synERGY is a 30 months project funded by the The Austrian Research Promotion Agency (FFG) during the ICT of the Future call. AIT Austrian Institute of Technology is coordinating it and seven additional partners from Austria are part of the project.
Cyber Physical Systems (CPS), e.g., those used in value-added networks to realize distributed manufacturing, are vulnerable to various kinds of cyber-attacks. This is because, amongst other reasons, they make use of commercial-off-the-shelf products to implement industrial control systems, and interact across organizational boundaries and physical borders. The degree of sophistication of modern cyber-attacks has increased in recent years – in the future, these attacks will increasingly target CPS. Unfortunately, today’s security solutions that are used for enterprise IT infrastructures are not sufficient to protect CPS, which have largely different properties, involve heterogeneous technologies, and have an architecture that is very much shaped to specific physical processes. Furthermore, preventive security techniques clash with the stringent safety requirements in CPS, e.g., blocking suspicious behaviour might be acceptable in an enterprise IT environment, but certainly not in time- and safety-critical environments that are synonymous with CPS. The chances of unwanted sideeffects are enormous. As a consequence, reactive security techniques must be applied to CPS, which rely upon the ability to detect attacks in a timely and accurate manner. In order to achieve this, especially for complex and stealthy multi-stage attacks, an approach is required that correlates information from all CPS layers, including the field area, the SCADA backend, the enterprise IT and the WAN (in case of large-scale CPS). However, today’s security solutions usually address only single layers, and are not able to take account of the full picture. This leads to an operator having a limited view regarding the root cause of an attack, which can reduce the overall availability of a CPS.
Therefore, the objective of synERGY is to develop new methods, tools and processes for cross-layer Anomaly Detection (AD) to enable the early discovery of both cyber- and physical-attacks, which will have an impact on the security of CPS. To achieve this, synERGY will develop novel machine learning approaches to understand a system’s normal behaviour and detect consequences of security issues as deviations from the norm. While this concept usually fails for enterprise environments, because of their complex behavioural patterns, the approach is very promising for CPS in value networks that have a rather deterministic behavior. The solution proposed by synERGY will flexibly adapt itself to specific CPS layers (e.g., automatically applying more sensitive behaviour deviation thresholds to more deterministic system areas, and be less strict for other parts), thus improving its detection capabilities. Moreover, synERGY will interface with various organizational data sources, such as asset databases, configuration management, and risk data (the latter is especially of interest for flexible monitoring of the most threatened components). The aim is to facilitate the semi-automatic interpretation of detected anomalies, which can help to reduce false positives and increase the utility of the system to an operator. The synERGY approach will be evaluated in real smart grid vendor environments – a societally important CPS. As a “byproduct” of this evaluation, we plan to make raw CPS data sets available (in compliance with synERGY’s data management plan) to other research groups working on new anomaly detection methods. We propose, because of the modular approach taken in the project, the synERGY results will be readily applicable to a wide range of CPS in value networks, and will thus result in broader impact on future CPS security solutions.