Identifying SCADA vulnerabilities using passive and active vulnerability assessment techniques

Sagar Samtani, Shuo Yu, Hongyi Zhu, Mark Patton, Hsinchun Chen

Research output: Chapter in Book/Report/Conference proceedingConference contribution

8 Citations (Scopus)

Abstract

Critical infrastructure such as power plants, oil refineries, and sewage are at the core of modern society. Supervisory Control and Data Acquisition (SCADA) systems were designed to allow human operators supervise, maintain, and control critical infrastructure. Recent years has seen an increase in connectivity of SCADA systems to the Internet. While this connectivity provides an increased level of convenience, it also increases their susceptibility to cyber-Attacks. Given the potentially severe ramifications of exploiting SCADA systems, the purpose of this study is to utilize passive and active vulnerability assessment techniques to identify the vulnerabilities of Internet enabled SCADA systems. Specifically, we collect a large testbed of SCADA devices from Shodan, a search engine for the IoT, and assess their vulnerabilities with Nessus and against the National Vulnerability Database (NVD). Results of this study indicate that many SCADA systems from major vendors such as Rockwell Automation and Siemens are vulnerable to default credential, man-in-The-middle, and SSH exploit attacks.

Original languageEnglish (US)
Title of host publicationIEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages25-30
Number of pages6
ISBN (Electronic)9781509038657
DOIs
StatePublished - Nov 15 2016
Event14th IEEE International Conference on Intelligence and Security Informatics, ISI 2015 - Tucson, United States
Duration: Sep 28 2016Sep 30 2016

Other

Other14th IEEE International Conference on Intelligence and Security Informatics, ISI 2015
CountryUnited States
CityTucson
Period9/28/169/30/16

Fingerprint

SCADA systems
Data acquisition
Critical infrastructures
Internet
Sewage
Search engines
Testbeds
Power plants
Automation
Vulnerability

Keywords

  • active vulnerability assessment
  • National Vulnerability Database
  • Nessus
  • passive vulnerability assessment
  • SCADA
  • Shodan
  • vulnerability

ASJC Scopus subject areas

  • Information Systems
  • Artificial Intelligence
  • Computer Networks and Communications
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Cite this

Samtani, S., Yu, S., Zhu, H., Patton, M., & Chen, H. (2016). Identifying SCADA vulnerabilities using passive and active vulnerability assessment techniques. In IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016 (pp. 25-30). [7745438] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ISI.2016.7745438

Identifying SCADA vulnerabilities using passive and active vulnerability assessment techniques. / Samtani, Sagar; Yu, Shuo; Zhu, Hongyi; Patton, Mark; Chen, Hsinchun.

IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016. Institute of Electrical and Electronics Engineers Inc., 2016. p. 25-30 7745438.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Samtani, S, Yu, S, Zhu, H, Patton, M & Chen, H 2016, Identifying SCADA vulnerabilities using passive and active vulnerability assessment techniques. in IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016., 7745438, Institute of Electrical and Electronics Engineers Inc., pp. 25-30, 14th IEEE International Conference on Intelligence and Security Informatics, ISI 2015, Tucson, United States, 9/28/16. https://doi.org/10.1109/ISI.2016.7745438
Samtani S, Yu S, Zhu H, Patton M, Chen H. Identifying SCADA vulnerabilities using passive and active vulnerability assessment techniques. In IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016. Institute of Electrical and Electronics Engineers Inc. 2016. p. 25-30. 7745438 https://doi.org/10.1109/ISI.2016.7745438
Samtani, Sagar ; Yu, Shuo ; Zhu, Hongyi ; Patton, Mark ; Chen, Hsinchun. / Identifying SCADA vulnerabilities using passive and active vulnerability assessment techniques. IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016. Institute of Electrical and Electronics Engineers Inc., 2016. pp. 25-30
@inproceedings{dc9d8e5bbdfc403ea67a3ba1ab76c6fb,
title = "Identifying SCADA vulnerabilities using passive and active vulnerability assessment techniques",
abstract = "Critical infrastructure such as power plants, oil refineries, and sewage are at the core of modern society. Supervisory Control and Data Acquisition (SCADA) systems were designed to allow human operators supervise, maintain, and control critical infrastructure. Recent years has seen an increase in connectivity of SCADA systems to the Internet. While this connectivity provides an increased level of convenience, it also increases their susceptibility to cyber-Attacks. Given the potentially severe ramifications of exploiting SCADA systems, the purpose of this study is to utilize passive and active vulnerability assessment techniques to identify the vulnerabilities of Internet enabled SCADA systems. Specifically, we collect a large testbed of SCADA devices from Shodan, a search engine for the IoT, and assess their vulnerabilities with Nessus and against the National Vulnerability Database (NVD). Results of this study indicate that many SCADA systems from major vendors such as Rockwell Automation and Siemens are vulnerable to default credential, man-in-The-middle, and SSH exploit attacks.",
keywords = "active vulnerability assessment, National Vulnerability Database, Nessus, passive vulnerability assessment, SCADA, Shodan, vulnerability",
author = "Sagar Samtani and Shuo Yu and Hongyi Zhu and Mark Patton and Hsinchun Chen",
year = "2016",
month = "11",
day = "15",
doi = "10.1109/ISI.2016.7745438",
language = "English (US)",
pages = "25--30",
booktitle = "IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
address = "United States",

}

TY - GEN

T1 - Identifying SCADA vulnerabilities using passive and active vulnerability assessment techniques

AU - Samtani, Sagar

AU - Yu, Shuo

AU - Zhu, Hongyi

AU - Patton, Mark

AU - Chen, Hsinchun

PY - 2016/11/15

Y1 - 2016/11/15

N2 - Critical infrastructure such as power plants, oil refineries, and sewage are at the core of modern society. Supervisory Control and Data Acquisition (SCADA) systems were designed to allow human operators supervise, maintain, and control critical infrastructure. Recent years has seen an increase in connectivity of SCADA systems to the Internet. While this connectivity provides an increased level of convenience, it also increases their susceptibility to cyber-Attacks. Given the potentially severe ramifications of exploiting SCADA systems, the purpose of this study is to utilize passive and active vulnerability assessment techniques to identify the vulnerabilities of Internet enabled SCADA systems. Specifically, we collect a large testbed of SCADA devices from Shodan, a search engine for the IoT, and assess their vulnerabilities with Nessus and against the National Vulnerability Database (NVD). Results of this study indicate that many SCADA systems from major vendors such as Rockwell Automation and Siemens are vulnerable to default credential, man-in-The-middle, and SSH exploit attacks.

AB - Critical infrastructure such as power plants, oil refineries, and sewage are at the core of modern society. Supervisory Control and Data Acquisition (SCADA) systems were designed to allow human operators supervise, maintain, and control critical infrastructure. Recent years has seen an increase in connectivity of SCADA systems to the Internet. While this connectivity provides an increased level of convenience, it also increases their susceptibility to cyber-Attacks. Given the potentially severe ramifications of exploiting SCADA systems, the purpose of this study is to utilize passive and active vulnerability assessment techniques to identify the vulnerabilities of Internet enabled SCADA systems. Specifically, we collect a large testbed of SCADA devices from Shodan, a search engine for the IoT, and assess their vulnerabilities with Nessus and against the National Vulnerability Database (NVD). Results of this study indicate that many SCADA systems from major vendors such as Rockwell Automation and Siemens are vulnerable to default credential, man-in-The-middle, and SSH exploit attacks.

KW - active vulnerability assessment

KW - National Vulnerability Database

KW - Nessus

KW - passive vulnerability assessment

KW - SCADA

KW - Shodan

KW - vulnerability

UR - http://www.scopus.com/inward/record.url?scp=85003864759&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85003864759&partnerID=8YFLogxK

U2 - 10.1109/ISI.2016.7745438

DO - 10.1109/ISI.2016.7745438

M3 - Conference contribution

AN - SCOPUS:85003864759

SP - 25

EP - 30

BT - IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016

PB - Institute of Electrical and Electronics Engineers Inc.

ER -