On the Significance of Process Comprehension for Conducting Targeted ICS Attacks

Benjamin Green, Marina Krotofil, Ali Abbasi

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    29 Citations (Scopus)
    1 Downloads (Pure)

    Abstract

    The exploitation of Industrial Control Systems (ICSs) has been described as both easy and impossible, where is the truth? Post-Stuxnet works have included a plethora of ICS focused cyber security research activities, with topics covering device maturity, network protocols, and overall cyber security culture. We often hear the notion of ICSs being highly vulnerable due to a lack of inbuilt security mechanisms, considered a low hanging fruit to a variety of low skilled threat actors. While there is substantial evidence to support such a notion, when considering targeted attacks on ICS, it is hard to believe an attacker with limited resources, such as a script kiddie or hacktivist, using publicly accessible tools and exploits alone, would have adequate knowledge and resources to achieve targeted operational process manipulation, while simultaneously evade detection. Through use of a testbed environment, this paper provides two practical examples based on a Man-In-The-Middle scenario, demonstrating the types of information an attacker would need obtain, collate, and comprehend, in order to begin targeted process manipulation and detection avoidance. This allows for a clearer view of associated challenges, and illustrate why targeted ICS exploitation might not be possible for every malicious actor.
    Original languageEnglish
    Title of host publicationCPS '17
    Subtitle of host publicationProceedings of the 2017 Workshop on Cyber-Physical Systems Security and PrivaCy
    PublisherAssociation for Computing Machinery
    Pages57-67
    ISBN (Print)978-1-4503-5394-6
    DOIs
    Publication statusPublished - 30 Oct 2017
    Event3rd Workshop on Cyber-Physical Systems Security and PrivaCy, CPS-SPC 2017 - Dallas, United States
    Duration: 3 Nov 20173 Nov 2017
    Conference number: 3
    https://sites.google.com/site/cpsspc2017/home

    Workshop

    Workshop3rd Workshop on Cyber-Physical Systems Security and PrivaCy, CPS-SPC 2017
    Abbreviated titleCPS-SPC
    Country/TerritoryUnited States
    CityDallas
    Period3/11/173/11/17
    Internet address

    Keywords

    • ICS
    • SCADA
    • OT
    • Reconnaissance
    • MITM

    Fingerprint

    Dive into the research topics of 'On the Significance of Process Comprehension for Conducting Targeted ICS Attacks'. Together they form a unique fingerprint.

    Cite this