For Publishers
DiscoveryMetadataPeer reviewHostingPublishing
For Researchers
JoinPublishReviewCollect
Register
Blog
About
Search
Advanced search
My ScienceOpen
Search
For Publishers
For Researchers
Blog
About
825
views
9
references
 Top references
cited by
1
    
0 reviews
 Review
0
comments
 Comment
0
recommends
+1 Recommend
1 collections
    8
    shares
      311
      similar
       All similar
       
      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      SimaticScan: Towards A Specialised Vulnerability Scanner for Industrial Control Systems

      proceedings-article

      Author(s): 1 , 1 , 1 , 1

      Publication date (Print):

      Conference name: 4th International Symposium for ICS & SCADA Cyber Security Research 2016 (ICS-CSR)

      Conference theme: Cyber Security Research

      Conference date: 23 - 25 August 2016

      Keywords: industrial control systems, vulnerability scanner, programmable logic controllers

      Bookmark

            Abstract

            Over the years, modern Industrial Control Systems (ICS) have become widely computerised and connected via the Internet and are, therefore, potentially vulnerable to cyber attacks. Currently there is a lack of vulnerability scanners specialised to ICS settings. Systems such as PLCScan and ModScan output pertinent information from a Programmable Logic Controller (PLC). However, they do not offer any information as to how vulnerable a PLC is to an attack. In this paper, we address these limitations and propose SimaticScan, a vulnerability scanner specialised to Siemens SIMATIC PLCs. Through experimentation in a comprehensive water treatment testbed, we demonstrate SimaticScan’s effectiveness in determining a range of vulnerabilities across three distinct PLCs, including a previously unknown vulnerability in one of the PLCs. Our experiments also show that SimaticScan outperforms the widely used Nessus vulnerability scanner (with relevant ICS-specific plugins deployed).

            Content

            Author and article information

            Contributors
            Rob Antrobus
            Sylvain Frey
            Benjamin Green
            Awais Rashid
            Conference
            Publication date: October 2016
            Publication date (Print): October 2016
            Pages: 11-18
            Affiliations
            [0001]Security Lancaster Research Centre Lancaster University Lancaster LA1 4WA UK security-centre.lancs.ac.uk
            Article
            DOI: 10.14236/ewic/ICS2016.2
            SO-VID: def80ec8-f6dc-4277-8165-1e51f74c2285
            Copyright statement: © Antrobus et al. Published byBCS Learning & Development Ltd.Proceedings of the 4th International Symposium for ICS & SCADA Cyber Security Research 2016
            License:

            This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

            Conference name: 4th International Symposium for ICS & SCADA Cyber Security Research 2016
            Conference acronym: ICS-CSR
            Conference number: 4
            Conference location: Queen’s Belfast University, UK
            Conference date: 23 - 25 August 2016
            Conference sponsor: Electronic Workshops in Computing (eWiC)
            Conference theme: Cyber Security Research
            Product
            Product Information: 1477-9358BCS Learning & Development
            Self URI (journal page): https://ewic.bcs.org/
            Categories
            Series title: Electronic Workshops in Computing

            Data availability:

            ScienceOpen disciplines: Applied computer science, Computer science, Security & Cryptology, Graphics & Multimedia design, General computer science, Human-computer-interaction

            Keywords: vulnerability scanner, industrial control systems, programmable logic controllers

            REFERENCES

            1. 2011 Exploiting siemens simatic s7 PLCs ext-link-type="uri" xlink: href="https://media.blackhat">https://media.blackhat.com/bh-us-11/Beresford/BH_US11_Beresford_S7_ PLCs_WP.pdf 12 April 2016

            2. 2008 ModScan - a SCADA MODBUS network scanner ext-link-type="uri" xlink: href="https://www">https://www.defcon.org/images/defcon-16/dc16-presentations/ defcon-16-bristow.pdf 12 April 2016

            3. Conpot 2016 Conpot ext-link-type="uri" xlink: href="http://conpot">http://conpot.org 24 02 2016

            4. Digital Bond 2016 PLCScan ext-link-type="uri" xlink: href="http://www.digitalbond.com/tools/plcscan/">http://www.digitalbond.com/tools/plcscan/ o12 April 2016

            5. 2016 Testbed diversity as a fundamental principle for effective ICS security research Proceedings of the First International Workshop on Security and Resilience of Cyber-Physical Infrastructures (SERECIN) Lancaster University Technical Report SCC-2016-01 12 15

            6. 2014 Design and construction of an industrial control system testbed PG Net -15th Annual PostGraduate Symposium on the Convergence of Telecommunications, Networking and Broadcasting

            7. Infracritical 2014 Project SHINE findings report ext-link-type="uri" xlink: href="http://www.slideshare.net/">http://www.slideshare.net/BobRadvanovsky/project-shine-findings-report-dated-1oct2014 12 April 2016

            8. 2010 Aspfuzz: A state-aware protocol fuzzer based on application-layer protocols Computers and Communications (ISCC), 2010 IEEE Symposium on 202 208

            9. secdev.org 2016 Scapy ext-link-type="uri" xlink: href="http://www">http://www.secdev.org/projects/scapy/ 5 05 2016

            10. 2015 Nessus plugin id 51192 ext-link-type="uri" xlink: href="http://www.tenable.com/plugins/index">http://www.tenable.com/plugins/index.php?view=single&id=51192 8 05 2016

            11. Shodan 2016 Shodan search engine ext-link-type="uri" xlink: href="https://www.shodan.io">https://www.shodan.io 17 02 2016

            12. Siemens 2016aEt200s ext-link-type="uri" xlink: href="http://w3">http://w3.siemens.com/mcms/programmable-logic-controller/en/distributed-controller/et200sp-based/Pages/default.aspx 24 02 2016

            13. Siemens 2016bS71200 ext-link-type="uri" xlink: href="http://w3">http://w3.siemens.com/mcms/programmable-logic-controller/en/basic-controller/s7–1200/pages/ default.aspx. 24 02 2016

            14. Siemens 2016cS7300 ext-link-type="uri" xlink: href="https://mall">https://mall.industry.siemens.com/mall/en/ww/catalog/products/ 5000013?activeTab=order&regionUrl= WW#More%20information. 24 02 2016

            15. Snap7 2016 Snap7 ext-link-type="uri" xlink: href="http://snap7">http://snap7.sourceforge.net/ 8 05 2016

            16. 2016 Default/hardcoded scada password list ext-link-type="uri" xlink: href="https://github.com/">https://github.com/scadastrangelove/SCADAPASS/blob/master/ scadapass.csv 8 05 2016

            17. Toolswatch 2016 vfeed ext-link-type="uri" xlink: href="https://">https://github.com/toolswatch/vFeed 5 05 2016

            18. TrendMicro 2016 First malware-driven power outage reported in Ukraine ext-link-type="uri" xlink: href="http://www">http://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/first-malware-driven-power-outage-reported-in-ukraine 12 01 2016

            19. 2013 Design and implementation of fuzzing technology for opc protocol Intelligent Information Hiding and Multimedia Signal Processing, 2013 Ninth International Conference on 424 428

            Comments

            Comment on this article