Hyunguk Yoo

• Doctor of Philosophy
• Professor (Assistant) at University of New Orleans

Industrial control systems (ICS) are critical for safe and efficient operations of critical infrastructures such as power grids, pipelines, and water treatment facilities. Attackers target ICS, mainly programmable logic controllers (PLC), to sabotage underlying infrastructure. A PLC controls a physical process through connected sensors and actuator...

Programmable logic controllers (PLC) are special-purpose embedded devices used in various industries for automatic control of physical processes. Cyberattacks on PLCs can unleash mayhem in the physical world. In case of a security breach, volatile memory acquisition is critical in investigating the attack since it provides unique insights into the...

Programmable logic controllers (PLCs) run a `control logic' program that defines how to control a physical process such as a nuclear plant, power grid stations, and gas pipelines. Attackers target the control logic of a PLC to sabotage a physical process. Most PLCs employ password-based authentication mechanisms to prevent unauthorized remote acces...

The introduction of the cyber-physical system (CPS) into power systems has created a variety of communication requirements and functions that existing legacy systems do not support. To this end, the IEEE 1815.1 standard defines the mapping between existing distributed network protocol networks and IEC 61850 networks that reflect new requirements. H...

Remote control-logic injection attacks on programmable logic controllers (PLCs) impose critical threats to industrial control system (ICS) environments. For instance, Stuxnet infects the control logic of a Siemens S7-300 PLC to sabotage nuclear plants. Several control logic injection attacks have been studied in the past. However, they focus on the...

Programmable logic controllers (PLCs) in industrial control systems (ICS) are vulnerable to remote control logic injection attacks. Attackers target the control logic of a PLC to manipulate the behavior of a physical process such as nuclear plants, power grids, and gas pipelines. Control logic attacks have been studied extensively in the literature...

Programmable logic controllers (PLCs) in industrial control systems (ICS) are vulnerable to remote control logic injection attacks. Attackers target the control logic of a PLC to manipulate the behavior of a physical process such as nuclear plants, power grids, and gas pipelines. Control logic attacks have been studied extensively in the literature...

This paper presents CLIK, a new remote attack on the control logic of a programmable logic controller (PLC) in industrial control systems. The control logic defines how a PLC controls a physical process such as a nuclear plant. A full control logic attack faces two critical challenges: 1) infecting the control logic in a PLC at a field site and, 2)...

Remote control-logic injection attacks on programmable logic controllers (PLCs) impose critical threats to industrial control system (ICS) environments. For instance, Stuxnet infects the control logic of a Siemens S7-300 PLC to sabotage nuclear plants. Several control logic injection attacks have been studied in the past. However, they focus on the...

In the era of Industry 4.0, information and communication technology (ICT) has been applied to various critical infrastructures, such as power plants, smart factories, and financial networks, to ensure and automate industrial systems. In particular, in the field of power control systems, ICT technology such as industrial internet of things (IoT) is...

We present a new type of attack termed denial of engineering operations in which an attacker can interfere with the normal cycle of an engineering operation leading to a loss of situational awareness. Specifically, the attacker can deceive the engineering software during attempts to retrieve the ladder logic program from a programmable logic contro...

In the past, the security of industrial control systems was guaranteed by their obscurity. However, as devices of industrial control systems became more varied and interaction between these devices became necessary, effective management systems for such networks emerged. This triggered the need for cyber-physical systems that connect industrial con...

IEC 61850, an international standard for communication networks, is becoming prevalent in the cyber–physical system (CPS) environment, especially with regard to the electrical grid. Recently, since cyber threats in the CPS environment have increased, security matters for individual protocols used in this environment are being discussed at length. H...

Currently, most records are produced and stored digitally using various types of media storage and computer systems. Unlike physical records such as paper-based records, identifying, collecting, and analyzing digital records require technical knowledge and tools that are not found in archival institutions. As a result, archival institutions face ch...

In the past, control system networks were isolated from public external networks, so there was no way to access the control system networks from external networks. Security issues of control system networks were originated and guaranteed by itself. It can be a security by obscurity. Recently, most of devices in the control systems are changing with...

Digital Records, which are created, stored, and managed in digital form, contains security vulnerability such as data modification, due to the characteristic of digital data. Therefore it is necessary to guarantee the reliability by verification of integrity and authenticity when managing digital records. This paper propose digital forensics based...

An SA (Substation Automation) system based on IEC 61850 is an intelligent substation; it has been receiving considerable attention as a core component of a smart grid. The explosive increase of threats to cyber security has been expanded to critical national infrastructures including the power grid. Substation Automation has also become a main targ...

This paper proposes normal behavior profiling methods for anomaly detection in IEC 61850 based substation network. Signature based security solutions, currently used primarily, are inadequate for APT attack using zero-day vulnerabilities. Recently, some researches about anomaly detection in control network are ongoing. However, there are no publish...

Recent cyber attacks targeting control systems are getting sophisticated and intelligent notoriously. As the existing signature based detection techniques faced with their limitations, a whitelist model with security techniques is getting attention again. However, techniques that are being developed in a whitelist model used at the application leve...

Recently, according with a sudden increase of records produced and stored by digital way, it becomes more important to maintain reliability and authenticity and to ensure legal effect when digital records are collected, preserved and managed. On the basis of domestic legal procedure law and record management-related legislation, this paper consider...