4 Threats and Attacks to ICS
4.1. General principle of an attack
In general, an industrial control system (ICS) is subject to threats, generated by sources of threats. These sources of threats use an attack vector to carry out an attack.
The attack may be directed at the control command system (BPCS) that controls the physical system, or it may be directed at the safety instrumented system (SIS), so as to create damage when the system uses safety functions.
The path or means used to access the target system is called the “attack vector”.
Figure 4.1. Vector of attack and vulnerability. For a color version of this figure, see www.iste.co.uk/flaus/cybersecurity.zip
The objective of a computer attack is to create damage to one of the installation’s assets. Different types of damage are possible:
- – the asset may be corrupted, so that the system performs incorrect actions, or provides incorrect results, or information is lost;
- – the asset can be spied on: information related to the asset is accessible to persons who should not have access to it;
- – the property may become unavailable or very slow, so that use of the system or network becomes impossible or impractical, which is particularly problematic for a real-time control system or a security system.
To successfully create this damage, an attacker has a number of options that may be logical or physical, i.e. through computer ...