Trusted Hardware Sensors For Anomaly Detection In Critical Infrastructure Systems

Anomaly Detection Systems (ADS), as part of a Security Information and Event Management (SIEM) system, are a cyber-security tool for identifying potential threats inside an Information Technology (IT) System. They are widely used in Critical Infrastructure (CI) Systems for protection against attacks that can cause severe problems to public security and welfare. ADS collect information from various kinds of sources and correlate them to identify anomaly events. Such sources can be devices and software sensors which inside a CI context (factories, power plants, remote locations) are placed in open areas and left unattended. Such devices are vulnerable to tampering and malicious manipulation which may then lead an ADS or SIEM system to ignore or falsely alert possible cyber-security problems. In this paper, we describe strategies to mitigate the above problem using hardware means in order to enhance trust on ADS sensors. Furthermore we propose a hardware/software based approach for legacy CI devices that can act as an ADS sensor or a tool for ensuring software ADS sensor data are not tampered.