print preview Back News

The CYD Campus demonstrates new forms of attack against critical infrastructures

Computer scientists at the Cyber-Defence (CYD) Campus are researching topics surrounding cyber security in Switzerland as part of their doctoral theses. In his dissertation, Daniel Moser, who recently completed his doctorate at the Cyber-Defence Campus, questioned established attacker models of the cyber community in terms of their feasibility. He demonstrates that attackers are capable of far more than previously thought. To effectively counter the intensified threat situation, he has developed new countermeasures which could increase the cyber security of critical infrastructures in the future.

27.07.2021 | Sarah Frei, Cyber-Defence Campus, armasuisse Science and Technology

Glowing dots connecting mountain peaks in Switzerland

Technological progress increases potential for attack

It is a widespread misconception that critical infrastructures such as electricity networks, air traffic control systems and satellite communication are at the forefront of cyber security and use only the latest and most secure technologies. In reality, the communication infrastructures in use are often decades old, which makes them susceptible to malicious manipulation and cyber attacks. Regular reports of hacked critical infrastructures indicate that these security problems are omnipresent. This discrepancy between expectations and reality is due to a variety of reasons. Industrial facilities are highly complex, often custom-made, in operation for decades and correspondingly expensive. In addition, security technologies, if they are used at all, often become obsolete within just a few years. At the same time, the threat environment is continuously changing, as technological progress creates novel opportunities for attack. After new infrastructure has been introduced, this progress thus opens up an increasingly larger gap between the technical capabilities available to an attacker and the defence mechanisms of the infrastructure. 

Threat from new types of attacker models

Within the cyber community, assumptions have previously been made about an attacker's capabilities that were not re-evaluated and simply not considered possible, despite the advancing technological progress. As part of his PhD thesis, Daniel Moser has critically examined existing assumptions about the technical possibilities of radio-based attacks on critical infrastructures. To this end, he has experimentally investigated theoretical attacker models in the laboratories of the Cyber-Defence Campus, which had so far been considered unfeasible. His analysis proves that these attacker models can be implemented with today’s technical resources. For example he was able to generate high-precision radio signals which allow an attacker to perform distributed time-synchronised attacks on several recipients simultaneously, or even to erase signals in the air in order to make evidence of an attack disappear. 

New threat scenario requires suitable countermeasures

Technological progress makes it clear that the existing countermeasures are no longer adequate to mitigate these dangers. In response to this, Daniel Moser together with scientists from armasuisse Science and Technology and ETH Zurich has devised countermeasures that can deal with the expanded cyber threat situation. They jointly developed a system to detect fake aircraft position messages. This system uses radio signals which are reflected by the metal of the aircraft in order to verify the claimed aircraft positions. The dissertation also addresses the question of how sensors in critical infrastructures can be protected using novel cryptographic procedures such as multi-party computation or homomorphic encryption.

Anticipating future threat situations

In his research work, Daniel Moser makes it clear that system developers, procurement and security officers need to consider not only which types of attacks are possible today, but also what can be expected on the horizon. With further progress in computer and wireless technology, it is foreseeable that increasingly complex attacks will become a reality. For this reason, new systems, especially in the case of critical infrastructures, must be designed to protect effectively not only against current security risks, but also against those in the future.