Exploiting SCADA vulnerabilities using a Human Interface Device
نویسندگان
چکیده
SCADA (Supervisory Control and Data Acquisition) systems are used to control and monitor critical national infrastructure functions like electricity, gas, water and railways. Field devices such as PLC’s (Programmable Logic Controllers) are one of the most critical components of a control system. Cyber-attacks usually target valuable infrastructures assets, taking advantage of architectural/technical vulnerabilities or even weaknesses in the defense systems. Even though novel intrusion detection systems are being implemented and used for defending cyber-attacks, certain vulnerabilities of SCADA systems can still be exploited. In this article we present an attack scenario based on a Human Interface Device (HID) device which is used as a means of communication/exploitation tool to compromise SCADA systems. The attack, which is a normal series of commands that are sent from the HID to the PLC cannot be detected through current intrusion detection mechanisms. Finaly we provide possible counter measures and defense mechanisms against this kind of cyber attacks.
منابع مشابه
Insecure by Design: Using Human Interface Devices to exploit SCADA systems
Modern Supervisory Control and Data Acquisition (SCADA) systems which are used by the electric utility industry to monitor and control electric power generation, transmission and distribution, are recognized today as critical components of the electric power delivery infrastructure. SCADA systems are large, complex and incorporate increasingly large numbers of widely distributed components. Cyb...
متن کاملUtilization of different Encryption Schemes for Securing SCADA Component Communication
This dissertation is a study on the comparison of different Encryption Schemes for Securing SCADA Component Communication. SCADA Communication is a core component of a SCADA Monitoring System. SCADA (Supervisory Control and Data Acquisition) communication can take place in a number of ways. Early SCADA communication took place over radio, modem, or dedicated serial lines. Today, it is much more...
متن کاملDesign on SCADA Test-bed and Security Device
Most of the national critical key infrastructure, such as power, piped gas and water supply facilities, or the high-speed railroad, is run on the SCADA (Supervisory Control and Data Acquisition) system. Recently, concerns have been raised about the possibility of these facilities being attacked by cyber terrorists, hacking, or viruses. Thus, it is time to adopt the relevant security management ...
متن کاملVirtual SCADA Systems for Cyber Security
This paper describes a pair of virtual Supervisory Control and Data Acquisition (SCADA) systems. These virtual simulations were built using virtual devices that simulate industrial processes, emulate control system ladder logic functionality, utilize control system communication protocols, and implement industrial Human Machine Interfaces (HMI). The first of these focuses on a comprehensive vir...
متن کاملAdapting Bro into SCADA: Building Specification-based Intrusion Detection System for DNP3 Protocol
Modern SCADA systems are increasingly adopting Internet technology to control industry processes. With their security vulnerabilities exposed to public networks, an attacker is able to penetrate into these control systems to put remote facilities in danger. To detect such attacks, SCADA systems require an intrusion detection technique that can monitor network traffic based on proprietary networ...
متن کامل