Protecting Critical Infrastructure and Key Resources (CIKR) of the United States emerged as a national priority [Oba13] and simple adaptation of Information Technology (IT) security solutions for Industrial Control System (ICS) applications presents certain technical challenges for the cybersecurity community.
Results here expand upon AFIT’s PHY-based Level 0 protection strategy that was first introduced by researchers in [LoT14, LTM15]. These early works demonstrated a promising proof-of- concept capability for a Level 0 (physical end-device) anomaly detection scheme that aims to improve cyber-physical system resilience using device fingerprints composed of Wired Signal Distinct Native Attribute (WS-DNA) features. The WS-DNA features were extracted from WS responses of differential pressure transmitters employing smart sensor technology to control and monitor an experimental automated control process.
AFIT’s WS-DNA exploitation capability has been expanded, with results here based on field devices from four different manufacturers (Siemens, Yokogawa, Honeywell and Endress+Hauser) implementing the Highway Addressable Remote Transducer (HART) protocol. The aim is on discovering discriminable PHY features from the Frequency Shift Keyed (FSK) signals used for closed-loop control. Discriminability is assessed for a multi-state problem using each of the manufacturer devices operating under two different conditions. Manufacturer and operating state discrimination results include percent correct classification of %C ≥ 90% for both manufacturer (cross-model) and serial number (like-model) assessments. Thus, Level 0 WS-DNA processing is promising for discriminating field device manufacturer/operating state and remains a viable alternative for securing ICS operations.
