Abstract
In the past several years, attacks over industrial control systems (ICS) have become increasingly frequent and sophisticated. The most common objectives of these types of attacks are controlling/monitoring the physical process, manipulating programmable controllers, or affecting the integrity of software and networking equipment. As one of the widely applied protocols in the ICS world, EtherCAT is an Ethernet-based protocol; thus, it is exposed to both TCP/IP and ICS-specific attacks. In this paper, we analyze EtherCAT field-level communication principles from the security viewpoint focusing on the protocol vulnerabilities, which have been rarely analyzed previously. Our research showed that it lacks the most common security parameters, such as authentication, encryption, and authorization, and is open to Media Access Control (MAC) spoofing, data injection, and other advanced attacks, which require superior skills. To prevent, detect, and reduce attacks over the EtherCAT-based critical systems, first, we improved the open-source Snort intrusion detection/prevention system (IDS/IPS) to support packets that are not processed over transport and network layers. Second, by incorporating a vulnerability analysis, we proposed the EtherCAT (ECAT) preprocessor. Third, we introduced a novel approach called trust-node identification and applied the approach as three rules into the preprocessor. In this sense, the ECAT preprocessor differs from other supported ICS preprocessors in the literature, such as DNP3 and Modbus/TCP. Besides supporting traditional rule expansion, it is also able to handle layer 2 packets and to apply deep packet inspection on EtherCAT packets using the trust-node approach. This method first identifies engineering-station approved nodes based on EtherCAT network information (ENI) configuration files and then deeply inspects incoming packets, considering protocol specifications. The improvements and approach have been tested on the physically developed testbed environment and we have proved that proposals can detect related attacks and provide a basic level of security over the EtherCAT-implemented systems.
Highlights
Industrial automation systems are generally divided into three categories according to the application fields, which are factory, process, and building automation
These automation systems are designed to provide the integration between information technology (IT) communication, such as the manufacturing execution system (MES) level or enterprise resource planning (ERP) level, and field communication, such as cell, field, or sensor/actuator levels [1]
The vulnerability analysis is performed by attack vectors on device-level communication, as it is responsible for carrying time-sensitive information
Summary
Industrial automation systems are generally divided into three categories according to the application fields, which are factory, process, and building automation. Ethernet and TCP/IP protocols are well known, and the diversity and success of the attacks are exhaustively studied in the literature [3, 4] This duo introduces security risks and cyberthreats into industrial control systems (ICS) as well. The short cycle times, speed, topology flexibility, scalability, product diversity, and cost advantages, which are essential arguments in critical systems, have enabled EtherCAT to become a major protocol running on industrial automation systems compared to Modbus/TCP, EtherNet/IP, PROFINET RT, or Sercos III [15]. The novelty of our study is that it is the first research in the literature focusing on EtherCAT communication vulnerabilities and introducing the trust-node approach to be used in Snort as a solution to improve EtherCAT security In this context, the vulnerability analysis is performed by attack vectors on device-level communication, as it is responsible for carrying time-sensitive information.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
