The Landscape of Industrial Control Systems (ICS) Devices on the Internet

2018 ◽  
Author(s):  
Wei Xu ◽  
Yaodong Tao ◽  
Xin Guan
Keyword(s):  
Control Systems ◽  
The Internet ◽  
Industrial Control ◽  
Industrial Control Systems

A White Hat Study of a Nation's Publicly Accessible Critical Digital Infrastructure and a Way Forward

2020 ◽  
pp. 1672-1685
Author(s):  
Timo Kiravuo ◽  
Seppo Tiilikainen ◽  
Mikko Särelä ◽  
Jukka Manner
Keyword(s):  
Control Systems ◽  
Critical Infrastructure ◽  
The Internet ◽  
Address Space ◽  
Government Officials ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Playing Field ◽  
Internet Address ◽  
Nation States

The developed society depends on many critical infrastructure processes, such as power generation, water treatment, many types of manufacturing, and smart buildings. These processes need control and the automation industry has embraced the Internet to connect all these controls. However, the controlling devices thus opened to the world do not always have adequate safeguards to withstand malicious users. Many automation systems have default passwords or known and unknown backdoors. Also, often those systems are not updated to close security weaknesses found after original installation. The authors argue that while the industry is familiar with the notion of safety of equipment and processes, it has not focused enough on IT security. Several years ago the Shodan search engine showed how easy it is to find these control devices on the Internet. The authors followed this research line further by targeting one nation's IP address space with Shodan and found thousands of control systems, many of which represent models and versions with known vulnerabilities. Their first contribution is presenting these findings and analyzing their significance. Their study started in 2012 and the most recent results are from the end of 2015. To gain further knowledge, they have built a prototype scanner capable of finding industrial control systems. This lets the authors evaluate the possibility of performing routine scans to gauge the vulnerability of a nation. Their second contribution is to present a template for a national Internet scanning program. The authors discuss the technology, performance, and legality of such a program. Based on their findings and analysis they argue that nations should continuously monitor their own Internet address space for vulnerabilities. The authors' findings indicate that the current level of vulnerabilities is significant and unacceptable. Scanning a nation's critical infrastructure can be done in minutes, allowing them to keep a tight control of vulnerabilities. Yet, in addition, the authors need to extend current legislation and the rights of government officials to bring more security in national critical infrastructures; this discussion is their third contribution. The cyber-space has become a playing field for criminals, terrorists and nation states, all of which may have a motive to disrupt the daily life of a nation, and currently causing such disruptions is too easy.

A White Hat Study of a Nation's Publicly Accessible Critical Digital Infrastructure and a Way Forward

2016 ◽  
Vol 6 (1) ◽  
pp. 41-52
Author(s):  
Timo Kiravuo ◽  
Seppo Tiilikainen ◽  
Mikko Särelä ◽  
Jukka Manner
Keyword(s):  
Control Systems ◽  
Critical Infrastructure ◽  
The Internet ◽  
Address Space ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Playing Field ◽  
Internet Address ◽  
Nation States ◽  
Automation Systems

The developed society depends on many critical infrastructure processes, such as power generation, water treatment, many types of manufacturing, and smart buildings. These processes need control and the automation industry has embraced the Internet to connect all these controls. However, the controlling devices thus opened to the world do not always have adequate safeguards to withstand malicious users. Many automation systems have default passwords or known and unknown backdoors. Also, often those systems are not updated to close security weaknesses found after original installation. The authors argue that while the industry is familiar with the notion of safety of equipment and processes, it has not focused enough on IT security. Several years ago the Shodan search engine showed how easy it is to find these control devices on the Internet. The authors followed this research line further by targeting one nation's IP address space with Shodan and found thousands of control systems, many of which represent models and versions with known vulnerabilities. Their first contribution is presenting these findings and analyzing their significance. Their study started in 2012 and the most recent results are from the end of 2015. To gain further knowledge, they have built a prototype scanner capable of finding industrial control systems. This lets the authors evaluate the possibility of performing routine scans to gauge the vulnerability of a nation. Their second contribution is to present a template for a national Internet scanning program. The authors discuss the technology, performance, and legality of such a program. Based on their findings and analysis they argue that nations should continuously monitor their own Internet address space for vulnerabilities. The authors' findings indicate that the current level of vulnerabilities is significant and unacceptable. Scanning a nation's critical infrastructure can be done in minutes, allowing them to keep a tight control of vulnerabilities. Yet, in addition, the authors need to extend current legislation and the rights of government officials to bring more security in national critical infrastructures; this discussion is their third contribution. The cyber-space has become a playing field for criminals, terrorists and nation states, all of which may have a motive to disrupt the daily life of a nation, and currently causing such disruptions is too easy.

