Scada Malware, a Proof of Concept

  • Andrea Carcano
  • Igor Nai Fovino
  • Marcelo Masera
  • Alberto Trombetta
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5508)

Abstract

Critical Infrastructures are nowadays exposed to new kind of threats. The cause of such threats is related to the large number of new vulnerabilities and architectural weaknesses introduced by the extensive use of ICT and Network technologies into such complex critical systems. Of particular interest are the set of vulnerabilities related to the class of communication protocols normally known as “SCADA” protocols, under which fall all the communication protocols used to remotely control the RTU devices of an industrial system. In this paper we present a proof of concept of the potential effects of a set of computer malware specifically designed and created in order to impact, by taking advantage of some vulnerabilities of the ModBUS protocol, on a typical Supervisory Control and Data Acquisition system.

Keywords

Security SCADA Systems Critical infrastructures Malware 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Dondossola, G., Masera, M., Nai Fovino, I., Szanto, J.: Effects of intentional threats to power substation control systems. International Journal of Critical Infrastructure (IJCIS) 4(1/2) (2008)Google Scholar
  2. 2.
    Nai Fovino, I., Masera, M., Leszczyna, R.: ICT Security Assessment of a Power Plant, a Case Study. In: Proceeding of the Second Annual IFIP Working Group 11.10 International Conference on Critical Infrastructure Protection, George Manson University, Arlington, USA (March 2008)Google Scholar
  3. 3.
    Huitsing, P., Chandia, R., Papa, M., Shenoi, S.: Attack Taxonomies for the Modbus Serial and TCP Protocols. In: Proceeding of the Second Annual IFIP Working Group 11.10 International Conference on Critical Infrastructure Protection, George Manson University, Arlington, USA (March 2008)Google Scholar
  4. 4.
    Creery, A., Byres, E.: Industrial Cybersecurity for power system and SCADA networks. IEE Industry Apllication Magazine (July-August 2007)Google Scholar
  5. 5.
    Chandia, R., Gonzalez, J., Kilpatrick, T., Papa, M., Shenoi, S.: Security Strategies for Scada Networks. In: Proceeding of the First Annual IFIP Working Group 11.10 International Conference on Critical Infrastructure Protection, Dartmouth College, Hanover, New Hampshire, USA, March 19-21 (2007)Google Scholar
  6. 6.
    Majdalawieh, M., Parisi-Presicce, F., Wijesekera, D.: Distributed Network Protocol Security (DNPSec) security framework. In: Proceedings of the 21st Annual Computer Security Applications Conference, Tucson, Arizona, December 5-9 (2005)Google Scholar
  7. 7.
    Hong, J.H.C.S., Ho Ju, S., Lim, Y.H., Lee, B.S., Hyun, D.H.: A Security Mechanism for Automation Control in PLC-based Networks. In: Proceedings of the ISPLC 2007. IEEE International Symposium on Power Line Communications and Its Applications, Pisa, Italy, March 26-28, pp. 466–470 (2007)Google Scholar
  8. 8.
    Mander, T., Nabhani, F., Wang, L., Cheung, R.: Data Object Based Security for DNP3 Over TCP/IP for Increased Utility Commercial Aspects Security. In: Proceedings of the Power Engineering Society General Meeting, Tampa, FL, USA, June 24-28, pp. 1–8. IEEE, Los Alamitos (2007)Google Scholar
  9. 9.
    Jones, A., Ashenden, D.: Risk Management for Computer Security: Protecting Your Network & Information Assets. Elsevier, Amsterdam (2005)Google Scholar
  10. 10.
    Alhazmi, O., Malaiya, Y., Ray, I.: Security Vulnerabilities in Software Systems: A Quantitative Perspective. In: Jajodia, S., Wijesekera, D. (eds.) Data and Applications Security 2005. LNCS, vol. 3654, pp. 281–294. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Bishop, M.: Computer Security Art and Science. Addison Wesley, Reading (2004)Google Scholar
  12. 12.
  13. 13.
    Leszczyna, R., Nai Fovino, I., Masera, M.: MAlSim. Mobile Agent Malware Simulator. In: Proceeding of the First International Conference on Simulation Tools and Techniques for Communications, Networks and Systems, Marseille (2008)Google Scholar
  14. 14.
    Leszczyna, R., Nai Fovino, I., Masera, M.: Simulating Malware with MAlSim. In: Proceeding of the 17th EICAR Annual Conference 2008, Laval, France (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Andrea Carcano
    • 1
  • Igor Nai Fovino
    • 1
  • Marcelo Masera
    • 1
  • Alberto Trombetta
    • 2
  1. 1.Institute for the Protection and the Security of the CitizenJoint Research Centre, European CommissionIspraItaly
  2. 2.Department of Computer ScienceUniversity of InsubriaVareseItaly

Personalised recommendations