A computer controller is a control system of hardware and software that produces desired output signals to actuators from input signals obtained through sensors. A simple example of the computer controller is a digital thermostat or temperature controller that reads the temperature of a space through temperature sensors and produces a turn-on or turn-off signal to air-conditioner units. More complex computer controllers are engine control systems in cars, programmable logic controllers in manufacturing lines and petrochemical processing plants, and digital relays in unmanned remote power substations.
Present computer controllers are equipped with high-end microprocessors and network capabilities along with sophisticated software, and thus they are now called intelligent electronic devices. These intelligent devices are getting connected to communication servers which in turn provide, via open networks or the Internet, plant operators, system designers and developers, corporate managers, and vendors with convenient access to them for update, maintenance, and modification of the hardware and software components.
FIG. 1 illustrates an example of such a prior art control system 100. A field/plant 105 constitutes the process or mechanism being controlled by the control system 100. The field/plant 105 can be any process or mechanism where a computer can automatically control operation of at least a portion of the process or mechanism such as in the non-limiting examples provided above. A computer controller 110 includes hardware 112 and software 114 aspects to perform its control function and may further include various ports to facilitate communication with other devices such as USB drives or other computing devices to allow updating, analysis, or maintenance of the system, which may be performed by outside vendors. The computer controller 110 receives signals from one or more sensors 120 from the field/plant 105 regarding the controlled process or mechanism. Based on those signals, the computer controller 110 automatically controls at least one actuator 130 to effect some change or control in the process or mechanism of the field/plant 105.
Optionally, the computer controller 110 can connect to a network 140, for example, directly or through a communication server 151. The network 140 can be any network such as a local private network or a public network such as the Internet. Through the network, the computer controller 110 may communicate with a management system 161 that is located, for example, at a corporate level network 170. The management system 161 can update or monitor the computer controller 110.
The convenience of access to the computer controllers, however, poses cyber vulnerability to the controllers of being maliciously or accidentally modified or operated illegitimately. A virus or worm may penetrate to the computer controllers via the infected computer of a vendor and may shut down the entire operation of the controller. An infected thumb drive (or USB memory stick) of a maintenance person who accesses the communication serve may is advertently infect the computer controllers and thus cause a wrong operation immediately or latently. A malicious attack from a hacker who is knowledgeable of the hardware and software structure of a computer controller may be able to access through Internet and false authentication and modify the software code for ill-intended operation to cause havoc such as power outage, sewage spillage, nuclear plant shutdown, or contamination in water treatment.
The current focus on the cyber-security for computer control systems is centered on security measures that include development of security policies, development of access control lists and firewalls and proxy servers, development of event logs to detect malicious cyber activities, and development of updating, upgrading, and patching the software vulnerability. The fundamental problem of the current focus and practice of cyber-security for computer controllers is that it ignores the plain truth that it is impossible to predict cyber events throughout the computer controller's lifecycle, and that, the detection and mitigation strategies may be good for old and known malwares and viruses only.