Dr. Gargi Mita, working on the ICS Security project under the guidance of Dr. Karthik Pattabiraman and Dr. Aastha Mehta, presented her research on the increasing integration of Operational Technology (OT) networks of industrial control systems (ICS) with the public Internet. This integration has exposed critical OT communications to remote adversaries. Her preliminary research led to the development of ICS-Sniper, the first targeted blackhole attack on Internet-connected OT networks using encrypted traffic analysis. This attack can disrupt operations without penetrating the ICS, bypassing advanced detection systems, and was tested on a simulated water treatment plant. The research aims to develop robust countermeasures to address emerging security risks in modern OT networks, thereby reducing financial losses and operational downtimes caused by cyberattacks.
The increasing integration of Operational Technology (OT) networks of industrial control systems (ICS) with the public Internet has exposed critical OT communications (including those in Canadian industries) to remote adversaries. Our preliminary research led to the development of ICS-Sniper, the first known targeted blackhole attack on Internet-connected OT networks using encrypted traffic analysis. This attack demonstrates how remote adversaries can disrupt operations without penetrating the ICS, evading advanced detection systems. This attack showcases how remote adversaries can disrupt operations without infiltrating the ICS while bypassing state-of-the-art detectors. The attack was demonstrated on an in-house testbed simulating a multi-stage distributed water treatment plant, equipped with state-of-the-art security measures. Building on these findings, we propose to expand our investigation of this new threat and build defense strategies for ICSes. On the offensive front, we will explore ICS-Sniper's adaptability and scalability across diverse OT network configurations and communication protocols. On the defensive front, we will develop robust countermeasures against ICS-Sniper, incorporating attack detection and mitigation techniques, while adhering to the operational constraints of both legacy and future ICSes. Additionally, we will build a configurable physical testbed to evaluate these offensive and defensive strategies. In summary, this research will provide tools to investigate and address emerging security risks in modern OT networks, which will help to reduce financial losses and operational downtimes caused by cyberattacks.
Picture this: waking up to a frosty winter morning to find yourself amidst a power outage. As you groggily walk to the kitchen and open the tap to get a glass of water, you are shocked to find it running dry. Amidst this chaos, your only hope is that long-awaited vacation you are about to embark on in a few hours. And just as you are about to leave the house, your excitement is shattered by an abrupt text from the airline company, informing you that your flight has been canceled due to operational disruptions. As dramatic as this may sound, these are not just hypothetical nightmares – civilians in many developed nations are now familiar with these scenarios, courtesy of cyberattackers ranging from novice hackers to sophisticated state-sponsored adversaries.
Critical infrastructure, especially Industrial Control Systems (ICSes), such as power generation, water treatment, chemical processing, and manufacturing plants have remained lucrative targets for adversaries for decades. Despite the persistent nature of this problem, security experts continue to struggle to design the perfect ICS security solution. Kaspersky, a leading cybersecurity company, points out that the number of ICS security vulnerabilities has significantly spiked in the last decade and is expected to keep growing. One of the main reasons for this is that modern ICSes are becoming increasingly connected to the Internet. In this article, we highlight some of these emerging security vulnerabilities. We describe a new attack technique called ICS-Sniper, which takes advantage of these vulnerabilities, and motivates the need to re-assess ICS security strategies.
Session 2
Modern ICSes and the need for re-assessing security strategies
ICSes typically comprise an information technology (IT) network for performing business activities and an operational technology (OT) network to connect critical infrastructure components. Traditionally, the IT network was connected to the Internet, while the OT network remained isolated. However, with the rise of Industry 4.0 and the Purdue 2.0 architecture, modern ICSes now connect their OT networks to the Internet for distributed operations and remote debugging (see Figure 1). The Internet-connected OT components include IIoT[1] devices and PLCs[2] capable of communicating over the Internet. Several Canadian industries have adopted this architecture, including the Toronto Water Treatment plant, Halifax Water, and Everworks Inc.
Unfortunately, the Purdue 2.0 model has increased the exposure of the critical OT components to adversaries on the Internet. Over the past three years, Canada experienced 12 major cyberattacks targeting OT operations in various sectors, including water treatment, airlines, mining, border checkpoints, defense, and food industries. These attacks caused confidentiality breaches and service disruption, with impacts ranging from operational inconvenience to financial losses exceeding 23M CAD.
[1] Industrial Internet of Things
[2] Programmable Logic Controllers
Running a holiday sale or weekly special? Definitely promote it here to get customers excited about getting a sweet deal.
Have you opened a new location, redesigned your shop, or added a new product or service? Don't keep it to yourself, let folks know.
Customers have questions, you have answers. Display the most frequently asked questions, so everybody benefits.
Copyright © 2024 Royal City Process Control Labs Ltd. - All Rights Reserved.
Powered by GoDaddy
We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.