Skip to main content
SpringerLink
Log in

Analysis of Vulnerability Trends and Attacks in OT Systems

  • Conference paper
  • First Online:
Proceedings of Seventh International Congress on Information and Communication Technology

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 448))

  • 519 Accesses

Abstract

For operational technology (OT) systems, security has been given an high priority in recent years after specific cyber-incidents targeting them. Earlier, these systems were focused mainly on reliability, and at present, security is also considered as an important factor to avoid production damage and financial losses. To improve the security in industrial systems, it is necessary to understand the flaws and provide countermeasures. In this paper, we focus on the cyber-incidents reported in Common Vulnerability Exposure (CVE) database on OT sub-systems like smart grids, Supervisory Control and Data Acquisition (SCADA) systems, embedded devices, and Programmable Logic Controllers (PLCs). We summarize the possible attacks on each of these sub-systems to gain broader insight of vulnerabilities present in them and use CVE database to enumerate trends.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 259.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 329.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Abbasi A (2016) Ghost in the PLC: designing an undetectable programmable logic controller rootkit via pin control attack. University of Twente Research Information, pp 1–35 (2016)

    Google Scholar 

  2. Aguayo Gonzalez C, Hinton A (2014) Detecting malicious software execution in programmable logic controllers using power fingerprinting. Tech. Rep. (2014)

    Google Scholar 

  3. Aloul F, Al-Ali AR, Al-Dalky R, Al-Mardini M, El-Hajj W (2012) Smart grid security: threats, vulnerabilities and solutions. Int J Smart Grid Clean Energy

    Google Scholar 

  4. Amini S, Pasqualetti F, Mohsenian-Rad H (2018) Dynamic load altering attacks against power system stability: attack models and protection schemes. IEEE Trans Smart Grid 9(4):2862–2872

    Article  Google Scholar 

  5. Analysis of the cyber attack on the Ukrainian power grid (2016)

    Google Scholar 

  6. Bond M, Anderson R (2001) API-level attacks on embedded systems. Computer 34(10):67–75

    Article  Google Scholar 

  7. Cardenas AA, Roosta T, Sastry S (2009) Rethinking security properties, threat models, and the design space in sensor networks: a case study in SCADA systems. Ad Hoc Netw 7(8):1434–1447

    Article  Google Scholar 

  8. Cheung S, Dutertre B, Fong M, Lindqvist U, Skinner K, Valdes A (2006) Using model-based intrusion detection for SCADA networks, pp 209–237 (2006)

    Google Scholar 

  9. Cui A, Costello M, Stolfo S (2013) When firmware modifications attack: a case study of embedded exploitation

    Google Scholar 

  10. Cyber Security for Industrial Automation and Control Systems (IACS) Edition 2 Open Government status Open

    Google Scholar 

  11. Czechowski R (2016) Security policy and good practice for implementation of smart grid solutions. Przegląd Elektrotechniczny 92(3):177–181

    MathSciNet  Google Scholar 

  12. Francillon A, Perito D, Castelluccia C (2009) Defending embedded systems against control flow attacks

    Google Scholar 

  13. Giani A, Karsai G, Roosta T, Shah A, Sinopoli B, Wiley J (2008) A testbed for secure and robust SCADA systems. ACM SIGBED Rev 5(2):1–4

    Article  Google Scholar 

  14. Hahn A, Govindarasu M (2011) Cyber attack exposure evaluation framework for the smart grid. IEEE Trans Smart Grid 2(4):835–843

    Article  Google Scholar 

  15. Hemsley KE, Fisher E et al (2018) History of industrial control system cyber incidents. Tech. rep., Idaho National Lab. (INL), Idaho Falls, ID (United States)

    Google Scholar 

  16. Hou Jb, Li T, Chang C (2017) Research for vulnerability detection of embedded system firmware. Procedia Comput Sci 107:814–818

    Article  Google Scholar 

  17. Jin D, Nicol DM, Yan G (2011) An event buffer flooding attack in DNP3 controlled SCADA systems

    Google Scholar 

  18. Kang DJ, Lee JJ, Kim SJ, Park JH (2009) Analysis on cyber threats to SCADA systems. In: 2009 transmission & distribution conference & exposition: Asia and Pacific

