TY - GEN
T1 - Benchmarking vulnerability assessment tools for enhanced cyber-physical system (CPS) Resiliency
AU - McMahon, Emma
AU - Patton, Mark
AU - Samtani, Sagar
AU - Chen, Hsinchun
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2018/12/24
Y1 - 2018/12/24
N2 - Cyber-Physical Systems (CPSs) are engineered systems seamlessly integrating computational algorithms and physical components. CPS advances offer numerous benefits to domains such as health, transportation, smart homes and manufacturing. Despite these advances, the overall cybersecurity posture of CPS devices remains unclear. In this paper, we provide knowledge on how to improve CPS resiliency by evaluating and comparing the accuracy, and scalability of two popular vulnerability assessment tools, Nessus and OpenVAS. Accuracy and suitability are evaluated with a diverse sample of pre-defined vulnerabilities in Industrial Control Systems (ICS), smart cars, smart home devices, and a smart water system. Scalability is evaluated using a large-scale vulnerability assessment of 1,000 Internet accessible CPS devices found on Shodan, the search engine for the Internet of Things (IoT). Assessment results indicate several CPS devices from major vendors suffer from critical vulnerabilities such as unsupported operating systems, OpenSSH vulnerabilities allowing unauthorized information disclosure, and PHP vulnerabilities susceptible to denial of service attacks.
AB - Cyber-Physical Systems (CPSs) are engineered systems seamlessly integrating computational algorithms and physical components. CPS advances offer numerous benefits to domains such as health, transportation, smart homes and manufacturing. Despite these advances, the overall cybersecurity posture of CPS devices remains unclear. In this paper, we provide knowledge on how to improve CPS resiliency by evaluating and comparing the accuracy, and scalability of two popular vulnerability assessment tools, Nessus and OpenVAS. Accuracy and suitability are evaluated with a diverse sample of pre-defined vulnerabilities in Industrial Control Systems (ICS), smart cars, smart home devices, and a smart water system. Scalability is evaluated using a large-scale vulnerability assessment of 1,000 Internet accessible CPS devices found on Shodan, the search engine for the Internet of Things (IoT). Assessment results indicate several CPS devices from major vendors suffer from critical vulnerabilities such as unsupported operating systems, OpenSSH vulnerabilities allowing unauthorized information disclosure, and PHP vulnerabilities susceptible to denial of service attacks.
KW - Cybersecurity
UR - http://www.scopus.com/inward/record.url?scp=85061051171&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85061051171&partnerID=8YFLogxK
U2 - 10.1109/ISI.2018.8587353
DO - 10.1109/ISI.2018.8587353
M3 - Conference contribution
AN - SCOPUS:85061051171
T3 - 2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018
SP - 100
EP - 105
BT - 2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018
A2 - Lee, Dongwon
A2 - Mezzour, Ghita
A2 - Kumaraguru, Ponnurangam
A2 - Saxena, Nitesh
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 16th IEEE International Conference on Intelligence and Security Informatics, ISI 2018
Y2 - 9 November 2018 through 11 November 2018
ER -