Derbyshire, Richard and Green, Benjamin and van der Walt, Charl and Hutchison, David (2024) Dead Man's PLC : Towards Viable Cyber Extortion for Operational Technology. Digital Threats: Research and Practice, 5 (3): 23. pp. 1-24.
Full text not available from this repository.Abstract
For decades, operational technology (OT) has enjoyed the luxury of being suitably inaccessible, and thus has experienced directly targeted cyber attacks from only the most advanced and well-resourced adversaries. However, security via obscurity cannot last forever, and indeed a shift is happening whereby less advanced adversaries are showing an appetite for targeting OT. With this shift in adversary demographics, there will likely also be a shift in attack goals, from clandestine process degradation and espionage to overt cyber extortion (Cy-X). Even if encryption-based Cy-X techniques were launched against OT assets, typical recovery practices designed for engineering processes would provide adequate resilience. In response, this paper introduces Dead Man's PLC (DM-PLC), a pragmatic step towards viable OT Cy-X that acknowledges and weaponises the resilience processes typically encountered in any OT environment. Using only existing functionality, DM-PLC considers an entire environment as the entity under ransom, whereby all assets constantly send one another heartbeats to ensure the attack remains untampered with, treating any deviations as a detonation trigger akin to a Dead Man's switch. A proof of concept of DM-PLC is implemented and evaluated on a peer reviewed and industry validated OT testbed to demonstrate its malicious potential.