Green, Benjamin and Krotofil, Marina and Abbasi, Ali (2017) On the Significance of Process Comprehension for Conducting Targeted ICS Attacks. In: CPS '17 Proceedings of the 2017 Workshop on Cyber-Physical Systems Security and PrivaCy :. ACM, USA, pp. 57-67. ISBN 9781450353946
sample_sigconf.pdf - Accepted Version
Available under License None.
Download (1MB)
Abstract
The exploitation of Industrial Control Systems (ICSs) has been described as both easy and impossible, where is the truth? Post-Stuxnet works have included a plethora of ICS focused cyber secu- rity research activities, with topics covering device maturity, network protocols, and overall cyber security culture. We often hear the notion of ICSs being highly vulnerable due to a lack of inbuilt security mechanisms, considered a low hanging fruit to a variety of low skilled threat actors. While there is substantial evidence to support such a notion, when considering targeted attacks on ICS, it is hard to believe an attacker with limited resources, such as a script kiddie or hacktivist, using publicly accessible tools and exploits alone, would have adequate knowledge and resources to achieve targeted operational process manipulation, while simultaneously evade detection. Through use of a testbed environment, this paper provides two practical examples based on a Man-In-The-Middle scenario, demonstrating the types of information an attacker would need obtain, collate, and comprehend, in order to begin targeted process manipulation and detection avoidance. This allows for a clearer view of associated challenges, and illustrate why targeted ICS exploitation might not be possible for every malicious actor.