{"690884":{"#nid":"690884","#data":{"type":"news","title":"ICSFlux: Using Physics to Uncover Cyberthreats ","body":[{"value":"\u003Cp\u003EThe factories, water utilities, and power systems that keep daily life running rest on the assumption that as long as no one breaks into the computers that run the equipment, the equipment stays safe.\u0026nbsp;\u003C\/p\u003E\u003Cp\u003ELogically this makes sense and has been backed up by past security research. However, researchers at Georgia Tech have found hidden paths in cyber-physical systems that attackers can use to disrupt or even destroy them.\u003C\/p\u003E\u003Cp\u003ETo find these hidden paths before an attacker does, the researchers built a testing tool called ICSFlux. This new tool leans on the physics used by the industrial process and maps out the system to find new threats that were once thought impossible.\u0026nbsp;\u003C\/p\u003E\u003Cp\u003EICSFlux was deployed across 11 different programmable logic controllers in six industrial sectors, including chemical manufacturing, water treatment, power grids, aircraft, desalination, and waste processing. The process uncovered twenty genuine safety violations.\u0026nbsp;\u003C\/p\u003E\u003Cp\u003EIn one case drawn from a chemical-plant simulation, an attack path uncovered by the tool drove a reactor past its safe pressure limit and into a simulated explosion. By using nothing but valid operator commands, the team took the reactor from a completely normal and stable state to critical territory.\u0026nbsp;\u003C\/p\u003E\u003Cp\u003EBecause the method relies only on the physics of a process and not on the details of any one controller, the same tool worked across all six sectors without being rebuilt, and it reduced the search space by roughly 50%.\u003C\/p\u003E\u003Cp\u003E\u003Ca href=\u0022https:\/\/sahinburak.github.io\/\u0022\u003E\u003Cstrong\u003EBurak Sahin\u003C\/strong\u003E\u003C\/a\u003E, a Ph.D. student at Georgia Tech and the study\u0027s lead author, found that by sending a series of perfectly normal, fully authorized commands, intruders can slowly nudge a physical process toward a dangerous state.\u0026nbsp;\u003C\/p\u003E\u003Cp\u003E\u201cThese systems are usually judged safe as long as nobody hacks into them,\u0027\u0027 Sahin said. \u201cWhat we found is that an attacker who can send everyday commands, the same ones a normal operator sends, can patiently steer the process toward a failure. No single command looks wrong, which is exactly why the usual defenses miss it.\u0027\u0027\u003C\/p\u003E\u003Cp\u003EMost existing tools assume an attacker can rewire the controller or change the software inside it. In the real world, those controllers are locked down and cannot be touched. ICSFlux takes the opposite and more realistic view. It treats the controller as a sealed box that cannot be opened and works only with the commands an operator is normally allowed to send.\u003C\/p\u003E\u003Cp\u003ERather than measuring how much of a controller\u0027s software it has exercised, the usual yardstick for this kind of testing, ICSFlux measures how close the physical system is getting to an unsafe limit and steers its testing in that direction.\u003C\/p\u003E\u003Cp\u003E\u201cTwo different sensor readings can run through the exact same code and still send a reactor in completely different directions,\u0027\u0027 Sahin said. \u201cLooking only at the software tells you nothing about whether the physical system is safe. We had to follow the physics, not the code.\u0027\u0027\u003C\/p\u003E\u003Cp\u003EOne of the study\u0027s most important takeaways emerged when the researchers tightened the safety margins to see whether caution alone would help. Even when every command stayed within approved limits, the way the controller reacted to a steady stream of small adjustments could still cause pressure to overshoot and the reactor to fail. In other words, staying inside the rules was not always enough.\u003C\/p\u003E\u003Cp\u003EAll of the team\u0027s experiments were carried out on secured, controlled test beds. The work was conducted with Georgia Tech\u0027s \u003Ca href=\u0022https:\/\/sites.gatech.edu\/capcpsec\/\u0022\u003ECyber-Physical Systems Security Lab\u003C\/a\u003E, whose research spans the security of cyber-physical systems from industrial programmable logic controllers to marine, automotive, and drone platforms. Georgia Tech\u0027s \u003Ca href=\u0022https:\/\/cyfi.ece.gatech.edu\/\u0022\u003ECyber Forensics Innovation Laboratory\u003C\/a\u003E, a team of researchers who work together to further the investigation of advanced cyber crimes and the analysis and prevention of next-generation malware attacks, also contributed to the paper.\u0026nbsp;\u003C\/p\u003E\u003Cp\u003EThe labs are a collaboration between the \u003Ca href=\u0022https:\/\/scp.cc.gatech.edu\/\u0022\u003ESchool of Cybersecurity and Privacy\u003C\/a\u003E and the \u003Ca href=\u0022https:\/\/ece.gatech.edu\/\u0022\u003ESchool of Electrical and Computer Engineering\u003C\/a\u003E.\u0026nbsp;\u003C\/p\u003E\u003Cp\u003E\u003Cem\u003EFuzzing the Physical Space: Physics-Aware Testing of Black-Box Industrial Control Systems\u003C\/em\u003E\u0027 was accepted to the \u003Ca href=\u0022https:\/\/sp2026.ieee-security.org\/\u0022\u003E2026 IEEE Symposium on Security and Privacy\u003C\/a\u003E. In addition to Sahin, the team includes Ph.D. students \u003Cstrong\u003EDavid Oygenblik\u003C\/strong\u003E, \u003Cstrong\u003EMingxuan Yao\u003C\/strong\u003E, and \u003Cstrong\u003EYizhi Huang \u003C\/strong\u003Eas well as Associate Professors \u003Cstrong\u003EBrendan Saltaformaggio\u003C\/strong\u003E, and \u003Cstrong\u003ESaman Zonouz\u003C\/strong\u003E.\u003C\/p\u003E","summary":"","format":"limited_html"}],"field_subtitle":"","field_summary":[{"value":"\u003Cp\u003EThe factories, water utilities, and power systems that keep daily life running rest on the assumption that as long as no one breaks into the computers that run the equipment, the equipment stays safe.\u0026nbsp;\u003C\/p\u003E\u003Cp\u003ELogically this makes sense and has been backed up by past security research. However, researchers at Georgia Tech have found hidden paths in cyber-physical systems that attackers can use to disrupt or even destroy them.\u003C\/p\u003E\u003Cp\u003ETo find these hidden paths before an attacker does, the researchers built a testing tool called ICSFlux. This new tool leans on the physics used by the industrial process and maps out the system to find new threats that were once thought impossible.\u0026nbsp;\u003C\/p\u003E","format":"limited_html"}],"field_summary_sentence":[{"value":"To find hidden vulnerabilites before an attacker does, researchers built a testing tool called ICSFlux that leans on the physics used by the industrial process and maps out the system to find new threats once thought impossible. "}],"uid":"36253","created_gmt":"2026-06-24 14:57:00","changed_gmt":"2026-06-24 15:10:58","author":"John Popham","boilerplate_text":"","field_publication":"","field_article_url":"","location":"Atlanta, GA","dateline":{"date":"2026-06-24T00:00:00-04:00","iso_date":"2026-06-24T00:00:00-04:00","tz":"America\/New_York"},"extras":[],"hg_media":{"680500":{"id":"680500","type":"image","title":"utilities.jpg","body":null,"created":"1782313123","gmt_created":"2026-06-24 14:58:43","changed":"1782313123","gmt_changed":"2026-06-24 14:58:43","alt":"A collection of utilities like power plants, geothermal stations, solar farms, etc.","file":{"fid":"264773","name":"utilities.jpg","image_path":"\/sites\/default\/files\/2026\/06\/24\/utilities.jpg","image_full_path":"http:\/\/hg.gatech.edu\/\/sites\/default\/files\/2026\/06\/24\/utilities.jpg","mime":"image\/jpeg","size":3540206,"path_740":"http:\/\/hg.gatech.edu\/sites\/default\/files\/styles\/740xx_scale\/public\/2026\/06\/24\/utilities.jpg?itok=RC1Hy0vy"}},"680501":{"id":"680501","type":"image","title":"Burak-Sahin.jpg","body":"\u003Cp\u003E\u003Cstrong\u003EBurak Sahin\u003C\/strong\u003E, a Ph.D. Candidate in Computer Science at the \u003Ca href=\u0022https:\/\/www.gatech.edu\/\u0022\u003EGeorgia Institute of Technology\u003C\/a\u003E, advised by \u003Ca href=\u0022https:\/\/sites.google.com\/site\/samanzonouz4n6\/saman-zonouz\u0022\u003ESaman Zonouz\u003C\/a\u003E (\u003Ca href=\u0022https:\/\/sites.gatech.edu\/capcpsec\/\u0022\u003ECPSec Lab\u003C\/a\u003E) and co-advised by \u003Ca href=\u0022https:\/\/saltaformaggio.ece.gatech.edu\/\u0022\u003EBrendan Saltaformaggio\u003C\/a\u003E (\u003Ca href=\u0022https:\/\/cyfi.ece.gatech.edu\/\u0022\u003ECyFI Lab\u003C\/a\u003E)\u003C\/p\u003E","created":"1782313398","gmt_created":"2026-06-24 15:03:18","changed":"1782313398","gmt_changed":"2026-06-24 15:03:18","alt":"A side profile of a man\u0027s face. He has long hair and a beard","file":{"fid":"264774","name":"Burak-Sahin.jpg","image_path":"\/sites\/default\/files\/2026\/06\/24\/Burak-Sahin.jpg","image_full_path":"http:\/\/hg.gatech.edu\/\/sites\/default\/files\/2026\/06\/24\/Burak-Sahin.jpg","mime":"image\/jpeg","size":75559,"path_740":"http:\/\/hg.gatech.edu\/sites\/default\/files\/styles\/740xx_scale\/public\/2026\/06\/24\/Burak-Sahin.jpg?itok=3mVGJ9eI"}}},"media_ids":["680500","680501"],"groups":[{"id":"47223","name":"College of Computing"},{"id":"1188","name":"Research Horizons"},{"id":"660406","name":"School of Cybersecurity \u0026 Privacy"},{"id":"660367","name":"School of Cybersecurity and Privacy"}],"categories":[{"id":"42901","name":"Community"},{"id":"153","name":"Computer Science\/Information Technology and Security"},{"id":"150","name":"Physics and Physical Sciences"},{"id":"135","name":"Research"},{"id":"134","name":"Student and Faculty"},{"id":"8862","name":"Student Research"}],"keywords":[],"core_research_areas":[{"id":"145171","name":"Cybersecurity"}],"news_room_topics":[],"event_categories":[],"invited_audience":[],"affiliations":[],"classification":[],"areas_of_expertise":[],"news_and_recent_appearances":[],"phone":[],"contact":[{"value":"\u003Cp\u003EJohn Popham\u003C\/p\u003E\u003Cp\u003ECommunications Officer II at the School of Cybersecurity and Privacy\u003C\/p\u003E","format":"limited_html"}],"email":["jpopham3@gatech.edu"],"slides":[],"orientation":[],"userdata":""}}}