Off-the-Shelf Solutions as Potential Cyber Threats to Industrial Environments and Simple-To-Implement Protection Methodology

Slunjski, Marko; Sumina, Damir; Groš, Stjepan; Erceg, Igor

doi:10.1109/access.2022.3217797

Cited by 8 publications

(3 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our threat model assumes an attacker that has gained unauthorized initial access to the industrial communications network. The initial access to the IACS could be gained by compromising IT devices within the OT network (e.g., engineering workstations, printers), implementing a ''rouge'' device within the industrial communication network, replicating via removable media, and compromising the supply chain (e.g., firmware updates, physical devices) [33]. Very importantly, our threat model assumes that Modbus/TCP peers are not compromised and that unauthorized access to the IACS devices is not possible (e.g., through physical protection measures such as locking devices in cabinets).…”

Section: B Threat Modelmentioning

confidence: 99%

Protecting Modbus/TCP-Based Industrial Automation and Control Systems Using Message Authentication Codes

et al. 2023

Self Cite

View full text Add to dashboard Cite

Critical infrastructure (CI), such as energy and water distribution systems, is essential for the stability and well-being of the modern society. Industrial automation and control systems (IACSs) form the backbone of CIs and enable the operation of such systems in a safe and reliable manner. However, with the increasing use of industrial Ethernet communication protocols, such as Modbus-over-TCP (Modbus/TCP), once air-gapped IACSs are becoming vulnerable to potential cybersecurity threats. This paper presents a novel method for enhancing the cybersecurity of Modbus/TCP-based IACSs by implementing an authentication method based on message authentication codes (MACs). To provide partial protection of communication even when communicating with legacy Modbus/TCP peers, we propose a novel supervising device that analyzes exchanged messages and verifies the authenticity of the protected messages. To experimentally verify the protection method, a water-treatment cyber-physical system (CPS) was implemented as a digital twin in a programmable logic controller (PLC). The underlying MAC is the Chaskey-12, lightweight MAC defined in IEC 29192-6. It was implemented in the PLC program using the programming languages defined in IEC 61131-3. As an additional contribution, the presented implementation allows protection of communication between PLCs and other Modbus/TCP peers installed in existing IACSs without hardware or firmware modifications. The results show that the method provides protection against network attacks without significantly affecting performance, also demonstrating the feasibility of such protection in IACSs.INDEX TERMS Automation, communication system security, cyber-physical systems, industrial communication. III. CYBERSECURITY OF THE MODBUS/TCP COMMUNICATION PROTOCOL IGOR ERCEG (Member, IEEE) received the Dipl.Eng. and Ph.D. degrees in electrical engineering from the Faculty of Electrical Engineering and Computing, University of Zagreb, in 2004 and 2010, respectively. He is currently an Associate Professor with the Department of Electric Machines, Drives, and Automation, Faculty of Electrical Engineering and Computing, University of Zagreb. His research interests include industrial automation, cybersecurity in process control systems, control of electrical drives, and energy conversion systems.

show abstract

Section: B Threat Modelmentioning

confidence: 99%

Protecting Modbus/TCP-Based Industrial Automation and Control Systems Using Message Authentication Codes

et al. 2023

Self Cite

View full text Add to dashboard Cite

show abstract

“…The fuzzy model can be developed based on the available data on security incidents, the security systems feature, and the feedback from security personnel. The output of the fuzzy model can provide a quantitative assessment of the security system's effectiveness, which can be used to identify the system's strengths and weaknesses and to optimize the security measures [3].…”

Section: Evaluating Security System Effectiveness Through Fuzzy Model...mentioning

confidence: 99%

“…Figures 2,3,4 show graphs of membership functions for the linguistic variables "Compliance of measures", "Probability of threat", "Effectiveness of the security system".…”

mentioning

confidence: 99%

Investigation of the Method of Evaluating the Effectiveness of the Information Security System Based on Fuzzy Inference

Ziro

Gnatyuk

Toibayeva

2023

sjaitu

View full text Add to dashboard Cite

As organizations increasingly rely on digital technology to operate, protecting their information and data has become a critical concern. Information security systems are designed to safeguard digital assets against unauthorized access, use, disclosure, disruption, modification, or destruction. However, evaluating the effectiveness of an information security system can be challenging due to the complexity of the system and the diversity of threats it faces. In recent years, researchers have proposed using fuzzy inference to evaluate the effectiveness of information security systems. Fuzzy inference is a mathematical approach that can handle uncertain and imprecise information, making it well-suited for evaluating the effectiveness of information security systems. This research aims to develop a method for evaluating the effectiveness of an information security system based on fuzzy inference. The proposed method uses a set of performance indicators to measure the effectiveness of the system, such as the number of security incidents detected, the response time to security incidents, and the number of false positives and false negatives [1]. These indicators are then combined using fuzzy inference to generate an overall effectiveness score for the system. The proposed method will be evaluated using a real-world case study of an information security system deployed in an organization. The effectiveness score generated by the fuzzy inference method will be compared to the results obtained using traditional evaluation methods, such as the cost-benefit analysis or the return-on-investment analysis. The results of the study will demonstrate the effectiveness and usefulness of the proposed method for evaluating information security systems.

show abstract

Detecting and classifying man-in-the-middle attacks in the private area network of smart grids

Elrawy,

Hadjidemetriou,

Laoudias

et al. 2023

Sustainable Energy, Grids and Networks

View full text Add to dashboard Cite

Off-the-Shelf Solutions as Potential Cyber Threats to Industrial Environments and Simple-To-Implement Protection Methodology

Cited by 8 publications

References 28 publications

Protecting Modbus/TCP-Based Industrial Automation and Control Systems Using Message Authentication Codes

Protecting Modbus/TCP-Based Industrial Automation and Control Systems Using Message Authentication Codes

Investigation of the Method of Evaluating the Effectiveness of the Information Security System Based on Fuzzy Inference

Detecting and classifying man-in-the-middle attacks in the private area network of smart grids

Contact Info

Product

Resources

About