825
views
0
recommends
+1 Recommend
1 collections
    8
    shares
       
      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      SimaticScan: Towards A Specialised Vulnerability Scanner for Industrial Control Systems

      proceedings-article

      1 , 1 , 1 , 1

      4th International Symposium for ICS & SCADA Cyber Security Research 2016 (ICS-CSR)

      Cyber Security Research

      23 - 25 August 2016

      industrial control systems, vulnerability scanner, programmable logic controllers

      Bookmark

            Abstract

            Over the years, modern Industrial Control Systems (ICS) have become widely computerised and connected via the Internet and are, therefore, potentially vulnerable to cyber attacks. Currently there is a lack of vulnerability scanners specialised to ICS settings. Systems such as PLCScan and ModScan output pertinent information from a Programmable Logic Controller (PLC). However, they do not offer any information as to how vulnerable a PLC is to an attack. In this paper, we address these limitations and propose SimaticScan, a vulnerability scanner specialised to Siemens SIMATIC PLCs. Through experimentation in a comprehensive water treatment testbed, we demonstrate SimaticScan’s effectiveness in determining a range of vulnerabilities across three distinct PLCs, including a previously unknown vulnerability in one of the PLCs. Our experiments also show that SimaticScan outperforms the widely used Nessus vulnerability scanner (with relevant ICS-specific plugins deployed).

            Content

            Author and article information

            Contributors
            Conference
            October 2016
            October 2016
            : 11-18
            Affiliations
            [0001]Security Lancaster Research Centre Lancaster University Lancaster LA1 4WA UK security-centre.lancs.ac.uk
            Article
            10.14236/ewic/ICS2016.2
            def80ec8-f6dc-4277-8165-1e51f74c2285
            © Antrobus et al. Published byBCS Learning & Development Ltd.Proceedings of the 4th International Symposium for ICS & SCADA Cyber Security Research 2016

            This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

            4th International Symposium for ICS & SCADA Cyber Security Research 2016
            ICS-CSR
            4
            Queen’s Belfast University, UK
            23 - 25 August 2016
            Electronic Workshops in Computing (eWiC)
            Cyber Security Research
            Product
            Product Information: 1477-9358BCS Learning & Development
            Self URI (journal page): https://ewic.bcs.org/
            Categories
            Electronic Workshops in Computing

            REFERENCES

            1. 2011 Exploiting siemens simatic s7 PLCs ext-link-type="uri" xlink: href="https://media.blackhat">https://media.blackhat.com/bh-us-11/Beresford/BH_US11_Beresford_S7_ PLCs_WP.pdf 12 April 2016

            2. 2008 ModScan - a SCADA MODBUS network scanner ext-link-type="uri" xlink: href="https://www">https://www.defcon.org/images/defcon-16/dc16-presentations/ defcon-16-bristow.pdf 12 April 2016

            3. Conpot 2016 Conpot ext-link-type="uri" xlink: href="http://conpot">http://conpot.org 24 02 2016

            4. Digital Bond 2016 PLCScan ext-link-type="uri" xlink: href="http://www.digitalbond.com/tools/plcscan/">http://www.digitalbond.com/tools/plcscan/ o12 April 2016

            5. 2016 Testbed diversity as a fundamental principle for effective ICS security research Proceedings of the First International Workshop on Security and Resilience of Cyber-Physical Infrastructures (SERECIN) Lancaster University Technical Report SCC-2016-01 12 15

            6. 2014 Design and construction of an industrial control system testbed PG Net -15th Annual PostGraduate Symposium on the Convergence of Telecommunications, Networking and Broadcasting

            7. Infracritical 2014 Project SHINE findings report ext-link-type="uri" xlink: href="http://www.slideshare.net/">http://www.slideshare.net/BobRadvanovsky/project-shine-findings-report-dated-1oct2014 12 April 2016

            8. 2010 Aspfuzz: A state-aware protocol fuzzer based on application-layer protocols Computers and Communications (ISCC), 2010 IEEE Symposium on 202 208

            9. secdev.org 2016 Scapy ext-link-type="uri" xlink: href="http://www">http://www.secdev.org/projects/scapy/ 5 05 2016

            10. 2015 Nessus plugin id 51192 ext-link-type="uri" xlink: href="http://www.tenable.com/plugins/index">http://www.tenable.com/plugins/index.php?view=single&id=51192 8 05 2016

            11. Shodan 2016 Shodan search engine ext-link-type="uri" xlink: href="https://www.shodan.io">https://www.shodan.io 17 02 2016

            12. Siemens 2016aEt200s ext-link-type="uri" xlink: href="http://w3">http://w3.siemens.com/mcms/programmable-logic-controller/en/distributed-controller/et200sp-based/Pages/default.aspx 24 02 2016

            13. Siemens 2016bS71200 ext-link-type="uri" xlink: href="http://w3">http://w3.siemens.com/mcms/programmable-logic-controller/en/basic-controller/s7–1200/pages/ default.aspx. 24 02 2016

            14. Siemens 2016cS7300 ext-link-type="uri" xlink: href="https://mall">https://mall.industry.siemens.com/mall/en/ww/catalog/products/ 5000013?activeTab=order&regionUrl= WW#More%20information. 24 02 2016

            15. Snap7 2016 Snap7 ext-link-type="uri" xlink: href="http://snap7">http://snap7.sourceforge.net/ 8 05 2016

            16. 2016 Default/hardcoded scada password list ext-link-type="uri" xlink: href="https://github.com/">https://github.com/scadastrangelove/SCADAPASS/blob/master/ scadapass.csv 8 05 2016

            17. Toolswatch 2016 vfeed ext-link-type="uri" xlink: href="https://">https://github.com/toolswatch/vFeed 5 05 2016

            18. TrendMicro 2016 First malware-driven power outage reported in Ukraine ext-link-type="uri" xlink: href="http://www">http://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/first-malware-driven-power-outage-reported-in-ukraine 12 01 2016

            19. 2013 Design and implementation of fuzzing technology for opc protocol Intelligent Information Hiding and Multimedia Signal Processing, 2013 Ninth International Conference on 424 428

            Comments

            Comment on this article