Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

So You Think Your Router Is Safe?

A home router is a common item found in today’s household and is seen by most as just an Internet connection enabler. Users don’t realize how important this single device is in terms of privacy protection. The router is the centerpiece through which all the household Internet activities including ecommerce, tax filing and banking pass through. When this central device is compromised, users are at risk of having personal and confidential data exposed. Over the past decade, information security professionals have been shedding light on vulnerabilities plaguing consumer routers. Yet, most users are unaware of all the different ways a router can be compromised and tend to focus only on setting up a strong password to stop the neighbor from piggy backing on the Internet

Cybersecurity of COSPAS-SARSAT and EPIRB: threat and attacker models, exploits, future research

COSPAS-SARSAT is an International programme for "Search and Rescue" (SAR) missions based on the "Satellite Aided Tracking" system (SARSAT). It is designed to provide accurate, timely, and reliable distress alert and location data to help SAR authorities of participating countries to assist persons and vessels in distress. Two types of satellite constellations serve COSPAS-SARSAT, low earth orbit search and rescue (LEOSAR) and geostationary orbiting search and rescue (GEOSAR). Despite its nearly-global deployment and critical importance, unfortunately enough, we found that COSPAS-SARSAT protocols and standard 406 MHz transmissions lack essential means of cybersecurity. In this paper, we investigate the cybersecurity aspects of COSPAS-SARSAT space-/satellite-based systems. In particular, we practically and successfully implement and demonstrate the first (to our knowledge) attacks on COSPAS-SARSAT 406 MHz protocols, namely replay, spoofing, and protocol fuzzing on EPIRB protocols. We also identify a set of core research challenges preventing more effective cybersecurity research in the field and outline the main cybersecurity weaknesses and possible mitigations to increase the system's cybersecurity level