356 research outputs found
Laboratory Exercises to Accompany Industrial Control and Embedded Systems Security Curriculum Modules
The daily intrusion attempts and attacks on industrial control systems (ICS) and embedded systems (ES) underscore the criticality of the protection of our Critical Infrastructures (CIs). As recent as mid-July 2018, numerous reports on the infiltration of US utility control rooms by Russian hackers have been published. These successful infiltration and possible manipulation of the utility companies could easily translate to a devastating attack on our nation’s power grid and, consequently, our economy and well-being. Indeed, the need to secure the control and embedded systems which operate our CIs has never been so pronounced. In our attempt to address this critical need, we designed, developed and implemented ICS and ES security curriculum modules with pertinent hands-on laboratory exercises that can be freely adopted across the national setting. This paper describes in detail the modules and the accompanying exercises and proposes future enhancements and extensions to these pedagogical instruments. It highlights the interaction between control and embedded systems security with Presidential Policy Directive 8- the National Preparedness Plan (NPP), cyber risk management, incident handling. To establish the premise the laboratory exercises were developed. This paper outlines the description and content of the modules in the areas of (1) Industrial Control Systems (ICS) Security, (2) embedded systems (ES), and (3) guidelines, standards, and policy.
The ICS security modules cover the predominant ICS protocols, ladder logic programming, Human Machine Interface (HMI), defensive techniques, ICS reconnaissance, vulnerability assessment, Intrusion detection, and penetration testing. The ES security modules include topics such as secure firmware programming and authentication mechanisms. In the guidelines, standards, and policy section, the topics covered by the modules include the NPP as it relates to CI protection, risk management, system protection and policy design, and managing operations and controls. An overview of the various hands-on exercises that accompany the course modules is also presented. Further, to evaluate the effectiveness of the pedagogical materials, an initial evaluation was conducted and the survey data were collected, analyzed, and presented. The paper concludes with future enhancements and directives on opportunities for module extensions and course adoption
Machine Learning Based Network Vulnerability Analysis of Industrial Internet of Things
It is critical to secure the Industrial Internet of Things (IIoT) devices
because of potentially devastating consequences in case of an attack. Machine
learning and big data analytics are the two powerful leverages for analyzing
and securing the Internet of Things (IoT) technology. By extension, these
techniques can help improve the security of the IIoT systems as well. In this
paper, we first present common IIoT protocols and their associated
vulnerabilities. Then, we run a cyber-vulnerability assessment and discuss the
utilization of machine learning in countering these susceptibilities. Following
that, a literature review of the available intrusion detection solutions using
machine learning models is presented. Finally, we discuss our case study, which
includes details of a real-world testbed that we have built to conduct
cyber-attacks and to design an intrusion detection system (IDS). We deploy
backdoor, command injection, and Structured Query Language (SQL) injection
attacks against the system and demonstrate how a machine learning based anomaly
detection system can perform well in detecting these attacks. We have evaluated
the performance through representative metrics to have a fair point of view on
the effectiveness of the methods
Anomaly Detection and Encrypted Programming Forensics for Automation Controllers
Securing the critical infrastructure of the United States is of utmost importance in ensuring the security of the nation. To secure this complex system a structured approach such as the NIST Cybersecurity framework is used, but systems are only as secure as the sum of their parts. Understanding the capabilities of the individual devices, developing tools to help detect misoperations, and providing forensic evidence for incidence response are all essential to mitigating risk. This thesis examines the SEL-3505 RTAC to demonstrate the importance of existing security capabilities as well as creating new processes and tools to support the NIST Framework. The research examines the potential pitfalls of having small-form factor devices in poorly secured and geographically disparate locations. Additionally, the research builds a data-collection framework to provide a proof of concept anomaly detection system for detecting network intrusions by recognizing the change in task time distribution. Statistical tests distinguish between normal and anomalous behaviour. The high true positive rates and low false positive rates show the merit of such an anomaly detection system. Finally, the work presents a network forensic process for recreating control logic from encrypted programming traffic
Stealthy Deception Attacks Against SCADA Systems
SCADA protocols for Industrial Control Systems (ICS) are vulnerable to
network attacks such as session hijacking. Hence, research focuses on network
anomaly detection based on meta--data (message sizes, timing, command
sequence), or on the state values of the physical process. In this work we
present a class of semantic network-based attacks against SCADA systems that
are undetectable by the above mentioned anomaly detection. After hijacking the
communication channels between the Human Machine Interface (HMI) and
Programmable Logic Controllers (PLCs), our attacks cause the HMI to present a
fake view of the industrial process, deceiving the human operator into taking
manual actions. Our most advanced attack also manipulates the messages
generated by the operator's actions, reversing their semantic meaning while
causing the HMI to present a view that is consistent with the attempted human
actions. The attacks are totaly stealthy because the message sizes and timing,
the command sequences, and the data values of the ICS's state all remain
legitimate.
