TY - GEN

T1 - On the Significance of Process Comprehension for Conducting Targeted ICS Attacks

AU - Green, Benjamin

AU - Krotofil, Marina

AU - Abbasi, Ali

N1 - © ACM, 2017. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in CPS '17 Proceedings of the 2017 Workshop on Cyber-Physical Systems Security and PrivaCy http://dx.doi.org/10.1145/3140241.3140251

PY - 2017/11/3

Y1 - 2017/11/3

N2 - The exploitation of Industrial Control Systems (ICSs) has been described as both easy and impossible, where is the truth? Post-Stuxnet works have included a plethora of ICS focused cyber secu- rity research activities, with topics covering device maturity, network protocols, and overall cyber security culture. We often hear the notion of ICSs being highly vulnerable due to a lack of inbuilt security mechanisms, considered a low hanging fruit to a variety of low skilled threat actors. While there is substantial evidence to support such a notion, when considering targeted attacks on ICS, it is hard to believe an attacker with limited resources, such as a script kiddie or hacktivist, using publicly accessible tools and exploits alone, would have adequate knowledge and resources to achieve targeted operational process manipulation, while simultaneously evade detection. Through use of a testbed environment, this paper provides two practical examples based on a Man-In-The-Middle scenario, demonstrating the types of information an attacker would need obtain, collate, and comprehend, in order to begin targeted process manipulation and detection avoidance. This allows for a clearer view of associated challenges, and illustrate why targeted ICS exploitation might not be possible for every malicious actor.

AB - The exploitation of Industrial Control Systems (ICSs) has been described as both easy and impossible, where is the truth? Post-Stuxnet works have included a plethora of ICS focused cyber secu- rity research activities, with topics covering device maturity, network protocols, and overall cyber security culture. We often hear the notion of ICSs being highly vulnerable due to a lack of inbuilt security mechanisms, considered a low hanging fruit to a variety of low skilled threat actors. While there is substantial evidence to support such a notion, when considering targeted attacks on ICS, it is hard to believe an attacker with limited resources, such as a script kiddie or hacktivist, using publicly accessible tools and exploits alone, would have adequate knowledge and resources to achieve targeted operational process manipulation, while simultaneously evade detection. Through use of a testbed environment, this paper provides two practical examples based on a Man-In-The-Middle scenario, demonstrating the types of information an attacker would need obtain, collate, and comprehend, in order to begin targeted process manipulation and detection avoidance. This allows for a clearer view of associated challenges, and illustrate why targeted ICS exploitation might not be possible for every malicious actor.

KW - ICS

KW - SCADA

KW - OT

KW - Reconnaissance

KW - MITM

U2 - 10.1145/3140241.3140254

DO - 10.1145/3140241.3140254

M3 - Conference contribution/Paper

SN - 9781450353946

SP - 57

EP - 67

BT - CPS '17 Proceedings of the 2017 Workshop on Cyber-Physical Systems Security and PrivaCy

PB - ACM

CY - New York

T2 - CPS-SPC '17 Proceedings of the 3rd ACM Workshop on Cyber-Physical Systems Security and Privacy

Y2 - 3 November 2017 through 3 November 2017

ER -