A model of distributed key generation for industrial control systems

11th International Workshop on Discrete Event Systems, WODES 2012; Guadalajara, Jalisco; Mexico; 3 October 2012 through 5 October 2012The cyber-security of industrial control systems (ICS) is gaining high relevance due to the impact of industrial system failures on the citizen life. There is an urgent need for the consideration of security in their design, and for the analysis of the related vulnerabilities and potential threats. The high exposure of industrial critical infrastructure to cyber-threats is mainly due to the intrinsic weakness of the communication protocols used to control the process network. The peculiarities of the industrial protocols (low computational power, large geographical distribution, near to real-time constraints) make hard the effective use of traditional cryptographic schemes and in particular the implementation of an effective key management infrastructure supporting a cryptographic layer. In this paper, we describe a "model of distributed key generation for industrial control systems" we have recently implemented. The model is based on a known Distributed Key Generator protocol we have adapted to an industrial control system environment and to the related communication protocol (Modbus). To validate in a formal way selected security properties of the model, we introduced a Petri Nets representation. This representation allows for modeling attacks against the protocol and understanding some potential weaknesses of its implementation in the industrial control system environment

The security robustness of Modbus/TCP protocol in industrial control systems

Since most of Industrial Control Systems (ICS) systems have been isolated from public networks, there have not been a colossal needs to secure them. However, in most of today\u27s applications such as Experimental Physics and Industrial Control Systems (EPICS), Supervisory Control and Data Acquisition (SCADA), Distributed Control System (DCS) and Programmable Logic Controllers (PLCs) system are getting connected to the internet without paying attention to the security robustness of these devices. Industrial Control Systems (ICS) such as SCADA, DCS, PLCs are communicating with industrial equipment such as actuators, sensors, motors, and pumps using a special communication protocol called Modbus. For remote applications, multiple PLCs can be connected to each other to form a controlling network that uses Modbus / TCP communication protocol utilizing private/public networks. This research focuses on examining the security vulnerability of the Modbus/TCP protocol. To achieve this goal the researcher utilizes Modbus PLC simulator to simulate different cyber attacks through the local network. The cyber attacks have been formed using the MBTGET Perl script and Metasploit module, in Kali Linux penetration testing operating system. Our research shows some of the major security vulnerability in the Modbus/TCP protocol, which is one of the main communication protocols ICS system.https://ecommons.udayton.edu/stander_posters/2667/thumbnail.jp

Incident Analysis & Digital Forensics in SCADA and Industrial Control Systems

SCADA and industrial control systems have been traditionally isolated in physically protected environments. However, developments such as standardisation of data exchange protocols and increased use of IP, emerging wireless sensor networks and machine-to-machine communication mean that in the near future related threat vectors will require consideration too outside the scope of traditional SCADA security and incident response. In the light of the significance of SCADA for the resilience of critical infrastructures and the related targeted incidents against them (e.g. the development of stuxnet), cyber security and digital forensics emerge as priority areas. In this paper we focus on the latter, exploring the current capability of SCADA operators to analyse security incidents and develop situational awareness based on a robust digital evidence perspective. We look at the logging capabilities of a typical SCADA architecture and the analytical techniques and investigative tools that may help develop forensic readiness to the level of the current threat environment requirements. We also provide recommendations for data capture and retention

Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability