For Publishers
DiscoveryMetadataPeer reviewHostingPublishing
For Researchers
JoinPublishReviewCollect
Register
Blog
About
Search
Advanced search
My ScienceOpen
Search
For Publishers
For Researchers
Blog
About
4,158
views
12
references
 Top references
cited by
0
    
0 reviews
 Review
0
comments
 Comment
0
recommends
+1 Recommend
1 collections
    4
    shares
      373
      similar
       All similar

      Celebrating 65 years of The Computer Journal - free-to-read perspectives - bcs.org/tcj65

      scite_
       
      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      PLCBlockMon: Data Logging and Extraction on PLCs for Cyber Intrusion Detection

      proceedings-article
      Author(s): 1 , 1 , 2 , 2
      Publication date (Print):
      Conference name: 5th International Symposium for ICS & SCADA Cyber Security Research 2018 (ICS-CSR 2018)
      Conference theme: ICS & SCADA Cyber Security Research
      Conference date: 29 - 30 August 2018
      Keywords: Industrial Control Systems, Cyber Security, Logging and Extraction, PLC, Intrusion Detection
      Bookmark

            Abstract

            The threat landscape for industrial control systems is ever-expanding and these systems have proven to be attractive targets for cyber attackers. Programmable Logic Controllers are major components in ICSs and hence need to be well-protected and monitored. By examining the existing research in this field we found that there is a void in comprehensive analysis of data logging and extraction features on industrial devices. However, analysis of these features and evaluation of their applicability for cyber intrusion detection would significantly facilitate their adoption by intrusion detection tools. In order to close the gap, we analyzed the logging and extraction capabilities of the Siemens S7-1200 PLC and HMI panel. We implemented a PLC logic for data logging called PLCBlockMon. In this paper, we provide guidelines for its usage and demonstrate its applicability for cyber intrusion detection in selected scenarios.

            Content

            Author and article information

            Contributors
            Mislav Findrik
            Paul Smith
            McLaughlin Kieran
            Conference
            Publication date: August 2018
            Publication date (Print): August 2018
            Pages: 102-111
            Affiliations
            [1 ]AIT Austrian Institute of Technology Center for Digital Safety & Security Vienna, Austria
            [2 ]Queen’s University Belfast Center for Secure Information Technologies, Belfast, UK
            Article
            DOI: 10.14236/ewic/ICS2018.12
            SO-VID: 98d3a4a4-2960-4768-aea6-8d3dfbf05af0
            Copyright © © Findrik et al. Published by BCS Learning and Development Ltd. Proceedings of ICS & SCADA 2018
            License:

            This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

            Conference name: 5th International Symposium for ICS & SCADA Cyber Security Research 2018
            Conference acronym: ICS-CSR 2018
            Conference number: 5
            Conference location: University of Hamburg, Germany
            Conference date: 29 - 30 August 2018
            Conference sponsor: Electronic Workshops in Computing (eWiC)
            Conference theme: ICS & SCADA Cyber Security Research
            History
            Product

            1477-9358 BCS Learning & Development

            Self URI (article page): https://www.scienceopen.com/hosted-document?doi=10.14236/ewic/ICS2018.12
            Self URI (journal page): https://ewic.bcs.org/
            Categories
            Series title: Electronic Workshops in Computing

            ScienceOpen disciplines: Applied computer science,Computer science,Security & Cryptology,Graphics & Multimedia design,General computer science,Human-computer-interaction
            Keywords: Industrial Control Systems,PLC,Cyber Security,Intrusion Detection,Logging and Extraction

            REFERENCES

            1. Siemens Sending Emails over Secure Email Connections with S7-1500 and S7-1200 https://cache.industry.siemens.com/dl/files/803/46817803/att_926218/v2/46817803_EMail_with_CP1543-1_en.pdf

            2. Siemens SIMATIC HMI Comfort Panels https://cache.industry.siemens.com/dl/files/153/109476153/att 848919/v1/109476153_Remote_Panels_Webserver_DOKU_en.pdf

            3. Siemens Security with SIMATIC controllers https://cache.industry.siemens.com/dl/files/010/90885010/att_876214/v1/77431846_Security_SIMATIC_DOKU_V20_en.pdf

