Securing computers against unlawful and malicious attacks is always important, but it's especially vital when the computers in question control major physical systems—manufacturing plants, transportation systems, power grids. Cybersecurity for cyber-physical systems is the topic of a workshop on April 23 and 24 at the National Institute of Standards and Technology (NIST) campus in Gaithersburg, Md.
Cyber-physical systems are complex hybrids of something physical, the equipment in an advanced factory producing semiconductors, for example, and the networked computers that control the equipment. By designing the equipment and computers as a single system—a cyber-physical system—levels of performance and agility can be achieved that far exceed those in conventional designs. They sometimes are called SCADA (supervisory control and data acquisition) systems or industrial control systems (ICS).
A notorious example of a cyber-attack on a cyber-physical system is the Stuxnet worm, which reportedly was designed to infiltrate specific computerized industrial control systems and insidiously, subtly alter the operations of the system to subvert its operations. When a cyber-attack targets a cyber-physical system, it could have an impact on health, safety or finances.
Cyber-physical systems are everywhere. Most people in the United States come in contact with them daily—driving a car, traveling on roads with stoplights, or working in a manufacturing facility. "Cars built in the last 20 years all have computers," explains workshop organizer Tanya Brewer. Cars were first outfitted with computers for safety reasons such as improved breaking. Now automobiles have added features such as drowsiness warnings and automated parallel parking—all controlled by computers. And, there have been media reports that some car computers have been hacked, says Brewer.
More examples include transportation systems, including trains and planes, pipelines, medical devices and the developing electric Smart Grid.
The Cybersecurity for Cyber-Physical Systems workshop is designed for an audience of engineers and IT security specialists who are interested in the cyber side of these systems. On the first day of the workshop, speakers from the automotive and health care industries will discuss the challenges they are facing while trying to deploy these systems with built-in cybersecurity, and the solutions they are using. One presentation will focus on a multiuse, cyber-physical test-bed being designed for experiments on a variety of systems.
The second day of the workshop is devoted to cybersecurity for the Smart Grid, the next-generation of the electric power grid that is designed for individual homes to interact with the power grid using computers. One presenter will speak about how false data could be injected nefariously into the Smart Grid and how these attacks could be mitigated.
This workshop is part of a series of meetings and other activities NIST is carrying out to develop a coordinated program for the broad class of cyber-physical systems and to address industry-wide needs for interoperability standards, platform technologies and solutions to major technical barriers.
For more information on the Cybersecurity for Cyber-Physical Systems workshop at NIST, see: www.nist.gov/itl/csd/cyberphysical-workshop.cfm.