Investigation of risks for Critical Infrastructures due to the exposure of SCADA systems and industrial controls on the Internet based on the search engine Shodan

2020 ◽  
Vol 2020 (3) ◽  
pp. 253-1-253-16 ◽  
Author(s):  
Daniel Kant ◽  
Reiner Creutzburg ◽  
Andreas Johannsen
Keyword(s):  
Control Systems ◽  
Search Engine ◽  
Common Good ◽  
Cyber Attacks ◽  
The Internet ◽  
Critical Infrastructures ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Industrial Plants ◽  
Scada Systems

Industrial Control Systems occur in automation processes and process control procedures within Critical Infrastructures (CI) - these are institutions with important significance for the common good of the state and thus for the maintenance of a society. Failures or disturbances in industrial plants can have serious physical consequences, such as power outages or interruptions in production. Energy suppliers, in particular, are an attractive target for cyber attacks due to their interdependencies with other infrastructures. A large number of SCADA systems and Industrial Control Systems are directly connected to the Internet and inadequately secured from an information technology perspective, this represents a considerable risk for IT security and, consequently, for the availability of Critical Infrastructures. The Shodan search engine reveals a worrying extent of exposed industrial control equipment on the Internet. The collected information and metadata about Industrial Control Systems from this search are freely available online. They can serve as a basis for potential attacks. Without authentication mechanisms, anyone can connect to open ports using industrial and remote maintenance protocols. The resulting risks and consequences for the companies, operators as well as for the society due the exposure of industrial plants and Critical Infrastructures are examined based on the Shodan search engine within the scope of this work.

Control Systems Security

2011 ◽  
pp. 187-204 ◽  
Author(s):  
Jake Brodsky ◽  
Robert Radvanovsky
Keyword(s):  
Control Systems ◽  
News Media ◽  
The Internet ◽  
Critical Infrastructures ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Systems Security ◽  
National Power ◽  
Executive Level ◽  
The U.S

With recent news media discussions highlighting the safety and integrity of the U.S. national power grid, questions have been raised by both political and executive-level management, specifically, as to the risks associated with our critical infrastructures. More specifically, the issue of concern is dealing with and addressing cyber vulnerability issues, threats and risks associated with an extremely complex and inter-twining series of dependencies arising from legacy industries established almost 100 years ago. Equally as important are the growing threats and risks to these environments resulting from their exposure to outside networks (such as the Internet), exposing critically vital and important cyber systems to just about everyone and anyone globally. This chapter highlights the importance of preventing hack attacks against SCADA systems, or Industrial Control Systems (abbreviated as ICS), as a means of protecting our critical infrastructures.

Industrial Control Systems

2013 ◽  
pp. 82-104
Author(s):  
Antony Bridges
Keyword(s):  
Control Systems ◽  
The Internet ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
The Future

As industrial control systems (ICSs) have been connected to wider organisational networks and the Internet, the threat from unauthorised access has increased. Protecting these systems from attack requires not just the use of appropriate technological solutions but also an understanding of the humans within the wider system. It is not sufficient that the human knows what they need to do. They must also be willing and able to do it. This chapter highlights some of the human vulnerabilities within Industrial Control Systems and suggests that greater consideration of and adaptation to the human limitations will enhance the future security of these systems.

Sign in / Sign up

Export Citation Format

Share Document