            4. Siemens Configuring Messages and Alarms in WinCC (TIA Portal) https://support.industry.siemens.com/cs/document/62121503/configuration-of-messages-and-alarms\penalty-\@M-in-wincc-(tia-portal)?dti= 0&lc=en-WW

            5. “Stuxnet: Dissecting a Cyberwarfare Weapon” IEEE Security & Privacy 9 3 49 51 May-June 2011

            6. E-ISAC Analysis of the Cyber Attack on the Ukrainian Power Grid Defense Use Case March 18 2016

            7. Dragos Crashoverride: Analysis of the Threat to Electrical Grid Operations https://dragos.com/blog/crashoverride/CrashOverride-01.pdf

            8. SecMatters SilentDefence Datasheet https://www.secmatters.com/hubfs/SecurityMatters-March2017/PDF/SilentDefense-Datasheet.pdf

            9. Dragos Dragos Platform Datasheet https://dragos.com/media/Dragos_Platform_Data_Sheet.pdf

            10. Darktrace Industrial Immune System https://www.darktrace.com/resources/ds-iis.pdf

            11. Nozomi Networks SCADAGuardian Datasheet https://www.nozominetworks.com/downloads/US/Nozomi-Networks-SG-Data-Sheet.pdf

            12. “Standardsbased open-source PLC diagnostics monitoring,” Proceedings of ICALEPCS2015 Melbourne, Australia

            13. “Industrial Control System Network Intrusion Detection by Telemetry Analysis,” IEEE Transactions on Dependable and Secure Computing 13 2 252 260 March-April 1 2016

            14. “Secure Architecture for Industrial Control Systems,” https://www.sans.org/reading-room/whitepapers/ICS/securearchitecture-industrial-control-systems-3632

            15. Siemens SIMATIC S7-1200 System Manual Siemens Nrnberg 2014

            16. Kali Linux https://www.kali.org/

            17. Kali Tools, hping3 Package Description https://tools.kali.org/information-gathering/hping3

            18. Siemens Diagnostics in User Program with S7-1500 2014

            19. 2015 A Survey of Industrial Control System Testbeds Secure IT Systems. Lecture Notes in Computer Science 9417 Springer Cham

            20. Siemens Open User Communication with TSEND C and TRCV C https://cache.industry.siemens.com/dl/files/808/67196808/att_108115/v2/net_s7-1200_isoontcp_en.pdf

            21. Siemens Sending SYSLOG messages with a SIMATIC S7 CPU https://support.industry.siemens.com/cs/document/51929235/-sending-syslog-messages-with-a-simatic-s7-cpu?dti=0&lc=en-WW

            22. Siemens Siemens Security Bulletin Response to ICS Alert (ICSA-11-223-01A) https://www.industry.siemens.com/topics/global/en/industrial-security/news-alerts/Documents/Summary_on_ICS_Alert_ICSA-11-223-01A.pdf

            23. Exploiting Siemens Simatic S7 PLCs, in Black Hat USA+2011 Las Vegas, NV, USA 34 Aug. 2011 [Online]. https://media.blackhat.com/bh-us-11/Beresford/BH_US11_Beresford_S7_PLCs_WP.pdf

            24. The spear to break the security wall of S7CommPlus, in Black Hat EU 2017 [Online]. https://www.blackhat.com/docs/eu-17/materials/eu-17-Lei-The-Spear-To-Break%20-The-Security-Wall-Of-S7CommPlus-wp.pdf

            25. Sequence-aware Intrusion Detection in Industrial Control Systems In Proceedings of the 1st ACM Workshop on Cyber-Physical System Security (CPSS ’15). ACM New York, NY, USA 13-24 http://dx.doi.org/10.1145/2732198.2732200

            26. “On Ladder Logic Bombs in Industrial Control Systems.” arXiv preprint arXiv:1702.05241 2017 https://arxiv.org/pdf/1702.05241.pdf

            27. US-CERT Alert (TA14-013A) NTP Amplification Attacks Using CVE-2013-5211 https://www.us-cert.gov/ncas/alerts/TA14-013A

            28. “Forensics in Industrial Control System: A Case Study.” 2016 https://arxiv.org/ftp/arxiv/papers/1611/1611.01754.pdf

            Comments

            Comment on this article