Cybersecurity threats to p&c systems

Yuly Bay, Yana Malkova, Anna Buran

Division for Power and Electrical Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Vulnerabilities introduced into the hardware and software by P&C system manufacturers are typically difficult for the EPU's P&C engineers to discover and patch. The most common cybersecurity flaw is a vulnerability that provides the means to inject malicious code into the P&C system software. The primary reason to consider this type of attack is that it can allow an individual to bypass the access control restrictions set by the developer or EPU's P&C engineer. P&C system engineers should review all wireless remote access to the P&C system. Depreciate wireless access using WEP encryption and their interface to the P&C system network declared "untrusted". Lastly, P&C managers should not view these vulnerabilities of P&C assets independently as a successful cyber-Attack typically involves exploitation of a chain of vulnerabilities present on various assets. Consequently, there is a need to model and analyze the entire sys-Tem-of-systems to estimate the relative security of a threat scenario.

Original language	English
Title of host publication	International Youth Scientific Conference "Heat and Mass Transfer in the Thermal Control System of Technical and Technological Energy Equipment", HMTTSC 2019
Editors	Geniy Kuznetsov, Evgeniya Orlova, Dmitry Feoktistov
Publisher	American Institute of Physics Inc.
ISBN (Electronic)	9780735418783
DOIs	https://doi.org/10.1063/1.5120650
Publication status	Published - 9 Aug 2019
Event	International Youth Scientific Conference on Heat and Mass Transfer in the Thermal Control System of Technical and Technological Energy Equipment 2019, HMTTSC 2019 - Tomsk, Russian Federation Duration: 23 Apr 2019 → 25 Apr 2019

Publication series

Name	AIP Conference Proceedings
Volume	2135
ISSN (Print)	0094-243X
ISSN (Electronic)	1551-7616

Conference

Conference	International Youth Scientific Conference on Heat and Mass Transfer in the Thermal Control System of Technical and Technological Energy Equipment 2019, HMTTSC 2019
Country	Russian Federation
City	Tomsk
Period	23.4.19 → 25.4.19

Fingerprint

vulnerability

engineers

assets

attack

computer programs

access control

software

bypasses

photographic developers

managers

bypass

exploitation

hardware

constrictions

defects

estimates

ASJC Scopus subject areas

Ecology, Evolution, Behavior and Systematics
Ecology
Plant Science
Physics and Astronomy(all)
Nature and Landscape Conservation

Cite this

Bay, Y., Malkova, Y., & Buran, A. (2019). Cybersecurity threats to p&c systems. In G. Kuznetsov, E. Orlova, & D. Feoktistov (Eds.), International Youth Scientific Conference "Heat and Mass Transfer in the Thermal Control System of Technical and Technological Energy Equipment", HMTTSC 2019 [020013] (AIP Conference Proceedings; Vol. 2135). American Institute of Physics Inc.. https://doi.org/10.1063/1.5120650

Cybersecurity threats to p&c systems. / Bay, Yuly; Malkova, Yana; Buran, Anna.

International Youth Scientific Conference "Heat and Mass Transfer in the Thermal Control System of Technical and Technological Energy Equipment", HMTTSC 2019. ed. / Geniy Kuznetsov; Evgeniya Orlova; Dmitry Feoktistov. American Institute of Physics Inc., 2019. 020013 (AIP Conference Proceedings; Vol. 2135).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Bay, Y, Malkova, Y & Buran, A 2019, Cybersecurity threats to p&c systems. in G Kuznetsov, E Orlova & D Feoktistov (eds), International Youth Scientific Conference "Heat and Mass Transfer in the Thermal Control System of Technical and Technological Energy Equipment", HMTTSC 2019., 020013, AIP Conference Proceedings, vol. 2135, American Institute of Physics Inc., International Youth Scientific Conference on Heat and Mass Transfer in the Thermal Control System of Technical and Technological Energy Equipment 2019, HMTTSC 2019, Tomsk, Russian Federation, 23.4.19. https://doi.org/10.1063/1.5120650

Bay Y, Malkova Y, Buran A. Cybersecurity threats to p&c systems. In Kuznetsov G, Orlova E, Feoktistov D, editors, International Youth Scientific Conference "Heat and Mass Transfer in the Thermal Control System of Technical and Technological Energy Equipment", HMTTSC 2019. American Institute of Physics Inc. 2019. 020013. (AIP Conference Proceedings). https://doi.org/10.1063/1.5120650

Bay, Yuly ; Malkova, Yana ; Buran, Anna. / Cybersecurity threats to p&c systems. International Youth Scientific Conference "Heat and Mass Transfer in the Thermal Control System of Technical and Technological Energy Equipment", HMTTSC 2019. editor / Geniy Kuznetsov ; Evgeniya Orlova ; Dmitry Feoktistov. American Institute of Physics Inc., 2019. (AIP Conference Proceedings).