We implemented and tested several attack scenarios in the test lab of our
local electric company, against a real HMI and real PLCs, separated by a
commercial-grade firewall. We developed a real-time security assessment tool,
that can simultaneously manipulate the communication to multiple PLCs and cause
the HMI to display a coherent system--wide fake view. Our tool is configured
with message-manipulating rules written in an ICS Attack Markup Language (IAML)
we designed, which may be of independent interest. Our semantic attacks all
successfully fooled the operator and brought the system to states of blackout
and possible equipment damage
A Secure Dual-MCU Architecture for Robust Communication of IIoT Devices
The Industrial Internet of Things (IIoT) has already become a part of our
everyday life be it water supply, smart grid, or production, IIoT is
everywhere. For example, factory operators want to know the current state of
the production line. These new demands for data acquisition in modern plants
require industrial components to be able to communicate. Nowadays, network
communication in Industrial Control Systems (ICSs) is often implemented via an
IP-based protocol. This intercommunication also brings a larger attack surface
for hackers. If an IIoT device is influenced by attackers, the physical process
could be affected. For example, a high network load could cause a high Central
Processing Unit (CPU) load and influence the reaction time on the physical
control side. In this paper, we introduce a dual Microcontroller Unit (MCU)
setup to ensure a resilient controlling for IIoT devices like Programmable
Logic Controllers (PLCs). We introduce a possible solution for the demand of
secure architectures in the IIoT. Moreover, we provide a Proof of Concept (PoC)
implementation with a benchmark and a comparison with a standard PLC
Advanced security aspects on Industrial Control Network.
Security threats are one of the main problems of this computer-based era. All systems making use of information and communication technologies (ICT) are prone to failures and vulnerabilities that can be exploited by malicious software and agents. In the latest years, Industrial Critical Installations started to use massively network interconnections as well, and what it is worst they came in contact with the public network, i.e. with Internet.
Industrial networks are responsible for process and manufacturing operations of almost every scale, and as a result the successful penetration of a control system network can be used to directly impact those processes. Consequences could potentially range from relatively benign disruptions, such as the disruption of the operation (taking a facility offline), the alteration of an operational process (changing the formula of a chemical process), all the way to deliberate acts of sabotage that are intended to cause harm.
The interconnectivity of Industrial Control Systems with corporate networks and the Internet has significantly increased the threats to critical infrastructure assets. Meanwhile, traditional IT security solutions such as firewalls, intrusion detection systems and antivirus software are relatively ineffective against attacks that specifically target vulnerabilities in SCADA protocols.
This presents presents an innovative approach to Intrusion Detection in SCADA systems based on the concept of Critical State Analysis and State Proximity. The theoretical framework is supported by tests conducted with an Intrusion Detection System prototype implementing the proposed detection approach
Advanced security aspects on Industrial Control Network.
Security threats are one of the main problems of this computer-based era. All systems making use of information and communication technologies (ICT) are prone to failures and vulnerabilities that can be exploited by malicious software and agents. In the latest years, Industrial Critical Installations started to use massively network interconnections as well, and what it is worst they came in contact with the public network, i.e. with Internet.
Industrial networks are responsible for process and manufacturing operations of almost every scale, and as a result the successful penetration of a control system network can be used to directly impact those processes. Consequences could potentially range from relatively benign disruptions, such as the disruption of the operation (taking a facility offline), the alteration of an operational process (changing the formula of a chemical process), all the way to deliberate acts of sabotage that are intended to cause harm.
The interconnectivity of Industrial Control Systems with corporate networks and the Internet has significantly increased the threats to critical infrastructure assets. Meanwhile, traditional IT security solutions such as firewalls, intrusion detection systems and antivirus software are relatively ineffective against attacks that specifically target vulnerabilities in SCADA protocols.
This presents presents an innovative approach to Intrusion Detection in SCADA systems based on the concept of Critical State Analysis and State Proximity. The theoretical framework is supported by tests conducted with an Intrusion Detection System prototype implementing the proposed detection approach
- …