Abstract

Supervisory Control and Data Acquisition (SCADA) systems and Industrial Control Systems (ICSs) have controlled the regulation and management of Critical National Infrastructure environments for decades. With the demand for remote facilities to be controlled and monitored, industries have continued to adopt Internet technology into their ICS and SCADA systems so that their enterprise can span across international borders in order to meet the demand of modern living. Although this is a necessity, it could prove to be potentially dangerous. The devices that make up ICS and SCADA systems have bespoke purposes and are often inherently vulnerable and difficult to merge with newer technologies. The focus of this article is to explore, test, and critically analyse the use of network scanning tools against bespoke SCADA equipment in order to identify the issues with conducting asset discovery or service detection on SCADA systems with the same tools used on conventional IP networks. The observations and results of the experiments conducted are helpful in evaluating their feasibility and whether they have a negative impact on how they operate. This in turn helps deduce whether network scanners open a new set of vulnerabilities unique to SCADA systems.

Highlights

  • ICS and Supervisory Control and Data Acquisition (SCADA) systems are an integral aspect of the modern industrial environment and the Critical National Infrastructure (CNI)

  • As a result of the experiments conducted against the virtual Internet Protocol (IP) network, as well as the data provided through the use of packet captures taken throughout both the active and passive experimentation, the following conclusions can be made with reference to the future experiments to be performed on a SCADA network

  • Running a series of different asset discovery and service detection scans using Nmap revealed a number of facts to take into consideration when discussing using scanners on SCADA systems, the first being that Nmap utilises the TCP protocol in a variety of different ways in order to gain different amounts of information from the target networks

Read more

Summary

Introduction

ICS and SCADA systems are an integral aspect of the modern industrial environment and the Critical National Infrastructure (CNI). As Internet technologies became ever more integrated into modern society, and as corporations began to grow exponentially around the globe, the demand for remote auditing and control of industrial systems increased This resulted in the merging of Internet Protocol (IP) and SCADA/ICS technologies, which in turn exposed the older field devices to a new set of attack vectors, leading to unprecedented vulnerabilities when integrated with IP [1]. In an age where threats from the cyberdomain are ever evolving, the tools used to perform security audits and penetration tests against IP systems are subsequently being used on the older SCADA/ICS networks These tools, without the correct configuration, could cause substantial damage to the SCADA devices connected to a business’s infrastructure, rather than helping to protect and audit them [2]

Objectives
Methods
Results
Conclusion
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call