Industrial Control System Security Overview
-
Upload
pgmaynard -
Category
Technology
-
view
24 -
download
1
Transcript of Industrial Control System Security Overview
![Page 1: Industrial Control System Security Overview](https://reader035.fdocuments.net/reader035/viewer/2022080912/55d0d1f3bb61eb160e8b4611/html5/thumbnails/1.jpg)
# ??
@CSIT_QUB
Industrial Control System Security OverviewPeter Maynard, PhD Researcher
![Page 2: Industrial Control System Security Overview](https://reader035.fdocuments.net/reader035/viewer/2022080912/55d0d1f3bb61eb160e8b4611/html5/thumbnails/2.jpg)
What is ICS and SCADA
• Industrial Control Systems (ICS):• Chemical, water, gas processing. • Transportation, electricity, nuclear systems.
• Supervisory Control And Data Acquisition (SCADA):• SCADA provides remote telemetry control for ICS.
![Page 3: Industrial Control System Security Overview](https://reader035.fdocuments.net/reader035/viewer/2022080912/55d0d1f3bb61eb160e8b4611/html5/thumbnails/3.jpg)
Security Threats to ICS
● ICS systems have a 40 year life span.
● Used to use firewall air-gapping to separate the networks.
● Systems often left un-patched due to system maintainability concerns.
● SCADA protocols developed in the 70s-80s still widely in use.
● Provide no form of encryption or authenticity.
– Not implemented in industry.
![Page 4: Industrial Control System Security Overview](https://reader035.fdocuments.net/reader035/viewer/2022080912/55d0d1f3bb61eb160e8b4611/html5/thumbnails/4.jpg)
What we have been working on
• European FP7 Project.• Worked with Linz Strom GmbH.
– Austrian Electrical Distribution Operator.
• Access to real world testbed.
![Page 5: Industrial Control System Security Overview](https://reader035.fdocuments.net/reader035/viewer/2022080912/55d0d1f3bb61eb160e8b4611/html5/thumbnails/5.jpg)
Man-In-The-Middle Attack
● Using our custom Ettercap plugin we’re able to hide an earth fault from the operator.
● Using ARP Spoofing.
● Packet manipulation.
![Page 6: Industrial Control System Security Overview](https://reader035.fdocuments.net/reader035/viewer/2022080912/55d0d1f3bb61eb160e8b4611/html5/thumbnails/6.jpg)
Detection of attacks on ICS
• Current signature based systems, SNORT, Bro.– Unable to detect Zero day.
– Unable to identify suspicious traffic. e.g. malware, backdoors
• Anomaly Detection using Machine Learning.– ICS networks are fairly consistent and predictable.
![Page 7: Industrial Control System Security Overview](https://reader035.fdocuments.net/reader035/viewer/2022080912/55d0d1f3bb61eb160e8b4611/html5/thumbnails/7.jpg)
Questions ?