@inproceedings{ba9d21f564b94e49bd40346e095bac52,

title = "Cybersecurity threats to p&c systems",

abstract = "Vulnerabilities introduced into the hardware and software by P&C system manufacturers are typically difficult for the EPU's P&C engineers to discover and patch. The most common cybersecurity flaw is a vulnerability that provides the means to inject malicious code into the P&C system software. The primary reason to consider this type of attack is that it can allow an individual to bypass the access control restrictions set by the developer or EPU's P&C engineer. P&C system engineers should review all wireless remote access to the P&C system. Depreciate wireless access using WEP encryption and their interface to the P&C system network declared {"}untrusted{"}. Lastly, P&C managers should not view these vulnerabilities of P&C assets independently as a successful cyber-Attack typically involves exploitation of a chain of vulnerabilities present on various assets. Consequently, there is a need to model and analyze the entire sys-Tem-of-systems to estimate the relative security of a threat scenario.",

author = "Yuly Bay and Yana Malkova and Anna Buran",

year = "2019",

month = "8",

day = "9",

doi = "10.1063/1.5120650",

language = "English",

series = "AIP Conference Proceedings",

publisher = "American Institute of Physics Inc.",

editor = "Geniy Kuznetsov and Evgeniya Orlova and Dmitry Feoktistov",

booktitle = "International Youth Scientific Conference {"}Heat and Mass Transfer in the Thermal Control System of Technical and Technological Energy Equipment{"}, HMTTSC 2019",

}

TY - GEN

T1 - Cybersecurity threats to p&c systems

AU - Bay, Yuly

AU - Malkova, Yana

AU - Buran, Anna

PY - 2019/8/9

Y1 - 2019/8/9

N2 - Vulnerabilities introduced into the hardware and software by P&C system manufacturers are typically difficult for the EPU's P&C engineers to discover and patch. The most common cybersecurity flaw is a vulnerability that provides the means to inject malicious code into the P&C system software. The primary reason to consider this type of attack is that it can allow an individual to bypass the access control restrictions set by the developer or EPU's P&C engineer. P&C system engineers should review all wireless remote access to the P&C system. Depreciate wireless access using WEP encryption and their interface to the P&C system network declared "untrusted". Lastly, P&C managers should not view these vulnerabilities of P&C assets independently as a successful cyber-Attack typically involves exploitation of a chain of vulnerabilities present on various assets. Consequently, there is a need to model and analyze the entire sys-Tem-of-systems to estimate the relative security of a threat scenario.

AB - Vulnerabilities introduced into the hardware and software by P&C system manufacturers are typically difficult for the EPU's P&C engineers to discover and patch. The most common cybersecurity flaw is a vulnerability that provides the means to inject malicious code into the P&C system software. The primary reason to consider this type of attack is that it can allow an individual to bypass the access control restrictions set by the developer or EPU's P&C engineer. P&C system engineers should review all wireless remote access to the P&C system. Depreciate wireless access using WEP encryption and their interface to the P&C system network declared "untrusted". Lastly, P&C managers should not view these vulnerabilities of P&C assets independently as a successful cyber-Attack typically involves exploitation of a chain of vulnerabilities present on various assets. Consequently, there is a need to model and analyze the entire sys-Tem-of-systems to estimate the relative security of a threat scenario.

UR - http://www.scopus.com/inward/record.url?scp=85071023668&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85071023668&partnerID=8YFLogxK

U2 - 10.1063/1.5120650

DO - 10.1063/1.5120650

M3 - Conference contribution

T3 - AIP Conference Proceedings

BT - International Youth Scientific Conference "Heat and Mass Transfer in the Thermal Control System of Technical and Technological Energy Equipment", HMTTSC 2019

A2 - Kuznetsov, Geniy

A2 - Orlova, Evgeniya

A2 - Feoktistov, Dmitry

PB - American Institute of Physics Inc.

ER -

Access to Document

10.1063/1.5120650