Abstract

Industrial automation and control systems (IACS) play a key role in modern production facilities. On the one hand, they provide real-time functionality to the connected field devices. On the other hand, they get more and more connected to local networks and the internet in order to facilitate use cases promoted by “Industry 4.0”. This makes IACS susceptible to cyber-attacks which exploit vulnerabilities, for example in order to interrupt the automation process. Security testing targets at discovering those vulnerabilities before they are exploited. In order to enable IACS manufacturers and integrators to perform security testing for their devices, we present ISuTest, a modular security testing framework for IACS. ISuTest is designed to be extendable regarding all kinds of automation protocols, different connection paths as well as evaluating arbitrary outputs of the tested devices. This paper describes the fundamental ideas behind ISuTest, its design and a basic evaluation in which the ISuTest framework was able to discover a vulnerability in a programmable logic controller (PLC). The paper concludes with a broad overview of the planned future work.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.