Attacks Against Process Control Systems: Risk Assessment, Detection, and Response
In the last years there has been an increasing interest in the security of process control and SCADA systems. Furthermore, recent computer attacks such as the Stuxnet worm, have shown there are parties with the motivation and resources to effectively attack control systems. While previous work has proposed new security mechanisms for control systems, few of them have explored new and fundamentally different research problems for securing control systems when compared to securing traditional Information Technology (IT) systems. In particular, the sophistication of new malware attacking control systems - malware including zero-days attacks, rootkits created for control systems, and software signed by trusted certificate authorities - has shown that it is very difficult to prevent and detect these attacks based solely on IT system information.