PCaaD: Towards automated determination and exploitation of industrial systems

Green, Ben; Derbyshire, Richard; Krotofil, Marina; Knowles, William; Prince, Daniel; Suri, Neeraj

doi:10.1016/j.cose.2021.102424

Cited by 17 publications

(4 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Focusing on the intersection of PLC programming practices and memory management, Green et al [12] introduce the technique 'Process Comprehension at a Distance' (PCaaD). PCaaD takes advantage of the fact that many PLC programmers use vendor-provided library functions [15] to distinguish what functions are running on the PLC, thus providing an adversary a greater level of process comprehension [13].…”

Section: Related Workmentioning

confidence: 99%

“…Building on some of the concepts of PCaaD [12], Maesschalck et al [16] show that many of the vendorprovided library functions contain a vulnerability that allows adversaries to change the operation of the PLC. The authors present a scanning tool to identify bytes, and therefore variables, in the target PLC's memory that are susceptible to being manipulated over the network.…”

Section: Related Workmentioning

confidence: 99%

“…By adhering to established programming standards, implementing secure programming practices, and following thorough testing and validation processes, organisations can minimise the likelihood of vulnerabilities being introduced into their ICS and physical process. However, many organisations rely on PLC code in the form of vendor-provided library functions [15], which are proprietary, unable to be edited, and demonstrably vulnerable [12], [16], meaning that many elements of secure PLC programming practices cannot be exercised when they are sorely needed.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

To me, to you: Towards Secure PLC Programming through a Community-Driven Open-Source Initiative

Derbyshire,

Maesschalck,

Staves

et al. 2023

2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

Self Cite

View full text Add to dashboard Cite

For decades, industrial control systems (ICS) have experienced an increasing frequency of cyber attacks, which in turn have increased in sophistication. Consequently, secure programmable logic controller (PLC) programming practices are becoming crucial as more adversaries are attaining the capability to gain a foothold in the ICS environment and directly attack the physical process through exploiting vulnerable PLC code. Existing programming practices involve the frequent use of vendor-provided, proprietary library functions, which cannot be viewed or edited, inhibiting the incorporation of secure PLC programming practices. This work begins by exploring the viability of open-source PLC functions as an alternative because of their open nature and potential for broader adoption of secure PLC programming practices. However, when analysed, the selected open-source PLC functions are found to contain the same vulnerabilities as those provided by the vendor. In response, a conceptual framework for a community-driven initiative is proposed that would acquire open-source PLC functions and their supporting documentation, review them for vulnerabilities and apply secure PLC coding practices, and finally disseminate the newly-secured, open-source PLC functions for wider use.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

To me, to you: Towards Secure PLC Programming through a Community-Driven Open-Source Initiative

Derbyshire,

Maesschalck,

Staves

et al. 2023

2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

Self Cite

View full text Add to dashboard Cite

show abstract

“…While, historically, IT and OT were segregated as described by the Purdue Model [2], an increasing volume of standardised technology (including IT software and hardware) is being integrated into OT systems that operate within the Manufacturing and Cell/Area Zones. Despite the benefits that this technological integration provides, it has also led to an increased attack surface for threat actors to target [3], [4], resulting in several notable cyber attacks specifically aimed at industrial environments, including CNI facilities [5], [6].…”

Section: Introductionmentioning

confidence: 99%

Learning to Walk: Towards Assessing the Maturity of OT Security Control Standards and Guidelines

Staves

Maesschalck

Derbyshire³

et al. 2023

2023 IFIP Networking Conference (IFIP Networking)

Self Cite

View full text Add to dashboard Cite

The convergence of IT and OT has presented OT environments with several challenges, such as increasing the attack surface of its real time systems to include more commonplace enterprise vulnerabilities. As OT is used across heavily regulated sectors, including water and nuclear, many standards and guidelines are available to these sectors, providing them with assistance towards continued improvements from a cyber security perspective. However, these standards and guidelines are not always as mature as their IT counterparts. This paper proposes a model to benchmark the maturity of OT focused standards and guidelines, which we then use to analyse seven commonly adopted resources. Based on this analysis, we find that these OT standards and guidelines do not always provide in-depth implementation guidance, and often refer instead to IT standards and guidelines for more information. Improvements are urgently needed in security and risk mitigation for interconnected OT and IT systems, as security controls in OT are typically reappropriated IT controls. To help achieve this goal, OT standards must mature further.

show abstract