SimaticScan:towards a specialised vulnerability scanner for industrial control systems

Antrobus, Rob and Frey, Sylvain and Green, Benjamin and Rashid, Awais (2016) SimaticScan:towards a specialised vulnerability scanner for industrial control systems. In: Proceedings 4th International Symposium for ICS & SCADA Cyber Security Research. BCS.

[img]
Preview
PDF (SimaticScan_camera_ready)
SimaticScan_camera_ready.pdf - Accepted Version
Available under License Creative Commons Attribution-NonCommercial.

Download (629kB)

Abstract

Over the years, modern Industrial Control Systems (ICS) have become widely computerised and connected via the Internet and are, therefore, potentially vulnerable to cyber attacks. Currently there is a lack of vulnerability scanners specialised to ICS settings. Systems such as PLCScan and ModScan output pertinent information from a Programmable Logic Controller (PLC). However, they do not offer any information as to how vulnerable a PLC is to an attack. In this paper, we address these limitations and propose SimaticScan, a vulnerability scanner specialised to Siemens SIMATIC PLCs. Through experimentation in a comprehensive water treatment testbed, we demonstrate SimaticScan’s effectiveness in determining a range of vulnerabilities across three distinct PLCs, including a previously unknown vulnerability in one of the PLCs. Our experiments also show that SimaticScan outperforms the widely used Nessus vulnerability scanner (with relevant ICS-specific plugins deployed).

Item Type: Contribution in Book/Report/Proceedings
Departments: Faculty of Science and Technology > School of Computing & Communications
ID Code: 80422
Deposited By: ep_importer_pure
Deposited On: 27 Jul 2016 10:18
Refereed?: Yes
Published?: Published
Last Modified: 19 Feb 2020 06:23
URI: https://eprints.lancs.ac.uk/id/eprint/80422

Actions (login required)

View Item View Item