8,927 research outputs found
On Ladder Logic Bombs in Industrial Control Systems
In industrial control systems, devices such as Programmable Logic Controllers
(PLCs) are commonly used to directly interact with sensors and actuators, and
perform local automatic control. PLCs run software on two different layers: a)
firmware (i.e. the OS) and b) control logic (processing sensor readings to
determine control actions). In this work, we discuss ladder logic bombs, i.e.
malware written in ladder logic (or one of the other IEC 61131-3-compatible
languages). Such malware would be inserted by an attacker into existing control
logic on a PLC, and either persistently change the behavior, or wait for
specific trigger signals to activate malicious behaviour. For example, the LLB
could replace legitimate sensor readings with manipulated values. We see the
concept of LLBs as a generalization of attacks such as the Stuxnet attack. We
introduce LLBs on an abstract level, and then demonstrate several designs based
on real PLC devices in our lab. In particular, we also focus on stealthy LLBs,
i.e. LLBs that are hard to detect by human operators manually validating the
program running in PLCs. In addition to introducing vulnerabilities on the
logic layer, we also discuss countermeasures and we propose two detection
techniques.Comment: 11 pages, 14 figures, 2 tables, 1 algorith
Defending Against Firmware Cyber Attacks on Safety-Critical Systems
In the past, it was not possible to update the underlying software in many industrial control devices. Engineering
teams had to ‘rip and replace’ obsolete components. However, the ability to make firmware updates has provided
significant benefits to the companies who use Programmable Logic Controllers (PLCs), switches, gateways and
bridges as well as an array of smart sensor/actuators. These updates include security patches when vulnerabilities are
identified in existing devices; they can be distributed by physical media but are increasingly downloaded over
Internet connections. These mechanisms pose a growing threat to the cyber security of safety-critical applications,
which are illustrated by recent attacks on safety-related infrastructures across the Ukraine. Subsequent sections
explain how malware can be distributed within firmware updates. Even when attackers cannot reverse engineer the
code necessary to disguise their attack, they can undermine a device by forcing it into a constant upload cycle where
the firmware installation never terminates. In this paper, we present means of mitigating the risks of firmware attack
on safety-critical systems as part of wider initiatives to secure national critical infrastructures. Technical solutions,
including firmware hashing, must be augmented by organizational measures to secure the supply chain within
individual plants, across companies and throughout safety-related industries
Forensic Attacks Analysis and the Cyber Security of Safety-Critical Industrial Control Systems
Industrial Control Systems (ICS) and SCADA (Supervisory Control And Data Acquisition) applications monitor
and control a wide range of safety-related functions. These include energy generation where failures could have
significant, irreversible consequences. They also include the control systems that are used in the manufacture of
safety-related products. In this case bugs in an ICS/SCADA system could introduce flaws in the production of
components that remain undetected before being incorporated into safety-related applications. Industrial Control
Systems, typically, use devices and networks that are very different from conventional IP-based infrastructures.
These differences prevent the re-use of existing cyber-security products in ICS/SCADA environments; the
architectures, file formats and process structures are very different. This paper supports the forensic analysis of
industrial control systems in safety-related applications. In particular, we describe how forensic attack analysis is
used to identify weaknesses in devices so that we can both protect components but also determine the information
that must be analyzed during the aftermath of a cyber-incident. Simulated attacks detect vulnerabilities; a risk-based
approach can then be used to assess the likelihood and impact of any breach. These risk assessments are then used
to justify both immediate and longer-term countermeasures
MiniCPS: A toolkit for security research on CPS Networks
In recent years, tremendous effort has been spent to modernizing
communication infrastructure in Cyber-Physical Systems (CPS) such as Industrial
Control Systems (ICS) and related Supervisory Control and Data Acquisition
(SCADA) systems. While a great amount of research has been conducted on network
security of office and home networks, recently the security of CPS and related
systems has gained a lot of attention. Unfortunately, real-world CPS are often
not open to security researchers, and as a result very few reference systems
and topologies are available. In this work, we present MiniCPS, a CPS
simulation toolbox intended to alleviate this problem. The goal of MiniCPS is
to create an extensible, reproducible research environment targeted to
communications and physical-layer interactions in CPS. MiniCPS builds on
Mininet to provide lightweight real-time network emulation, and extends Mininet
with tools to simulate typical CPS components such as programmable logic
controllers, which use industrial protocols (Ethernet/IP, Modbus/TCP). In
addition, MiniCPS defines a simple API to enable physical-layer interaction
simulation. In this work, we demonstrate applications of MiniCPS in two example
scenarios, and show how MiniCPS can be used to develop attacks and defenses
that are directly applicable to real systems.Comment: 8 pages, 6 figures, 1 code listin
Securing the Participation of Safety-Critical SCADA Systems in the Industrial Internet of Things
In the past, industrial control systems were ‘air gapped’ and
isolated from more conventional networks. They used
specialist protocols, such as Modbus, that are very different
from TCP/IP. Individual devices used proprietary operating
systems rather than the more familiar Linux or Windows.
However, things are changing. There is a move for greater
connectivity – for instance so that higher-level enterprise
management systems can exchange information that helps
optimise production processes. At the same time, industrial
systems have been influenced by concepts from the Internet
of Things; where the information derived from sensors and
actuators in domestic and industrial components can be
addressed through network interfaces. This paper identifies a
range of cyber security and safety concerns that arise from
these developments. The closing sections introduce potential
solutions and identify areas for future research
- …