scholarly journals A review: towards practical attack taxonomy for industrial control systems

2018 ◽  
Vol 7 (2.14) ◽  
pp. 145 ◽  
Author(s):  
Qais Saif Qassim ◽  
Norziana Jamil ◽  
Razali Jidin ◽  
Mohd Ezanee Rusli ◽  
Md Nabil Ahmad Zawawi ◽  
...  
Keyword(s):  
Control Systems ◽  
Supervisory Control ◽  
Cyber Attacks ◽  
Critical Infrastructures ◽  
Cyber Attack ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Scada System ◽  
Water Transportation ◽  
Different Types

Supervisory Control and Data Acquisition (SCADA) system is the underlying control system of most national critical infrastructures such as power, energy, water, transportation and telecommunication. In order to understand the potential threats to these infrastructures and the mechanisms to protect them, different types of cyber-attacks applicable to these infrastructures need to be identified. Therefore, there is a significant need to have a comprehensive understanding of various types of cyber-attacks and its classification associated with both Opera-tion Technology (OT) and Information Technology (IT). This paper presents a comprehensive review of existing cyber-attack taxonomies available in the literature and evaluates these taxonomies based on defined criteria.  

Building a Cybersecurity Culture in the Industrial Control System Environment

2019 ◽  
Vol 8 (1) ◽  
pp. 39-44
Author(s):  
Claudia ARAUJO MACEDO ◽  
Jos MENTING
Keyword(s):  
Control System ◽  
Control Systems ◽  
Cyber Attacks ◽  
Cyber Attack ◽  
Industrial Control System ◽  
Security Measures ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
System A ◽  
Educational Processes

Cybersecurity in industrial control system environments has become a significant concern and is even more relevant in the context of critical infrastructures where control system disruption could have a profound impact on health, safety and the environment. This makes this type of system a major target for malicious activities. Notwithstanding an organization’s interest in protecting its industrial control systems against cyber-attacks, the implementation of security measures, whether technical, organizational or human, still faces resistance and is often seen as a constraint. Using the best technology to protect industrial control systems makes no sense if persons with access do not act attentively and protectively. Technical and human cybersecurity measures are intrinsically linked, and it is essential that all persons with access to these systems are fully aware of the inherent cyber risks. Organizations must also act so that staff receive appropriate training on how to keep systems continuously protected against cyber-attack when carrying out their daily tasks. These educational processes can contribute to building an effective cybersecurity culture fully reflective of management and staff attitudes, so that the availability, integrity and confidentiality of information in industrial control systems can be assured.

scholarly journals Digital Forensic Analysis of Industrial Control Systems Using Sandboxing: A Case of WAMPAC Applications in the Power Systems

Energies ◽  
2019 ◽  
Vol 12 (13) ◽  
pp. 2598
Author(s):  
Asif Iqbal ◽  
Farhan Mahmood ◽  
Mathias Ekstedt
Keyword(s):  
Power Systems ◽  
Control Systems ◽  
Forensic Analysis ◽  
Cyber Attacks ◽  
Power Grids ◽  
Cyber Attack ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Daubert Standard ◽  
And Control

In today’s connected world, there is a tendency of connectivity even in the sectors which conventionally have been not so connected in the past, such as power systems substations. Substations have seen considerable digitalization of the grid hence, providing much more available insights than before. This has all been possible due to connectivity, digitalization and automation of the power grids. Interestingly, this also means that anybody can access such critical infrastructures from a remote location and gone are the days of physical barriers. The power of connectivity and control makes it a much more challenging task to protect critical industrial control systems. This capability comes at a price, in this case, increasing the risk of potential cyber threats to substations. With all such potential risks, it is important that they can be traced back and attributed to any potential threats to their roots. It is extremely important for a forensic investigation to get credible evidence of any cyber-attack as required by the Daubert standard. Hence, to be able to identify and capture digital artifacts as a result of different attacks, in this paper, the authors have implemented and improvised a forensic testbed by implementing a sandboxing technique in the context of real time-hardware-in-the-loop setup. Newer experiments have been added by emulating the cyber-attacks on WAMPAC applications, and collecting and analyzing captured artifacts. Further, using sandboxing for the first time in such a setup has proven helpful.

