Contactless Monitoring of Critical Infrastructure

Industrial control systems (ICSs) manage and monitor critical civil or military infrastructure, such as water treatment facilities, power plants, electricity grids, transportation systems, oil and gas refineries, and health care. Because they are so important, ICSs are becoming attractive targets for malicious attacks that could lead to catastrophic failures with substantive impacts. Among such attacks was the BlackEnergy worm [1], which was used in 2015 against the Ukrainian electricity grid, resulting in widespread power outages, and the Stuxnet malware [2], which was used in 2010 and physically damaged 20% of the Iranian centrifuges controlled by programmable logic controllers (PLCs). New security concerns arise as the public adopts Internet of Things (IoT) devices, resulting in household electronics becoming computers that can be targets for malware. Over the last few years, Internet-connected appliances, home routers, webcams, and printers were used to launch distributed denial-of-service (DDoS) attacks, often without their owners' knowledge. The largest DDoS attack to target IoT devices was in 2016, when a botnet malware family named Mirai was launched [3]. IoT devices are attractive targets for malware because they lack cryptographic encryption and strong default authentication.