Industrial automation and control systems (IACS) play a key role in modern production facilities. On the one hand, they provide real-time functionality to the connected field devices. On the other hand, they get more and more connected to local networks and the internet in order to facilitate use cases promoted by "Industry 4.0". This makes IACS susceptible to cyber-attacks which exploit vulnerabilities, for example in order to interrupt the automation process. Security testing targets at discovering those vulnerabilities before they are exploited. In order to enable IACS manufacturers and integrators to perform security testing for their devices, we present ISuTest, a modular security testing framework for IACS. ISuTest is designed to be extendable regarding all kinds of automation protocols, different connection paths as well as evaluating arbitrary outputs of the tested devices. This paper describes the fundamental ideas behind ISuTest, its design and a basic evaluation in which the ISuTest framework was able to discover a vulnerability in a programmable logic controller (PLC). The paper concludes with a broad overview of the planned future work.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.