Industrial Control Systems (ICS) are widely deployed in mission critical infrastructures such as manufacturing, energy, and transportation. The mission critical nature of ICS devices poses important security challenges for ICS vendors and asset owners. In particular, the patching of ICS devices is usually deferred to scheduled production outages so as to prevent potential operational disruption of critical systems. Unfortunately, anecdotal evidence suggests that ICS devices are riddled with security vulnerabilities that are not patched in a timely manner, which leaves them vulnerable to exploitation by hackers, nation states, and hacktivist organizations. In this paper, we present the results from our longitudinal measurement and characterization study of ICS patching behavior. Our study is based on IP scan data collected from Shodan over the duration of three years for more than 500 known industrial ICS protocols and products. Our longitudinal measurements reveal the impact of vulnerability disclosures on ICS patching. Our analysis of more than 100 thousand Internet-exposed ICS devices reveals that about 50% upgrade to newer patched versions within 60 days of a vulnerability disclosure. Based on our measurement and analysis, we further propose a variation of the Bass model to forecast the patching behavior of ICS devices. The evaluation shows that our proposed models have comparable prediction accuracy when contrasted against traditional ARIMA timeseries forecasting models, while requiring less parameters and being amenable to direct physical interpretation.
Ensuring system survivability in the wake of advanced persistent threats is a big challenge that the security community is facing to ensure critical infrastructure protection. In this paper, we define metrics and models for the assessment of coordinated massive malware campaigns targeting critical infrastructure sectors. First, we develop an analytical model that allows us to capture the effect of neighborhood on different metrics (e.g., infection probability and contagion probability). Then, we assess the impact of putting operational but possibly infected nodes into quarantine. Finally, we study the implications of scanning nodes for early detection of malware (e.g., worms), accounting for false positives and false negatives. Evaluating our methodology using an hierarchical topology typical of factory automation networks, we find that malware infections can be effectively contained by using quarantine and appropriate rates of scanning for soft impacts.
Epidemic models have received significant attention in the past few decades to study the propagation of viruses, worms and ideas in computer and social networks. In the case of viruses, the goal is to understand how the topology of the network and the properties of the nodes that comprise the network, together, impact the spread of the epidemics. In this paper, we propose rejuvenation as a way to cope with epidemics. Then, we present a model to study the effect of rejuvenation and of the topology on the steady-state number of infected and failed nodes. We distinguish between a state in which the virus is incubating and in which symptoms might not be visible and yet they may be contagious and infecting other nodes, and a state of failure where symptoms are clear. Sampling costs might be incurred to examine nodes in search for viruses at an early stage. Using the proposed model, we show that the sampling rate admits at most one local minimum greater than zero. Then, we numerically illustrate the impact of different system parameters on the optimal sampling rate, indicating when rejuvenation is more beneficial.
Imunidade coletiva, um dos conceitos fundamentais associados à contaminações em redes, ocorre quando grande parte da população está imune a um ataque oriundo de uma classe de códigos maliciosos. A menor parcela de indivíduos que permanecem sem adotar contramedidas tende a estar mais protegida de ataques, por efeito da redução da contaminação epidêmica. Contudo, esta condição não leva em consideração a capacidade do atacante de estrategicamente buscar por indivíduos vulneráveis, se tornando alvos fáceis. Neste artigo, propomos um modelo analítico que nos permite capturar o impacto das contramedidas face a epidemias e atacantes estratégicos. Usando o modelo propostos, podemos verificar a existência de um equilíbrio não trivial entre o custo de uma imunização e a probabilidade de estar infectado em função do número de suscetíveis.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.