Critical infrastructures such as electric grids are increasingly controlled by computers and digital systems and are thus vulnerable to cyber-attacks, as was repeatedly demonstrated in a recent past. Securing such infrastructures involves many dimensions and it is difficult to reduce security to a small number of practical guidelines. However, the following points can clearly be formulated.
Successful attacks often start by attacking non-critical infrastructures. It is generally accepted that it is important to correctly authenticate all actions and traffic, in order to avoid for example attacks based on false data injection. It is less obvious and less well admitted that confidentiality is also important as, in the absence of confidentiality, attacks on non-critical and less protected infrastructures can be used to gain information on the operation, which, in a second phase, can lead to a successful attack on the critical components.
In this context, particular attention should be given to device authentication, which should be consolidated with per-user authentication of all accesses (i.e. credentials should be those of a human user, not of a device). Many attacks are accomplished with the explicit or implicit participation of trusted insiders. Per-user authentication enables fast repudiation of compromised accounts and is necessary during post-attack recovery.
Installation of new devices during emergency conditions require special attention as it is typically during such phases that the pressure on operational conditions may lead to security breaches. It should be carefully prepared as part of contingency plans.
In addition to the generic cyber-security mechanisms mentioned above, critical infrastructures have security weaknesses that are specific to their physical processes. For example, grid monitoring and control uses high precision (GPS) time; attacks against the time synchronization system can have devastating effects. It is not always possible to use encryption and authentication to thwart such attacks: for example, it was recently demonstrated that introducing delay boxes in the communication lines on high voltage corridors can lead to estimation errors that may cause irreversible damages. Such delay boxes are below the physical layer and cannot be detected by crypto-mechanisms. It is necessary to reason vertically about the complete set of data received by the cyber-physical infrastructure, thus leading to attack detection systems that act at the global scale.
This application vertical will be extended to other critical infrastructures, such as transportation systems.