general and vague as to be of little use in practice. Different schools of thought lead to distinctly different definitions, which are almost always incomplete. More than anything, definitions show what the industrial or research team behind each one considers a challenge and where it has focused its attention. But that is precisely why they are useful for areas of science and technology that are new and rapidly changing, currently expanding their real-world applications and impact to society. To appreciate and understand how an attack in cyberspace can have an impact in physical space, it is useful to have a basic understanding of the devices and systems involved, including sensors, actuators, controllers, embedded systems, cyber-physical systems, and recent computing paradigms such as the Internet of Things. We will use some of the most popular definitions proposed to describe these, although it is possible that some of these terms will be out of fashion in the near future. Nevertheless, they all point toward a world where cyber and physical spaces meet and new security threats appear where the two overlap.

Transducers

Computers are designed to generate, manipulate, transmit, and receive information in the form of pulses of electrical energy. (For example, a 0 may be represented as a low-voltage pulse and a 1 as a high-voltage pulse.) To be able to cross the cyber-physical boundary from information to physical effect and vice versa, they need transducers, which are devices that can convert between different forms of energy.3 Within the scope of this book, we are interested in transducers that can be classified as sensors or actuators.
Sensors are devices “that transform real-world data into electrical form”4 for the purpose of measurement or observation of the physical environment. The quantity, property, or condition measured is called stimulus or measurand, and can be acoustic, biological, chemical, electric, magnetic, mechanical, optical, radiation, or thermal. They may involve a number of transducers converting energy from one form into another until one produces an electrical signal that can be interpreted by an information processing system, such as a computer.
Strictly speaking, a sensor does not need to be a man-made object. Natural sensors on living organisms can also be included. For example, at the back of the human eye’s retina there is a layer of photoreceptors (light-sensitive nerve cells), whose job is to convert light rays into an electrical signal.5 This signal is then transmitted through the optic nerve to the brain, where it is processed and converted into an image. From our point of view, natural sensors should not be outright excluded from a discussion on cyber-physical attacks, as it is possible for an information security breach to lead to a stimulus that can be intentionally damaging to a human being (see the section, Health, in Chapter 2).
Thanks to advances in low-cost electronics and a variety of energy-efficient communication technologies, it is possible to deploy large numbers of inexpensive sensors that can communicate and report their measurements through a wireless network. Wireless sensor networks were originally conceived for military applications, where the sensors would be airdropped on an otherwise inaccessible terrain and would remotely report information about the battlefield. Today, they are commonly used in disaster response, detecting pollutants in the environment, monitoring a smart home, and so on.6
Electric actuators are in a sense the reverse of sensors, as their job is to initiate a physical action when instructed to do so by an electrical signal.7 For example, in wheeled vehicles, a rotary encoder is a sensor that measures position or speed by converting the angular motion of a wheel into an electrical signal. On the other hand, the electric motor that moves the vehicle is an actuator because it converts electrical energy into torque (the rotary force) that rotates the wheel...

Table of contents