- Facilities such as nuclear reactors continually upgrade their cyber defenses
- These industrial control systems have vast supply chains which makes them vulnerable to infiltration
- A strong need exists for defense against the ultimate nightmare scenario—sabotage from within
Imagine you’re working security at a nuclear facility that’s had a break-in. You want to alert the authorities, but you know a siren blaring over your speaker system could give the intruders a chance to leave without being caught. So, you push the silent alarm button to bring the police without panicking the culprits.
A silent alarm is easy enough to set up in the real world, but it’s not so simple with digital systems. Once a cybercriminal owns a network, they can mask their presence and monitor security activities. They can remain invisible while retaining control of certain functions.
When it comes to nuclear infrastructure, any uncertainty about security is unacceptable.
These are the kinds of attacks that Hany Abdel-Khalik and his team are working to thwart. An associate professor of nuclear engineering at Purdue University, Abdel-Khalik has developed a defense system that acts like a digital silent alarm. He hopes his work will help secure important infrastructure from something as severe as a state-sponsored attack.
Why attack nuclear facilities?
When most people hear about a cyberattack, it generally has to do with a data breach like the one that recently affected 52.5 million Google Plus users. But personal data is not the only reason to break into a secure system.
With physical infrastructure, a hacker’s goal is often to disrupt an organization’s ability to function. The Ukrainian “Crash Override” malware is a good example of this. On December 17, 2016, hackers targeted an electric transmission station near Kiev. When the dust settled, a fifth of the Ukrainian city’s power capacity had been knocked offline.
“I am taking a different approach from what has been done, which usually focuses more on the network security,” says Abdel-Khalik. “Instead I am looking at what’s called ‘physical process security.’ The engineering process itself that you are trying to run, whether it’s a chemical plant or nuclear plant, and how it can physically secure itself.”
Nuclear facilities have a lot of sensors that generate physical data about the processes conducted onsite. Monitoring these sensors helps ensure that everything is running smoothly. Eventually, the data from these sensors will be digitized—and therefore become open to attack.
“If a hacker has access to the sensitive data, they can change them without alerting operators and directly effect a physical change on the system,” says Abdel-Khalik. “At that point, the IT security that’s in place wouldn’t really do anything.”
He continues, “This may sound like a wild scenario, but in reality, it is more possible than you think, because the design, operation, and safety of most of today’s critical systems, like nuclear reactors, are very well-known. There are commercial simulators available for purchase that faithfully emulate real reactor behavior. Attackers can use these simulators to design their data deception attacks.”
For an example of how quickly such an attack can spiral out of control, look to Stuxnet. Discovered in 2010, this computer worm gained access to Iran’s nuclear program. The goal was to access valves and increase pressure inside the centrifuges. Stuxnet caused damage to thousands of the country’s nuclear centrifuges.
This is where Abdel-Khalik’s silent alarm comes in. Network systems used by nuclear facilities to handle daily processes are well understood by the hacking community, as are the physics governing the behavior of nuclear reactors. Therefore, domain scientists may end up assisting the hackers to manipulate sensor data in a way that doesn’t alert operators to their presence in the network.
Keeping an intrusion secret is absolutely necessary for the kinds of state-sponsored attacks that might plague a nuclear facility. In fact, these kinds of hacks are among the most dangerous.
“After they control the system, they may not do anything for a long time,” says Abdel-Khalik. “Maybe they wait for some geopolitical conditions to converge, at which time they launch their attack. It doesn’t have to be just for conventional demands like ransom money or plant shutdown.”
The solution is to modify sensor data in a very specific way that employs physics models as well as the noise from the system. Different from AI techniques which constantly look for patterns to determine whether the data are genuine or not, Abdel-Khalik’s new technology looks for ‘non-patterns,’ e.g., the opposite of patterns. Unlike patterns which can be learned by observing the data, non-patterns are arbitrary and can be selected in an essentially infinite number of ways.
The particulars of this process are kept under wraps to protect the system’s integrity, but the idea is to use the non-patterns to alter the information so slightly that it cannot be detected by observing the data. However, if hackers attempt to change something, the system will be able to detect their alterations.
“Essentially, it is like creating a password that is constantly changing, by using the infinite number of non-patterns in the network information,” says Abdel-Khalik
Insiders help attackers
And then there’s the possibility of an insider-assisted attack, which are incredibly common. In fact, around three-quarters of all security breaches involve some sort of insider.
Although the systems used by nuclear facilities are generally well understood, that isn’t enough to gain full access to a particular system. For that, Abdel-Khalik says that a hacker will likely need an insider’s help.
“The insider part is really to help them gain access to the current IT defenses that might be in place, whose details are kept proprietary,” says Abdel-Khalik.
He also points out that the groups that would attack nuclear facilities are unlikely to be lone and unskilled hackers. More likely they would be state-sponsored attacks that are “very resourceful, persistent, and patient.”
That said, Abdel-Khalik is confident that his security solution can help mitigate the risks.
“In this day and age, you map all of your defenses as if the insiders will collude with the attackers,” says Abdel-Khalik. “It’s not that you shouldn’t trust your insiders, but the defense methodology should take into account that persistent attackers will go to great lengths to coerce key individuals.”
He continues, “I see this alert system being implemented, first, in commercial simulators as prototypes, and then eventually to go into the digital control systems for any industrial process that is digitally controlled and the technical know-how is very well understood. The primary target of attacks would be chemical plants, oil and gas, water treatment, and nuclear reactors.”
Cybersecurity may never be as simple as hitting an alarm button, but that doesn’t mean it can’t fly under a hacker’s radar. Innovations like the one made by Abdel-Khalik and his team are a necessary solution to a dangerous world.