Naslov
Off-the-Shelf Solutions as Potential Cyber Threats to Industrial Environments and Simple-To-Implement Protection Methodology

Autori
Slunjski, Marko ; Sumina, Damir ; Groš, Stjepan ; Erceg, Igor

Izvornik
IEEE access (2169-3536) Early Access (2022); 3217797, 14

Vrsta, podvrsta i kategorija rada
Radovi u časopisima, članak, znanstveni

Ključne riječi
Protocols , Integrated circuits , Security , Intrusion detection , Servers , Real-time systems , Cyberattack

Sažetak
The paper investigates cyber threats and potential solutions for protecting industrial control systems (ICS). On the cyber threats side, different off-the-shelf offensive solutions, both hardware and software, are analysed and tested. The goal of the paper is to increase cyber threat awareness by showing how such off-the-shelf solutions, well known to IT security experts, can be utilised as (or inspire) attack vectors to gain access to generally unprotected industrial plants. After obtaining an accessing point, Man-in-the- Middle (MITM) and Legal-Client-to-Server (LCSA) types of attacks from reconnaissance, client-to- server and server-to-client categories are demonstrated. For this purpose, a Modbus communication protocol implemented in a real compressor station is used as basis. Regarding potential protection solutions, the paper proposes a simple-to-implement and cheap hardening methodology applicable inside almost any industrial plant. A novel, PLC-based ICS cyber security protection method, made of a signal validity monitoring mechanism and a control system integrity check mechanism is also discussed and demonstrated. Both penetration testing and hardening methodology are verified experimentally, using real PLC and HMI devices.

Izvorni jezik
Engleski

Znanstvena područja
Elektrotehnika, Računarstvo

POVEZANOST RADA