Characterization of Cyberattacks Aimed at Integrated Industrial Control and Enterprise Systems: A Case Study

Raymond C. Borges Hink, Katerina Goseva-Popstojanova

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

16 Scopus citations

Abstract

Industrial control system (ICS) security has been a topic of research for several years now and the growing interconnectedness with enterprise systems (ES) is exacerbating the existing issues. Research efforts, however, are impeded by the lack of data that integrate both types of systems. This paper presents an empirical analysis of malicious activities aimed at integrated ICS and ES environment using the dataset created and released by the SANS Institute. The contributions of our work include classification of the observed malicious activities according to several criteria, such as the number of steps (i.e., single-step vs. multi-step), targeted technology (i.e., ICS, ES or both), types of cyber-probes and cyberattacks (e.g., port scan, vulnerability scan, information disclosure, code injection, and SQL injection), and protocols used. In addition, we quantified the severity of the attacks' impact on systems. The main empirical findings include: (1) More sophisticated multi-step attacks which leveraged multiple vulnerabilities had higher success rate and led to more severe consequences than single-step attacks, (2) Most malicious cyber activities targeted the embedded servers running on ICS devices rather than the ICS protocols. Specifically, cyber activities based only on ICS protocols accounted for a mere 2% of the total malicious traffic. We conclude the paper with a description of a sample of cybersecurity controls that could have prevented or weakened most of the observed attacks.

Original languageEnglish
Title of host publicationProceedings - 17th IEEE International Symposium on High Assurance Systems Engineering, HASE 2016
EditorsRadu Babiceanu, Helene Waeselynck, Jie Xu, Raymond A. Paul, Bojan Cukic
PublisherIEEE Computer Society
Pages149-156
Number of pages8
ISBN (Electronic)9781467399128
DOIs
StatePublished - Mar 1 2016
Externally publishedYes
Event17th IEEE International Symposium on High Assurance Systems Engineering, HASE 2016 - Orlando, United States
Duration: Jan 7 2016Jan 9 2016

Publication series

NameProceedings of IEEE International Symposium on High Assurance Systems Engineering
Volume2016-March
ISSN (Print)1530-2059

Conference

Conference17th IEEE International Symposium on High Assurance Systems Engineering, HASE 2016
Country/TerritoryUnited States
CityOrlando
Period01/7/1601/9/16

Keywords

  • Attack characterization
  • Enterprise system security
  • Industrial control system security
  • SCADA testbed
  • Severity

Fingerprint

Dive into the research topics of 'Characterization of Cyberattacks Aimed at Integrated Industrial Control and Enterprise Systems: A Case Study'. Together they form a unique fingerprint.

Cite this