Abstract
For operational technology (OT) systems, security has been given an high priority in recent years after specific cyber-incidents targeting them. Earlier, these systems were focused mainly on reliability, and at present, security is also considered as an important factor to avoid production damage and financial losses. To improve the security in industrial systems, it is necessary to understand the flaws and provide countermeasures. In this paper, we focus on the cyber-incidents reported in Common Vulnerability Exposure (CVE) database on OT sub-systems like smart grids, Supervisory Control and Data Acquisition (SCADA) systems, embedded devices, and Programmable Logic Controllers (PLCs). We summarize the possible attacks on each of these sub-systems to gain broader insight of vulnerabilities present in them and use CVE database to enumerate trends.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abbasi A (2016) Ghost in the PLC: designing an undetectable programmable logic controller rootkit via pin control attack. University of Twente Research Information, pp 1–35 (2016)
Aguayo Gonzalez C, Hinton A (2014) Detecting malicious software execution in programmable logic controllers using power fingerprinting. Tech. Rep. (2014)
Aloul F, Al-Ali AR, Al-Dalky R, Al-Mardini M, El-Hajj W (2012) Smart grid security: threats, vulnerabilities and solutions. Int J Smart Grid Clean Energy
Amini S, Pasqualetti F, Mohsenian-Rad H (2018) Dynamic load altering attacks against power system stability: attack models and protection schemes. IEEE Trans Smart Grid 9(4):2862–2872
Analysis of the cyber attack on the Ukrainian power grid (2016)
Bond M, Anderson R (2001) API-level attacks on embedded systems. Computer 34(10):67–75
Cardenas AA, Roosta T, Sastry S (2009) Rethinking security properties, threat models, and the design space in sensor networks: a case study in SCADA systems. Ad Hoc Netw 7(8):1434–1447
Cheung S, Dutertre B, Fong M, Lindqvist U, Skinner K, Valdes A (2006) Using model-based intrusion detection for SCADA networks, pp 209–237 (2006)
Cui A, Costello M, Stolfo S (2013) When firmware modifications attack: a case study of embedded exploitation
Cyber Security for Industrial Automation and Control Systems (IACS) Edition 2 Open Government status Open
Czechowski R (2016) Security policy and good practice for implementation of smart grid solutions. Przegląd Elektrotechniczny 92(3):177–181
Francillon A, Perito D, Castelluccia C (2009) Defending embedded systems against control flow attacks
Giani A, Karsai G, Roosta T, Shah A, Sinopoli B, Wiley J (2008) A testbed for secure and robust SCADA systems. ACM SIGBED Rev 5(2):1–4
Hahn A, Govindarasu M (2011) Cyber attack exposure evaluation framework for the smart grid. IEEE Trans Smart Grid 2(4):835–843
Hemsley KE, Fisher E et al (2018) History of industrial control system cyber incidents. Tech. rep., Idaho National Lab. (INL), Idaho Falls, ID (United States)
Hou Jb, Li T, Chang C (2017) Research for vulnerability detection of embedded system firmware. Procedia Comput Sci 107:814–818
Jin D, Nicol DM, Yan G (2011) An event buffer flooding attack in DNP3 controlled SCADA systems
Kang DJ, Lee JJ, Kim SJ, Park JH (2009) Analysis on cyber threats to SCADA systems. In: 2009 transmission & distribution conference & exposition: Asia and Pacific
Kocher P, Lee R, McGraw G, Raghunathan A (2004) Security as a new dimension in embedded system design. In: Proceedings of the 41st annual design automation conference, pp 753–760
Liang G, Zhao J, Luo F, Weller SR, Dong ZY (2017) A review of false data injection attacks against modern power systems. IEEE Trans Smart Grid 8(4):1630–1638
Mallouhi M, Al-Nashif Y, Cox D, Chadaga T, Hariri S (2011) A testbed for analyzing security of SCADA control systems (TASSCS). In: ISGT 2011
Manandhar K, Cao X, Hu F, Liu Y (2014) Detection of faults and attacks including false data injection attack in smart grid using Kalman filter. IEEE Trans Control Netw Syst 1(4):370–379
McLaughlin S (2011) On dynamic malware payloads aimed at programmable logic controllers. In: Proceedings of the 6th USENIX conference on hot topics in security, p 10
Metke AR, Ekl R (2010) Security technology for smart grid networks. IEEE Trans Smart Grid 1(1):99–107
Miller C (2011) Battery firmware hacking. Black Hat USA, pp 3–4
Mohsenian-Rad AH, Leon-Garcia A (2011) Distributed internet-based load altering attacks against smart power grids. IEEE Trans Smart Grid 2(4):667–674
Morris TH, Gao W (2013) Industrial control system cyber attacks. In: 1st international symposium for ICS & SCADA cyber security research 2013 (ICS-CSR 2013), vol 1, pp 22–29
Nai Fovino I, Carcano A, Masera M, Trombetta A (2009) An experimental investigation of malware attacks on SCADA systems. Int J Critical Infrastruct Protect 2(4):139–145. https://www.sciencedirect.com/science/article/pii/S1874548209000419
Papp D, Ma Z, Buttyan L (2015) Embedded systems security: threats, vulnerabilities, and attack taxonomy. In: 2015 13th annual conference on privacy, security and trust (PST), pp 145–152. IEEE
Sandaruwan GPH, Ranaweera PS, Oleshchuk VA (2013) PLC security and critical infrastructure protection. In: 2013 IEEE 8th international conference on industrial and information systems
Ten CW, Liu CC, Manimaran G (2008) Vulnerability assessment of cybersecurity for SCADA systems. IEEE Trans Power Syst 23(4):1836–1846
Yan Y, Qian Y, Sharif H, Tipper D (2012) A survey on cyber security for smart grid communications. IEEE Commun Surv Tutor 14(4):998–1010
Yuan Y, Li Z, Ren K (2011) Modeling load redistribution attacks in power systems. IEEE Trans Smart Grid 2(2):382–390
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Ravindrababu, S.G., Alves-Foss, J. (2023). Analysis of Vulnerability Trends and Attacks in OT Systems. In: Yang, XS., Sherratt, S., Dey, N., Joshi, A. (eds) Proceedings of Seventh International Congress on Information and Communication Technology. Lecture Notes in Networks and Systems, vol 448. Springer, Singapore. https://doi.org/10.1007/978-981-19-1610-6_12
Download citation
DOI: https://doi.org/10.1007/978-981-19-1610-6_12
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-1609-0
Online ISBN: 978-981-19-1610-6
eBook Packages: EngineeringEngineering (R0)