Research | Cornell Security

Research Paper

Detecting Lies at the Signal Layer

Author: Norris Cornell · Published: May 5, 2026 · Version: Article · Part 4 of 4

Standard ICS monitoring watches the network and the controller. Signal-layer attacks arrive below both. Five detection techniques for the gap between what the controller believes and what the process actually is.

Read Paper Download PDF

Research Paper

When Software Updates Lie: The SolarWinds Supply Chain Attack

Author: Norris Cornell · Published: April 21, 2026

In December 2020, 18,000 organizations discovered they had been running Russian intelligence malware for nearly a year — delivered via a software update they explicitly trusted. This analysis examines how APT29 turned SolarWinds' own code-signing infrastructure into a weapon, why every security control failed, and what the "Inputs Lie" framework reveals about trust boundary failures across cybersecurity domains.

Read Paper Download PDF

Research Paper

Logic Follows Lies: How PLCs and RTUs Execute Adversarial Intent

Author: Norris Cornell · Published: March 26, 2026 · Version: Article · Part 3 of 4

When deterministic control logic executes on manipulated inputs, failure is engineered to look like equipment malfunction. What detection actually requires at the physics layer.

Read Paper Download PDF

Research Paper

Signal Manipulation in Industrial Control Systems: Why Traditional Security Fails at the Physics Layer

Author: Norris Cornell · Published: March 9, 2026 · Version: Research Paper

How signal manipulation attacks bypass traditional ICS security controls at the physics layer — and what defenders need to do differently.

Read Paper Download PDF

Research Paper

Inputs Lie: KAMACITE, VOLTZITE, and the Signals Gap

Author: Norris Cornell · Published: December 9, 2025 · Version: Article · Part 2 of 4

How nation-state actors exploit the signals layer that traditional ICS security frameworks don't cover — and what defenders can detect without replacing legacy infrastructure.

Read Paper Download PDF

Research Paper

Inputs Lie: Your System Trusts Signals It Shouldn't

Author: Norris Cornell · Published: December 2, 2025 · Version: Article · Part 1 of 4

If you lie to an industrial system about its inputs, it will execute that lie faithfully into the physical world. The first article in the Inputs Lie series.

Read Paper Download PDF

Research Paper

The Water Sector's Default Password Problem

Author: Norris Cornell · Published: August 2, 2025 · Version: Research Paper

An exposé on how the water and wastewater industry’s reliance on default credentials leaves critical infrastructure open to compromise.

Read Paper Download PDF

Research Paper

Logic Follows Lies: How PLCs and RTUs Fail Under Adversarial Conditions

Author: Norris Cornell · Published: July 19, 2025 · Version: Research Paper

An investigation into how deterministic control logic behaves when fed adversarial inputs, and how to design industrial automation that degrades safely instead of catastrophically.

Read Paper Download PDF

Research Paper

Satellite Cybersecurity: When Cyber Meets the Spectrum

Author: Norris Cornell · Published: July 1, 2025 · Version: Whitepaper

How SIGINT, industrial control systems and application security converge around satellite timing and RF dependencies in critical infrastructure.

Read Paper Download PDF

Research Archive