Defending Against Firmware Cyber Attacks on Safety-Critical Systems

Johnson, C. W. , Saleem, M. H., Evangelopoulou, M. , Cook, M. , Harkness, R. and Barker, T. (2017) Defending Against Firmware Cyber Attacks on Safety-Critical Systems. Proceedings 35th International System Safety Conference, Albuquerque, NM, USA, 21-25 Aug 2017.

150355.pdf - Accepted Version



In the past, it was not possible to update the underlying software in many industrial control devices. Engineering teams had to ‘rip and replace’ obsolete components. However, the ability to make firmware updates has provided significant benefits to the companies who use Programmable Logic Controllers (PLCs), switches, gateways and bridges as well as an array of smart sensor/actuators. These updates include security patches when vulnerabilities are identified in existing devices; they can be distributed by physical media but are increasingly downloaded over Internet connections. These mechanisms pose a growing threat to the cyber security of safety-critical applications, which are illustrated by recent attacks on safety-related infrastructures across the Ukraine. Subsequent sections explain how malware can be distributed within firmware updates. Even when attackers cannot reverse engineer the code necessary to disguise their attack, they can undermine a device by forcing it into a constant upload cycle where the firmware installation never terminates. In this paper, we present means of mitigating the risks of firmware attack on safety-critical systems as part of wider initiatives to secure national critical infrastructures. Technical solutions, including firmware hashing, must be augmented by organizational measures to secure the supply chain within individual plants, across companies and throughout safety-related industries.

Item Type:Conference or Workshop Item
Glasgow Author(s) Enlighten ID:Cook, Mr Marco and Evangelopoulou, Miss Maria and Johnson, Professor Chris and Harkness, Mr Robert
Authors: Johnson, C. W., Saleem, M. H., Evangelopoulou, M., Cook, M., Harkness, R., and Barker, T.
College/School:College of Science and Engineering > School of Computing Science
Copyright Holders:Copyright © 2017 The Authors
Publisher Policy:Reproduced with the permission of the Authors

University Staff: Request a correction | Enlighten Editors: Update this record

Project CodeAward NoProject NamePrincipal InvestigatorFunder's NameFunder RefLead Dept
694461EPSRC Centre for Multiscale soft tissue mechanics with application to heart & cancerRaymond OgdenEngineering and Physical Sciences Research Council (EPSRC)EP/N014642/1M&S - MATHEMATICS
689601The first fully coupled mitral valve - left ventricle computational modelXiaoyu LuoLeverhulme Trust (LEVERHUL)RF-2015-510M&S - MATHEMATICS