Home > Research > Publications & Outputs > Don’t get Stung, Cover your ICS in Honey

Links

Text available via DOI:

View graph of relations

Don’t get Stung, Cover your ICS in Honey: How do Honeypots fit within Industrial Control System Security

Research output: Contribution to journalJournal articlepeer-review

Published
Article number102598
<mark>Journal publication date</mark>31/03/2022
<mark>Journal</mark>Computers and Security
Volume114
Number of pages25
Publication StatusPublished
Early online date30/12/21
<mark>Original language</mark>English

Abstract

The advent of Industry 4.0 and smart manufacturing has led to an increased convergence of traditional manufacturing and production technologies with IP communications. Legacy Industrial Control System (ICS) devices now interconnected via public networks, are exposed to a wide range of previously unconsidered threats, threats which must be considered to ensure the continued safe operation of industrial processes. This paper surveys the ICS honeypot deployments in the literature to date and provides an overview of ICS focused threat vectors, and studies how honeypots can be integrated within an organisations defensive strategy. We discuss relevant legislation, such as the UK Cyber Assessment Framework, the US NIST Framework for Improving Critical Infrastructure Cybersecurity, and associated industry-based standards and guidelines supporting operator compliance. This is used to frame a discussion on our survey of existing ICS honeypot implementations in the literature, and their role in supporting regulatory objectives. We observe that many low-interaction honeypots are limited in their use. This is largely due to the increased knowledge attackers have on how real-world ICS devices are configured and operate, vs. the configurability of simulated honeypot systems. Furthermore, we find that environments with increased interaction provide more extensive capabilities and value, due to their inherent obfuscation delivered through the use of real-world systems. Based on these insights, we propose a novel framework towards the classification and implementation of ICS honeypots.