scholarly journals Behavior Based Anomaly Detection Model in SCADA System

2018 ◽  
Vol 173 ◽  
pp. 01011 ◽  
Author(s):  
Xiaojun Zhou ◽  
Zhen Xu ◽  
Liming Wang ◽  
Kai Chen ◽  
Cong Chen ◽  
...  
Keyword(s):  
Anomaly Detection ◽  
Control Systems ◽  
Supervisory Control ◽  
Industry 4.0 ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Detection Model ◽  
Scada System ◽  
Behavior Based ◽  
And Control

With the arrival of Industry 4.0, more and more industrial control systems are connected with the outside world, which brings tremendous convenience to industrial production and control, and also introduces many potential security hazards. After a large number of attack cases analysis, we found that attacks in SCADA systems can be divided into internal attacks and external attacks. Both types of attacks are inevitable. Traditional firewalls, IDSs and IPSs are no longer suitable for industrial control systems. Therefore, we propose behavior-based anomaly detection and build three baselines of normal behaviors. Experiments show that using our proposed detection model, we can quickly detect a variety of attacks on SCADA (Supervisory Control And Data Acquisition) systems.

Investigation of risks for Critical Infrastructures due to the exposure of SCADA systems and industrial controls on the Internet based on the search engine Shodan

2020 ◽  
Vol 2020 (3) ◽  
pp. 253-1-253-16 ◽  
Author(s):  
Daniel Kant ◽  
Reiner Creutzburg ◽  
Andreas Johannsen
Keyword(s):  
Control Systems ◽  
Search Engine ◽  
Common Good ◽  
Cyber Attacks ◽  
The Internet ◽  
Critical Infrastructures ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Industrial Plants ◽  
Scada Systems

Industrial Control Systems occur in automation processes and process control procedures within Critical Infrastructures (CI) - these are institutions with important significance for the common good of the state and thus for the maintenance of a society. Failures or disturbances in industrial plants can have serious physical consequences, such as power outages or interruptions in production. Energy suppliers, in particular, are an attractive target for cyber attacks due to their interdependencies with other infrastructures. A large number of SCADA systems and Industrial Control Systems are directly connected to the Internet and inadequately secured from an information technology perspective, this represents a considerable risk for IT security and, consequently, for the availability of Critical Infrastructures. The Shodan search engine reveals a worrying extent of exposed industrial control equipment on the Internet. The collected information and metadata about Industrial Control Systems from this search are freely available online. They can serve as a basis for potential attacks. Without authentication mechanisms, anyone can connect to open ports using industrial and remote maintenance protocols. The resulting risks and consequences for the companies, operators as well as for the society due the exposure of industrial plants and Critical Infrastructures are examined based on the Shodan search engine within the scope of this work.

scholarly journals Implementation and Evaluation of Physical, Hybrid, and Virtual Testbeds for Cybersecurity Analysis of Industrial Control Systems

Symmetry ◽  
2021 ◽  
Vol 13 (3) ◽  
pp. 519
Author(s):  
Andres Robles-Durazno ◽  
Naghmeh Moradpoor ◽  
James McWhinnie ◽  
Gordon Russell ◽  
Jorge Porcel-Bustamante
Keyword(s):  
Control Systems ◽  
Technical Information ◽  
Attack Detection ◽  
Cyber Attacks ◽  
Cyber Attack ◽  
Negative Consequences ◽  
Sensors And Actuators ◽  
Industrial Control ◽  
Daily Lives ◽  
Industrial Control Systems

Industrial Control Systems are an essential part of our daily lives and can be found in industries such as oil, utilities, and manufacturing. Rapid growth in technology has introduced industrial components with network capabilities that allow them to communicate with traditional computer networks, thus increasing their exposure to cyber-attacks. Current research on Industrial Control Systems suffer from lack of technical information as these systems are part of critical infrastructures. To overcome this, researchers have employed different types of testbeds to develop their mechanisms of cyber-attack detection and prevention. This manuscript describes, implements, and evaluates physical, hybrid, and virtual application of a clean water supply system developed for cybersecurity research. The results show that physical testbeds allow an understanding of the behaviour and dynamics of control components like sensors and actuators, which might be affected by external influences such as noise, vibration, temperature, and non-ideal device behaviour. Although, hybrid testbeds reduce the cost of implementation, they ignore the physical dynamics of the system as explained above. Virtual testbeds are the cheapest option in comparison with physical and hybrid testbeds; however, they provide a limited view of the control system operation that could have negative consequences when developing a detection/prevention system.

scholarly journals Simulating command injection attacks on IEC 60870-5-104 protocol in SCADA system

2018 ◽  
Vol 7 (2.14) ◽  
pp. 153 ◽  
Author(s):  
Qais Saif Qassim ◽  
Norziana Jamil ◽  
Maslina Daud ◽  
Norhamadi Ja'affar ◽  
Salman Yussof ◽  
...  
Keyword(s):  
Control System ◽  
Power System ◽  
Control Systems ◽  
Industrial Control ◽  
Power Utility ◽  
Industrial Control Systems ◽  
Injection Attacks ◽  
Scada System ◽  
Control Command ◽  
Catastrophic Impact

IEC 60870-5-104 is an international standard used for tele-control in electrical engineering and power system applications. It is one of the major principal protocols in SCADA system. Major industrial control vendors use this protocol for monitoring and managing power utility devices. One of the most common attacks which has a catastrophic impact on industrial control systems is the control command injection attack. It happens when an attacker injects false control commands into a control system. This paper presents the IEC 60870-5-104 vulnera-bilities from the perspective of command and information data injection. From the SCADA testbed that we setup, we showed that a success-ful control command injection attack can be implemented by exploiting the vulnerabilities identified earlier.  

Cybersecurity Leadership: Competencies, Governance, and Technologies for Industrial Control Systems

2017 ◽  
Vol 17 (01) ◽  
pp. 1740001 ◽  
Author(s):  
JEAN-PIERRE AUFFRET ◽  
JANE L. SNOWDON ◽  
ANGELOS STAVROU ◽  
JEFFREY S. KATZ ◽  
DIANA KELLEY ◽  
...  
Keyword(s):  
Smart Grid ◽  
Control Systems ◽  
Leadership Competencies ◽  
Cyber Attacks ◽  
Industrial Control ◽  
Public And Private ◽  
Industrial Control Systems ◽  
Grid Systems ◽  
Private Organizations ◽  
Emerging Risk

The extensive integration of interconnected devices and the inadvertent information obtained from untrusted sources has exposed the Industrial Control Systems (ICS) ecosystem to remote attacks by the exploitation of new and old vulnerabilities. Unfortunately, although recognized as an emerging risk based on the recent rise of cyber attacks, cybersecurity for ICS has not been addressed adequately both in terms of technology but, most importantly, in terms of organizational leadership and policy. In this paper, we will present our findings regarding the cybersecurity challenges for Smart Grid and ICS and the need for changes in the way that organizations perceive cybersecurity risk and leverage resources to balance the needs for information security and operational security. Moreover, we present empirical data that point to cybersecurity governance and technology principles that can help public and private organizations to navigate successfully the technical cybersecurity challenges for ICS and Smart Grid systems. We believe that by identifying and mitigating the inherent risks in their systems, operations, and processes, enterprises will be in a better position to shield themselves and protect against current and future cyber threats.

Sign in / Sign up

Export Citation Format

Share Document