Block diagram of signal validity monitoring mechanism extended with control system integrity check mechanism.
Abstract:
The paper investigates cyber threats and potential solutions for protecting industrial control systems (ICS). On the cyber threats side, different off-the-shelf offensive...Show MoreMetadata
Abstract:
The paper investigates cyber threats and potential solutions for protecting industrial control systems (ICS). On the cyber threats side, different off-the-shelf offensive solutions, both hardware and software, are analysed and tested. The goal of the paper is to increase cyber threat awareness by showing how such off-the-shelf solutions, well known to IT security experts, can be utilised as (or inspire) attack vectors to gain access to generally unprotected industrial plants. After obtaining an accessing point, Man-in-the-Middle (MITM) and Legal-Client-to-Server (LCSA) types of attacks from reconnaissance, client-to-server and server-to-client categories are demonstrated. For this purpose, a Modbus communication protocol implemented in a real compressor station is used as basis. Regarding potential protection solutions, the paper proposes a simple-to-implement and cheap hardening methodology applicable inside almost any industrial plant. A novel, PLC-based ICS cyber security protection method, made of a signal validity monitoring mechanism and a control system integrity check mechanism is also discussed and demonstrated. Both penetration testing and hardening methodology are verified experimentally, using real PLC and HMI devices.
Block diagram of signal validity monitoring mechanism extended with control system integrity check mechanism.
Published in: IEEE Access ( Volume: 10)