    Google Scholar 

  19. Kocher P, Lee R, McGraw G, Raghunathan A (2004) Security as a new dimension in embedded system design. In: Proceedings of the 41st annual design automation conference, pp 753–760

    Google Scholar 

  20. Liang G, Zhao J, Luo F, Weller SR, Dong ZY (2017) A review of false data injection attacks against modern power systems. IEEE Trans Smart Grid 8(4):1630–1638

    Article  Google Scholar 

  21. Mallouhi M, Al-Nashif Y, Cox D, Chadaga T, Hariri S (2011) A testbed for analyzing security of SCADA control systems (TASSCS). In: ISGT 2011

    Google Scholar 

  22. Manandhar K, Cao X, Hu F, Liu Y (2014) Detection of faults and attacks including false data injection attack in smart grid using Kalman filter. IEEE Trans Control Netw Syst 1(4):370–379

    Article  MathSciNet  Google Scholar 

  23. McLaughlin S (2011) On dynamic malware payloads aimed at programmable logic controllers. In: Proceedings of the 6th USENIX conference on hot topics in security, p 10

    Google Scholar 

  24. Metke AR, Ekl R (2010) Security technology for smart grid networks. IEEE Trans Smart Grid 1(1):99–107

    Article  Google Scholar 

  25. Miller C (2011) Battery firmware hacking. Black Hat USA, pp 3–4

    Google Scholar 

  26. Mohsenian-Rad AH, Leon-Garcia A (2011) Distributed internet-based load altering attacks against smart power grids. IEEE Trans Smart Grid 2(4):667–674

    Article  Google Scholar 

  27. Morris TH, Gao W (2013) Industrial control system cyber attacks. In: 1st international symposium for ICS & SCADA cyber security research 2013 (ICS-CSR 2013), vol 1, pp 22–29

    Google Scholar 

  28. Nai Fovino I, Carcano A, Masera M, Trombetta A (2009) An experimental investigation of malware attacks on SCADA systems. Int J Critical Infrastruct Protect 2(4):139–145. https://www.sciencedirect.com/science/article/pii/S1874548209000419

  29. Papp D, Ma Z, Buttyan L (2015) Embedded systems security: threats, vulnerabilities, and attack taxonomy. In: 2015 13th annual conference on privacy, security and trust (PST), pp 145–152. IEEE

    Google Scholar 

  30. Sandaruwan GPH, Ranaweera PS, Oleshchuk VA (2013) PLC security and critical infrastructure protection. In: 2013 IEEE 8th international conference on industrial and information systems

    Google Scholar 

  31. Ten CW, Liu CC, Manimaran G (2008) Vulnerability assessment of cybersecurity for SCADA systems. IEEE Trans Power Syst 23(4):1836–1846

    Article  Google Scholar 

  32. Yan Y, Qian Y, Sharif H, Tipper D (2012) A survey on cyber security for smart grid communications. IEEE Commun Surv Tutor 14(4):998–1010

    Article  Google Scholar 

  33. Yuan Y, Li Z, Ren K (2011) Modeling load redistribution attacks in power systems. IEEE Trans Smart Grid 2(2):382–390

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Center for Secure and Dependable Systems, University of Idaho, 875 Perimeter Dr. MS 1008, Moscow, ID, 83844-1008, USA

    Sandeep Gogineni Ravindrababu & Jim Alves-Foss

Authors
  1. Sandeep Gogineni Ravindrababu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jim Alves-Foss
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sandeep Gogineni Ravindrababu .

Editor information

Editors and Affiliations

  1. Middlesex University, London, UK

    Xin-She Yang

  2. The University of Reading, Reading, UK

    Simon Sherratt

  3. JIS University, Kolkata, India

    Nilanjan Dey

  4. Global Knowledge Research Foundation, Ahmedabad, India

    Amit Joshi

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ravindrababu, S.G., Alves-Foss, J. (2023). Analysis of Vulnerability Trends and Attacks in OT Systems. In: Yang, XS., Sherratt, S., Dey, N., Joshi, A. (eds) Proceedings of Seventh International Congress on Information and Communication Technology. Lecture Notes in Networks and Systems, vol 448. Springer, Singapore. https://doi.org/10.1007/978-981-19-1610-6_12

Download citation

  • DOI: https://doi.org/10.1007/978-981-19-1610-6_12

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-19-1609-0

  • Online ISBN: 978-981-19-1610-6

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation