Parametrization and Effectiveness of Moving Target Defense Security Protections for Industrial Control Systems
- Author(s): Chavez, Adrian R.
- et al.
Critical infrastructure systems continue to foster predictable communication patterns and static configurations over extended periods of time. The static nature of these systems eases the process of gathering reconnaissance information that can be used to design, develop, and launch attacks by adversaries. In this research effort, the early phases of an attack vector will be disrupted by randomizing application port numbers, IP addresses, and communication paths dynamically through the use of overlay networks within Industrial Control Systems (ICS). These protective measures convert static systems into "moving targets," adding an additional layer of defense. Moving Target Defense (MTD) is an active area of research that periodically changes the attack surface of a system to create uncertainty and increase the workload for an adversary. To assess the effectiveness of MTD strategies within an ICS environment, performance metrics have been captured to quantify the impacts introduced to the operational network and to the adversary. Our MTD strategies are implemented using Software Defined Networking (SDN) to provide a scalable and transparent solution to the end devices within the network. We show that our MTD techniques are feasible within an ICS environment and that they can improve the resiliency of ICS systems. Our MTD strategies meet the real-time constraints of ICS systems and incur latency impacts of less than 50 ms and in most cases, well under 20 ms. Resiliency is improved by introducing crash tolerant and Byzantine fault tolerant algorithms to detect and prevent attacks against the SDN controller. We also evaluate the success rates of individual adversaries, distributed adversaries, and those attempting side-channel attacks to learn the frequencies at which the MTD techniques reconfigure the system. We demonstrate the effectiveness of our approaches in simulated, virtualized, and representative ICS environments.