2,869 research outputs found
Supervisory Control and Data Acquisition (SCADA) System Forensics Based on the Modbus Protocol
Supervisory Control and Data Acquisition (SCADA) has been at the cored of Operational Technology (OT) used in industries and process plants to monitor and control critical processes, especially in the energy sector. In petroleum sub-sector, it has been used in monitoring transportation, storage and loading of petroleum products. It is linked to instruments that collect and monitor parameters such as temperature, pressure and product densities. It gives commands to actuators by the use of the application programs installed on the programmable logic controllers (PLCs). Earlier SCADA systems were isolated from the internet, hence protected by an airgap from attacks taking place on interconnected systems. The recent trend is that SCADA systems are becoming more integrated with other business systems using Internet technologies such as Ethernet and TCP/IP. However, TCP/IP and web technologies which are predominantly used by IT systems have become increasingly vulnerable to cyberattacks that are experienced by IT systems such as malwares and other attacks. It is important to conduct vulnerability assessment of SCADA systems with a view to thwarting attacks that can exploit such vulnerabilities. Where the vulnerabilities have been exploited, forensic analysis is required so as to know what really happened. This paper reviews SCADA systems configuration, vulnerabilities, and attacks scenarios, then presents a prototype SCADA system and forensic tool that can be used on SCADA. The tool reads into the PLC memory and Wireshark has been to capture network communication between the SCADA system and the PLC
Assessing and augmenting SCADA cyber security: a survey of techniques
SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability
Autonomic computing architecture for SCADA cyber security
Cognitive computing relates to intelligent computing platforms that are based on the disciplines of artificial intelligence, machine learning, and other innovative technologies. These technologies can be used to design systems that mimic the human brain to learn about their environment and can autonomously predict an impending anomalous situation. IBM first used the term ‘Autonomic Computing’ in 2001 to combat the looming complexity crisis (Ganek and Corbi, 2003). The concept has been inspired by the human biological autonomic system. An autonomic system is self-healing, self-regulating, self-optimising and self-protecting (Ganek and Corbi, 2003). Therefore, the system should be able to protect itself against both malicious attacks and unintended mistakes by the operator
Autonomic computing meets SCADA security
© 2017 IEEE. National assets such as transportation networks, large manufacturing, business and health facilities, power generation, and distribution networks are critical infrastructures. The cyber threats to these infrastructures have increasingly become more sophisticated, extensive and numerous. Cyber security conventional measures have proved useful in the past but increasing sophistication of attacks dictates the need for newer measures. The autonomic computing paradigm mimics the autonomic nervous system and is promising to meet the latest challenges in the cyber threat landscape. This paper provides a brief review of autonomic computing applications for SCADA systems and proposes architecture for cyber security
Forensic Attacks Analysis and the Cyber Security of Safety-Critical Industrial Control Systems
Industrial Control Systems (ICS) and SCADA (Supervisory Control And Data Acquisition) applications monitor
and control a wide range of safety-related functions. These include energy generation where failures could have
significant, irreversible consequences. They also include the control systems that are used in the manufacture of
safety-related products. In this case bugs in an ICS/SCADA system could introduce flaws in the production of
components that remain undetected before being incorporated into safety-related applications. Industrial Control
Systems, typically, use devices and networks that are very different from conventional IP-based infrastructures.
These differences prevent the re-use of existing cyber-security products in ICS/SCADA environments; the
architectures, file formats and process structures are very different. This paper supports the forensic analysis of
industrial control systems in safety-related applications. In particular, we describe how forensic attack analysis is
used to identify weaknesses in devices so that we can both protect components but also determine the information
that must be analyzed during the aftermath of a cyber-incident. Simulated attacks detect vulnerabilities; a risk-based
approach can then be used to assess the likelihood and impact of any breach. These risk assessments are then used
to justify both immediate and longer-term countermeasures
Towards a Layered Architectural View for Security Analysis in SCADA Systems
Supervisory Control and Data Acquisition (SCADA) systems support and control
the operation of many critical infrastructures that our society depend on, such
as power grids. Since SCADA systems become a target for cyber attacks and the
potential impact of a successful attack could lead to disastrous consequences
in the physical world, ensuring the security of these systems is of vital
importance. A fundamental prerequisite to securing a SCADA system is a clear
understanding and a consistent view of its architecture. However, because of
the complexity and scale of SCADA systems, this is challenging to acquire. In
this paper, we propose a layered architectural view for SCADA systems, which
aims at building a common ground among stakeholders and supporting the
implementation of security analysis. In order to manage the complexity and
scale, we define four interrelated architectural layers, and uses the concept
of viewpoints to focus on a subset of the system. We indicate the applicability
of our approach in the context of SCADA system security analysis.Comment: 7 pages, 4 figure
Towards Realistic Threat Modeling: Attack Commodification, Irrelevant Vulnerabilities, and Unrealistic Assumptions
Current threat models typically consider all possible ways an attacker can
penetrate a system and assign probabilities to each path according to some
metric (e.g. time-to-compromise). In this paper we discuss how this view
hinders the realness of both technical (e.g. attack graphs) and strategic (e.g.
game theory) approaches of current threat modeling, and propose to steer away
by looking more carefully at attack characteristics and attacker environment.
We use a toy threat model for ICS attacks to show how a realistic view of
attack instances can emerge from a simple analysis of attack phases and
attacker limitations.Comment: Proceedings of the 2017 Workshop on Automated Decision Making for
Active Cyber Defens
Efficient Passive ICS Device Discovery and Identification by MAC Address Correlation
Owing to a growing number of attacks, the assessment of Industrial Control
Systems (ICSs) has gained in importance. An integral part of an assessment is
the creation of a detailed inventory of all connected devices, enabling
vulnerability evaluations. For this purpose, scans of networks are crucial.
Active scanning, which generates irregular traffic, is a method to get an
overview of connected and active devices. Since such additional traffic may
lead to an unexpected behavior of devices, active scanning methods should be
avoided in critical infrastructure networks. In such cases, passive network
monitoring offers an alternative, which is often used in conjunction with
complex deep-packet inspection techniques. There are very few publications on
lightweight passive scanning methodologies for industrial networks. In this
paper, we propose a lightweight passive network monitoring technique using an
efficient Media Access Control (MAC) address-based identification of industrial
devices. Based on an incomplete set of known MAC address to device
associations, the presented method can guess correct device and vendor
information. Proving the feasibility of the method, an implementation is also
introduced and evaluated regarding its efficiency. The feasibility of
predicting a specific device/vendor combination is demonstrated by having
similar devices in the database. In our ICS testbed, we reached a host
discovery rate of 100% at an identification rate of more than 66%,
outperforming the results of existing tools.Comment: http://dx.doi.org/10.14236/ewic/ICS2018.
- …