Validation of ICS Vulnerability Related to TCP/IP Protocol Implementation in Allen-Bradley Compact Logix PLC Controller

Pavesi, Jaime; Villegas, T.; Perepechko, Alexey; Aguirre, Eleazar; Galeazzi, Lorena

doi:10.1007/978-3-030-33229-7_30

Cited by 4 publications

(1 citation statement)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The CompactLogix 5370 used for our simulation system had also been exploited by Pavesi et al in [28]. These researchers developed a tool for a SYN injection attack for the TCP protocol and they conducted the attack in the OT network of their lab environment.…”

Section: Related Workmentioning

confidence: 99%

An Analytics Framework for Heuristic Inference Attacks against Industrial Control Systems

Choi

Bai

et al. 2021

Preprint

View full text Add to dashboard Cite

Industrial control systems (ICS) of critical infrastructure are increasingly connected to the Internet for remote site management at scale. However, cyber attacks against ICS -especially at the communication channels between humanmachine interface (HMIs) and programmable logic controllers (PLCs) -are increasing at a rate which outstrips the rate of mitigation.In this paper, we introduce a vendor-agnostic analytics framework which allows security researchers to analyse attacks against ICS systems, even if the researchers have zero control automation domain knowledge or are faced with a myriad of heterogenous ICS systems. Unlike existing works that require expertise in domain knowledge and specialised tool usage, our analytics framework does not require prior knowledge about ICS communication protocols, PLCs, and expertise of any network penetration testing tool. Using 'digital twin' scenarios comprising industry-representative HMIs, PLCs and firewalls in our test lab, our framework's steps were demonstrated to successfully implement a stealthy deception attack based on false data injection attacks (FDIA). Furthermore, our framework also demonstrated the relative ease of attack dataset collection, and the ability to leverage well-known penetration testing tools.We also introduce the concept of 'heuristic inference attacks', a new family of attack types on ICS which is agnostic to PLC and HMI brands/models commonly deployed in ICS. Our experiments were also validated on a separate ICS dataset collected from a cyber-physical scenario of water utilities. Finally, we utilized time complexity theory to estimate the difficulty for the attacker to conduct the proposed packet analyses, and recommended countermeasures based on our findings.

show abstract

Section: Related Workmentioning

confidence: 99%