Open AccessInsecure by Design: Using Human Interface Devices to exploit SCADA systems
Author(s) -
Grigoris Tzokatziou,
Λέανδρος Μαγλαράς,
Helge Janicke
Publication year - 2015
Publication title -
electronic workshops in computing
Language(s) - English
Resource type - Conference proceedings
ISSN - 1477-9358
DOI - 10.14236/ewic/ics2015.13
Subject(s) - scada , exploit , intrusion detection system , computer science , computer security , critical infrastructure , cyber attack , embedded system , interface (matter) , electric power system , industrial control system , supervisory control , engineering , control (management) , power (physics) , operating system , electrical engineering , physics , bubble , quantum mechanics , maximum bubble pressure method , artificial intelligence
Modern Supervisory Control and Data Acquisition (SCADA) systems which are used by the electric utility industry to monitor and control electric power generation, transmission and distribution, are recognized today as critical components of the electric power delivery infrastructure. SCADA systems are large, complex and incorporate increasingly large numbers of widely distributed components. Cyber-attacks usually target valuable infrastructures assets, taking advantage of architectural/technical vulnerabilities or even weaknesses in the defense systems. Even though novel intrusion detection systems are being implemented and used for defending cyber-attacks certain vulnerabilities of SCADA systems can still be exploited. In this article we present an attack scenario based on a Human Interface Device (HID) device which is used as a means of communication/exploitation tool to compromise SCADA systems. The attack, which is a normal series of commands that are sent from the HID to the PLC cannot be detected through current intrusion detection mechanisms.
Accelerating Research
Robert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom
Address
John Eccles HouseRobert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom