Abstract
Attacks on industrial control system (ICS) and critical infrastructure network (CIN) are becoming increasingly prevalent. Asset inventory is the bedrock and a critical resource for managing cybersecurity risk in ICS and operational technology (OT). Lack of visibility into assets is one of the significant challenges in the ICS environment. Scanning a network can assist in compiling an exhaustive inventory of all connected devices. In ICS and other CIN, passive scanning is preferred over active scanning, as the latter may disrupt operations, resulting in severe consequences such as production, economic, and human losses. This paper proposes and develops a framework for asset inventory creation that utilizes a passive scanning technique. The framework runs a Python program that performs live capture from all active network interfaces in a Linux Docker container. We utilize a MySQL database to store the asset information captured during the scanning process. Additionally, a graphical representation of the asset’s network topology is generated. The results demonstrate that our proposed solution can detect and capture all assets associated with a particular interface based on its IP address and accurately identify more than 70 % of all devices.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Marali, M., Sudarsan, S.D., Gogioneni. A.: Cyber security threats in industrial control systems and protection. In: 2019 International Conference on Advances in Computing and Communication Engineering (ICACCE). IEEE (2019)
Dzung, D., Naedele, M., Von Hoff, T.P., Crevatin, M.: Security for Industrial Communication Systems. Proc. IEEE 93(6), 1152–1177 (2005). https://doi.org/10.1109/JPROC.2005.849714
Yogeshwar B.R., Sethumadhavan M., Srinivasan S., Amritha P.P.: A light-weight cyber security implementation for industrial SCADA systems in the Industries 4.0. In: Senjyu T., Mahalle P.N., Perumal T., Joshi A. (eds.) Information and Communication Technology for Intelligent Systems. ICTIS 2020. Smart Innovation, Systems and Technologies, vol. 196. Springer, Singapore (2021). https://doi.org/10.1007/978-981-15-7062-9_46
Sivaganesan, D.: A data driven trust mechanism based on blockchain in IoT sensor networks for detection and mitigation of attacks. J. Trends Comput. Sci. Smart Technol. (TCSST) 3(01), 59–69 (2021)
Bhamare, D., Zolanvari, M., Erbad, A., Jain, R., Khan, K., Meskin, N.: Cybersecurity for industrial control systems: a survey, Comput. Secu. 89, 101677 (2020), ISSN .0167-4048, https://doi.org/10.1016/j.cose.2019.101677
Brown, B.Gr.: SANS Institute: reading room—Analyst papers. In: SANS, 11 July 2017. https://www.sans.org/reading-room/whitepapers/analyst/membership/37860
Wedgbury, A., Jones, K.: Automated asset discovery in industrial control systems-exploring the problem. In: 3rd International Symposium for ICS & SCADA Cyber Security Research 2015 (ICS-CSR 2015) 3 (2015)
Guide for an Asset Inventory Management in Industrial Control Systems. Spanish National Cybersecurity Institute, Incibe-Cert. https://www.incibe-cert.es/sites/default/files/contenidos/guias/doc/incibe-cert_guide_assets_inventory_2020_v1.pdf. Last accessed 4 June 2021
Niedermaier, M.. et al.: Efficient Passive ICS Device Discovery and Identification by MAC Address Correlation. arXiv:1904.04271 (2019)
Haas, S., Sommer, R., Fischer, M.: Zeek-osquery: host-network correlation for advanced monitoring and intrusion detection. In: Hölbl, M., Rannenberg, K., Welzer, T. (eds.) ICT Systems Security and Privacy Protection. SEC 2020. IFIP Advances in Information and Communication Technology, vol. 580. Springer, Cham. https://doi.org/10.1007/978-3-030-58201-2_17
Abdulrazzaq, M., Wei, Y.: Industrial Control System (ICS) Network Asset Identification and Risk Management (2018)
Mavrakis, C.: Passive asset discovery and operating system fingerprinting in industrial control system networks. Wayback archive: http://web.archive.org/web/20190307110951/https://pure.tue.nl/ws/files/46916656/840171-1.pdf (2015): 840171-1
NSA/Cyber Grassmarlin Github. https://www.github.com/nsacyber/GRASSMARLIN/blob/master/GRASSMARLIN%20User%20Guide.pdf Last accessed 4 June 2021
Hjelmvik, E.: Passive OS Fingerprinting—NETRESEC Blog. Netresec. https://www.netresec.com/?page=Blog&month=2011-11&post=Passive-OS-Fingerprinting (2011)
Al Ghazo, A.T., Kumar, R.: ICS/SCADA device recognition: a hybrid communication-patterns and passive-fingerprinting approach. In: 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), pp. 19–24 (2019)
Netresec.: SCADA / ICS PCAP Files from 4SICS. Netresec. https://www.netresec.com/?page=PCAP4ICS Last accessed 18 June 2021
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Thomas, A.M., Marali, M., Reddy, L. (2022). Identification of Assets in Industrial Control Systems Using Passive Scanning. In: Pandian, A.P., Fernando, X., Haoxiang, W. (eds) Computer Networks, Big Data and IoT. Lecture Notes on Data Engineering and Communications Technologies, vol 117. Springer, Singapore. https://doi.org/10.1007/978-981-19-0898-9_21
Download citation
DOI: https://doi.org/10.1007/978-981-19-0898-9_21
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-0897-2
Online ISBN: 978-981-19-0898-9
eBook Packages: EngineeringEngineering (R0)