Design and Detection of Covert Man-in-the-Middle Cyberattacks on Water Treatment Plants

TL;DR

This paper presents a systematic approach to designing covert man-in-the-middle cyberattacks on water treatment plants, evaluating their stealthiness, and assessing detection methods to improve industrial control system security.

Contribution

It introduces a modeling framework for covert MitM attacks on water treatment systems and evaluates the effectiveness of detection strategies like PASAD against these attacks.

Findings

Attack stealthiness is affected by system noise and model inaccuracies.

Covert attacks can bypass existing detection methods under certain conditions.

Robust detection strategies are necessary for industrial control environments.

Abstract

Cyberattacks targeting critical infrastructures, such as water treatment facilities, represent significant threats to public health, safety, and the environment. This paper introduces a systematic approach for modeling and assessing covert man-in-the-middle (MitM) attacks that leverage system identification techniques to inform the attack design. We focus on the attacker's ability to deploy a covert controller, and we evaluate countermeasures based on the Process-Aware Stealthy Attack Detection (PASAD) anomaly detection method. Using a second-order linear time-invariant with time delay model, representative of water treatment dynamics, we design and simulate stealthy attacks. Our results highlight how factors such as system noise and inaccuracies in the attacker's plant model influence the attack's stealthiness, underscoring the need for more robust detection strategies in industrial control environments.