Security Probes for Industrial Control Networks

Abstract

During the last years, some of the attacks towards SCADA made headlines, helping raise awareness. Some of the vulnerabilities may even be exploited to harm other systems, eventually, ending compromising specific points of SCADA networks. At the same time, a growing number of threats related with the physical layer made new issues and low-level mechanisms emerged, requiring careful approach and monitoring to secure such devices. Threats of this type are considered to be even more dangerous than SCADA-specific ones, since these operate at a lower level, unnoticed to scanners and anti-viruses. Considering this scenario we can expect a growing number of these threats to be affecting SCADA components, if adequate countermeasures are not taken. Over the last ten months (from September 16, 2013 until June 27, 2014), a new concept was developed, in the context of the FP7 CockpitCI project, for the current thesis, to reinforce the security of SCADA systems. This concept refers to a device installed in a key juncture of the network, with the purpose of monitoring the behavior of specific components, while reporting detected anomalies. However, even before this thesis (during the second curriculum semester of the year 2012/2013) there was already some research being made in this sense, which reflects in the amount of results included in this document.