Identifying SCADA vulnerabilities using passive and active vulnerability assessment techniques

Sagar Samtani, Shuo Yu, Hongyi Zhu, Mark Patton, Hsinchun Chen

Research output: Chapter in Book/Report/Conference proceedingConference contribution

18 Scopus citations

Abstract

Critical infrastructure such as power plants, oil refineries, and sewage are at the core of modern society. Supervisory Control and Data Acquisition (SCADA) systems were designed to allow human operators supervise, maintain, and control critical infrastructure. Recent years has seen an increase in connectivity of SCADA systems to the Internet. While this connectivity provides an increased level of convenience, it also increases their susceptibility to cyber-Attacks. Given the potentially severe ramifications of exploiting SCADA systems, the purpose of this study is to utilize passive and active vulnerability assessment techniques to identify the vulnerabilities of Internet enabled SCADA systems. Specifically, we collect a large testbed of SCADA devices from Shodan, a search engine for the IoT, and assess their vulnerabilities with Nessus and against the National Vulnerability Database (NVD). Results of this study indicate that many SCADA systems from major vendors such as Rockwell Automation and Siemens are vulnerable to default credential, man-in-The-middle, and SSH exploit attacks.

Original languageEnglish (US)
Title of host publicationIEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages25-30
Number of pages6
ISBN (Electronic)9781509038657
DOIs
StatePublished - Nov 15 2016
Event14th IEEE International Conference on Intelligence and Security Informatics, ISI 2015 - Tucson, United States
Duration: Sep 28 2016Sep 30 2016

Other

Other14th IEEE International Conference on Intelligence and Security Informatics, ISI 2015
CountryUnited States
CityTucson
Period9/28/169/30/16

Keywords

  • active vulnerability assessment
  • National Vulnerability Database
  • Nessus
  • passive vulnerability assessment
  • SCADA
  • Shodan
  • vulnerability

ASJC Scopus subject areas

  • Information Systems
  • Artificial Intelligence
  • Computer Networks and Communications
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'Identifying SCADA vulnerabilities using passive and active vulnerability assessment techniques'. Together they form a unique fingerprint.

Cite this