TY - GEN
T1 - Identifying SCADA vulnerabilities using passive and active vulnerability assessment techniques
AU - Samtani, Sagar
AU - Yu, Shuo
AU - Zhu, Hongyi
AU - Patton, Mark
AU - Chen, Hsinchun
N1 - Publisher Copyright:
© 2016 IEEE.
PY - 2016/11/15
Y1 - 2016/11/15
N2 - Critical infrastructure such as power plants, oil refineries, and sewage are at the core of modern society. Supervisory Control and Data Acquisition (SCADA) systems were designed to allow human operators supervise, maintain, and control critical infrastructure. Recent years has seen an increase in connectivity of SCADA systems to the Internet. While this connectivity provides an increased level of convenience, it also increases their susceptibility to cyber-Attacks. Given the potentially severe ramifications of exploiting SCADA systems, the purpose of this study is to utilize passive and active vulnerability assessment techniques to identify the vulnerabilities of Internet enabled SCADA systems. Specifically, we collect a large testbed of SCADA devices from Shodan, a search engine for the IoT, and assess their vulnerabilities with Nessus and against the National Vulnerability Database (NVD). Results of this study indicate that many SCADA systems from major vendors such as Rockwell Automation and Siemens are vulnerable to default credential, man-in-The-middle, and SSH exploit attacks.
AB - Critical infrastructure such as power plants, oil refineries, and sewage are at the core of modern society. Supervisory Control and Data Acquisition (SCADA) systems were designed to allow human operators supervise, maintain, and control critical infrastructure. Recent years has seen an increase in connectivity of SCADA systems to the Internet. While this connectivity provides an increased level of convenience, it also increases their susceptibility to cyber-Attacks. Given the potentially severe ramifications of exploiting SCADA systems, the purpose of this study is to utilize passive and active vulnerability assessment techniques to identify the vulnerabilities of Internet enabled SCADA systems. Specifically, we collect a large testbed of SCADA devices from Shodan, a search engine for the IoT, and assess their vulnerabilities with Nessus and against the National Vulnerability Database (NVD). Results of this study indicate that many SCADA systems from major vendors such as Rockwell Automation and Siemens are vulnerable to default credential, man-in-The-middle, and SSH exploit attacks.
KW - National Vulnerability Database
KW - Nessus
KW - SCADA
KW - Shodan
KW - active vulnerability assessment
KW - passive vulnerability assessment
KW - vulnerability
UR - http://www.scopus.com/inward/record.url?scp=85003864759&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85003864759&partnerID=8YFLogxK
U2 - 10.1109/ISI.2016.7745438
DO - 10.1109/ISI.2016.7745438
M3 - Conference contribution
AN - SCOPUS:85003864759
T3 - IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016
SP - 25
EP - 30
BT - IEEE International Conference on Intelligence and Security Informatics
A2 - Mao, Wenji
A2 - Wang, G. Alan
A2 - Zhou, Lina
A2 - Kaati, Lisa
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 14th IEEE International Conference on Intelligence and Security Informatics, ISI 2015
Y2 - 28 September 2016 through 30 September 2016
ER -