101,013 research outputs found
Stealthy Deception Attacks Against SCADA Systems
SCADA protocols for Industrial Control Systems (ICS) are vulnerable to
network attacks such as session hijacking. Hence, research focuses on network
anomaly detection based on meta--data (message sizes, timing, command
sequence), or on the state values of the physical process. In this work we
present a class of semantic network-based attacks against SCADA systems that
are undetectable by the above mentioned anomaly detection. After hijacking the
communication channels between the Human Machine Interface (HMI) and
Programmable Logic Controllers (PLCs), our attacks cause the HMI to present a
fake view of the industrial process, deceiving the human operator into taking
manual actions. Our most advanced attack also manipulates the messages
generated by the operator's actions, reversing their semantic meaning while
causing the HMI to present a view that is consistent with the attempted human
actions. The attacks are totaly stealthy because the message sizes and timing,
the command sequences, and the data values of the ICS's state all remain
legitimate.
We implemented and tested several attack scenarios in the test lab of our
local electric company, against a real HMI and real PLCs, separated by a
commercial-grade firewall. We developed a real-time security assessment tool,
that can simultaneously manipulate the communication to multiple PLCs and cause
the HMI to display a coherent system--wide fake view. Our tool is configured
with message-manipulating rules written in an ICS Attack Markup Language (IAML)
we designed, which may be of independent interest. Our semantic attacks all
successfully fooled the operator and brought the system to states of blackout
and possible equipment damage
Vulnerability reduction of infrastructure reconstruction projects
Various infrastructure segments of numerous countries have been repeatedly subjected to natural and man-made disasters. The potential reason of damaging infrastructure
facilities and their services is resultant disaster risks due to natural or man-made hazards connect with vulnerable infrastructure facilities and vulnerable communities. The
simplest way to prevent or mitigate disaster losses is addressing vulnerabilities. The main study based on which this paper was compiled aimed at exploring and
investigating the vulnerabilities of infrastructures and communities benefited from infrastructures and possible solutions to overcome them. This paper presents the
literature review conducted on vulnerabilities of infrastructures and empirical evidence collated on best possible DRR strategies to overcome such vulnerabilities of
infrastructures. The main study was conducted using case study strategy and the expert interviews. This paper is entirely based on the data collated from the expert interviews conducted in Sri Lanka and United Kingdom. The expert interviews discovered various DRR strategies to overcome the vulnerabilities of the infrastructure project
Recommended from our members
Evaluating the resilience and security of boundaryless, evolving socio-technical Systems of Systems
The adaptation continuum: groundwork for the future
The focus of the program was to understand the challenges posed by climate change and climate variability on vulnerable groups and the policies needed to support climate adaptation in developing countries. The aim of the book is to share this experience in the hope that it will be helpful to those involved in shaping and implementing climate change policy
Comparitive assessment of the vulnerability and resilience of 10 deltas, synthesis report
The proposed framework for delta assessment and especially the scorecards are intended to enhance awareness raising, discussion and prioritization on most relevant delta issues, in each delta but also in comparison with other deltas. This should lead to more efficient and effective (multi-sectoral) policy formulation, management design and implementation, in concrete Delta plans, pilot-projects and (research) programmes. The target groups are all stakeholders who are involved in delta management at different levels and with different interests (government, private companies, NGOs, public), and who wish to contribute to the resilience of their own delta and other deltas worldwide
- …