Open AccessSimaticScan: Towards A Specialised Vulnerability Scanner for Industrial Control Systems
Author(s) -
Rob Antrobus,
Sylvain Frey,
Benjamin Green,
Awais Rashid
Publication year - 2016
Publication title -
electronic workshops in computing
Language(s) - English
Resource type - Conference proceedings
ISSN - 1477-9358
DOI - 10.14236/ewic/ics2016.2
Subject(s) - testbed , vulnerability (computing) , computer science , industrial control system , programmable logic controller , vulnerability management , simatic s5 plc , the internet , plug in , computer security , siemens , vulnerability assessment , embedded system , control (management) , engineering , operating system , computer network , artificial intelligence , psychology , psychological resilience , electrical engineering , psychotherapist
Over the years, modern Industrial Control Systems (ICS) have become widely computerised and connected via the Internet and are, therefore, potentially vulnerable to cyber attacks. Currently there is a lack of vulnerability scanners specialised to ICS settings. Systems such as PLCScan and ModScan output pertinent information from a Programmable Logic Controller (PLC). However, they do not offer any information as to how vulnerable a PLC is to an attack. In this paper, we address these limitations and propose SimaticScan, a vulnerability acanner specialised to Siemens SIMATIC PLCs. Through experimentation in a comprehensive water treatment testbed, we demonstrate SimaticScan's effectiveness in determining a range of vulnerabilities across three distinct PLCs, including a previously unknown vulnerability in one of the PLCs. Our experiments also show that SimaticScan outperforms the widely used Nessus vulnerability scanner (with relevant ICS-specific plugins deployed).
Accelerating Research
Robert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom
Address
John Eccles HouseRobert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom