scholarly journals From Exposed to Exploited: Drawing the Picture of Industrial Control Systems Security Status in the Internet Age

2021 ◽  
Author(s):  
Yixiong Wu ◽  
Jianwei Zhuge ◽  
Tingting Yin ◽  
Tianyi Li ◽  
Junmin Zhu ◽  
...  
Keyword(s):  
Control Systems ◽  
The Internet ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Internet Age ◽  
Systems Security

Control Systems Security

2011 ◽  
pp. 187-204 ◽  
Author(s):  
Jake Brodsky ◽  
Robert Radvanovsky
Keyword(s):  
Control Systems ◽  
News Media ◽  
The Internet ◽  
Critical Infrastructures ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Systems Security ◽  
National Power ◽  
Executive Level ◽  
The U.S

With recent news media discussions highlighting the safety and integrity of the U.S. national power grid, questions have been raised by both political and executive-level management, specifically, as to the risks associated with our critical infrastructures. More specifically, the issue of concern is dealing with and addressing cyber vulnerability issues, threats and risks associated with an extremely complex and inter-twining series of dependencies arising from legacy industries established almost 100 years ago. Equally as important are the growing threats and risks to these environments resulting from their exposure to outside networks (such as the Internet), exposing critically vital and important cyber systems to just about everyone and anyone globally. This chapter highlights the importance of preventing hack attacks against SCADA systems, or Industrial Control Systems (abbreviated as ICS), as a means of protecting our critical infrastructures.

A White Hat Study of a Nation's Publicly Accessible Critical Digital Infrastructure and a Way Forward

2020 ◽  
pp. 1672-1685
Author(s):  
Timo Kiravuo ◽  
Seppo Tiilikainen ◽  
Mikko Särelä ◽  
Jukka Manner
Keyword(s):  
Control Systems ◽  
Critical Infrastructure ◽  
The Internet ◽  
Address Space ◽  
Government Officials ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Playing Field ◽  
Internet Address ◽  
Nation States

The developed society depends on many critical infrastructure processes, such as power generation, water treatment, many types of manufacturing, and smart buildings. These processes need control and the automation industry has embraced the Internet to connect all these controls. However, the controlling devices thus opened to the world do not always have adequate safeguards to withstand malicious users. Many automation systems have default passwords or known and unknown backdoors. Also, often those systems are not updated to close security weaknesses found after original installation. The authors argue that while the industry is familiar with the notion of safety of equipment and processes, it has not focused enough on IT security. Several years ago the Shodan search engine showed how easy it is to find these control devices on the Internet. The authors followed this research line further by targeting one nation's IP address space with Shodan and found thousands of control systems, many of which represent models and versions with known vulnerabilities. Their first contribution is presenting these findings and analyzing their significance. Their study started in 2012 and the most recent results are from the end of 2015. To gain further knowledge, they have built a prototype scanner capable of finding industrial control systems. This lets the authors evaluate the possibility of performing routine scans to gauge the vulnerability of a nation. Their second contribution is to present a template for a national Internet scanning program. The authors discuss the technology, performance, and legality of such a program. Based on their findings and analysis they argue that nations should continuously monitor their own Internet address space for vulnerabilities. The authors' findings indicate that the current level of vulnerabilities is significant and unacceptable. Scanning a nation's critical infrastructure can be done in minutes, allowing them to keep a tight control of vulnerabilities. Yet, in addition, the authors need to extend current legislation and the rights of government officials to bring more security in national critical infrastructures; this discussion is their third contribution. The cyber-space has become a playing field for criminals, terrorists and nation states, all of which may have a motive to disrupt the daily life of a nation, and currently causing such disruptions is too easy.

A White Hat Study of a Nation's Publicly Accessible Critical Digital Infrastructure and a Way Forward

2016 ◽  
Vol 6 (1) ◽  
pp. 41-52
Author(s):  
Timo Kiravuo ◽  
Seppo Tiilikainen ◽  
Mikko Särelä ◽  
Jukka Manner
Keyword(s):  
Control Systems ◽  
Critical Infrastructure ◽  
The Internet ◽  
Address Space ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Playing Field ◽  
Internet Address ◽  
Nation States ◽  
Automation Systems

The developed society depends on many critical infrastructure processes, such as power generation, water treatment, many types of manufacturing, and smart buildings. These processes need control and the automation industry has embraced the Internet to connect all these controls. However, the controlling devices thus opened to the world do not always have adequate safeguards to withstand malicious users. Many automation systems have default passwords or known and unknown backdoors. Also, often those systems are not updated to close security weaknesses found after original installation. The authors argue that while the industry is familiar with the notion of safety of equipment and processes, it has not focused enough on IT security. Several years ago the Shodan search engine showed how easy it is to find these control devices on the Internet. The authors followed this research line further by targeting one nation's IP address space with Shodan and found thousands of control systems, many of which represent models and versions with known vulnerabilities. Their first contribution is presenting these findings and analyzing their significance. Their study started in 2012 and the most recent results are from the end of 2015. To gain further knowledge, they have built a prototype scanner capable of finding industrial control systems. This lets the authors evaluate the possibility of performing routine scans to gauge the vulnerability of a nation. Their second contribution is to present a template for a national Internet scanning program. The authors discuss the technology, performance, and legality of such a program. Based on their findings and analysis they argue that nations should continuously monitor their own Internet address space for vulnerabilities. The authors' findings indicate that the current level of vulnerabilities is significant and unacceptable. Scanning a nation's critical infrastructure can be done in minutes, allowing them to keep a tight control of vulnerabilities. Yet, in addition, the authors need to extend current legislation and the rights of government officials to bring more security in national critical infrastructures; this discussion is their third contribution. The cyber-space has become a playing field for criminals, terrorists and nation states, all of which may have a motive to disrupt the daily life of a nation, and currently causing such disruptions is too easy.

Sign in / Sign up

Export Citation Format

Share Document