ICS logging solution for network-based attacks using Gumistix technology

Jeremy R. Otis; Dustin Berman; Jonathan Butts; Juan Lopez Jr.

doi:10.1117/12.2015958

28 May 2013 ICS logging solution for network-based attacks using Gumistix technology

Jeremy R. Otis, Dustin Berman, Jonathan Butts, Juan Lopez Jr.

Proceedings Volume 8757, Cyber Sensing 2013; 875705 (2013) https://doi.org/10.1117/12.2015958
Event: SPIE Defense, Security, and Sensing, 2013, Baltimore, Maryland, United States

Abstract

Industrial Control Systems (ICS) monitor and control operations associated with the national critical infrastructure (e.g., electric power grid, oil and gas pipelines and water treatment facilities). These systems rely on technologies and architectures that were designed for system reliability and availability. Security associated with ICS was never an inherent concern, primarily due to the protections afforded by network isolation. However, a trend in ICS operations is to migrate to commercial networks via TCP/IP in order to leverage commodity benefits and cost savings. As a result, system vulnerabilities are now exposed to the online community. Indeed, recent research has demonstrated that many exposed ICS devices are being discovered using readily available applications (e.g., ShodanHQ search engine and Google-esque queries). Due to the lack of security and logging capabilities for ICS, most knowledge about attacks are derived from real world incidents after an attack has already been carried out and the damage has been done. This research provides a method for introducing sensors into the ICS environment that collect information about network-based attacks. The sensors are developed using an inexpensive Gumstix platform that can be deployed and incorporated with production systems. Data obtained from the sensors provide insight into attack tactics (e.g., port scans, Nessus scans, Metasploit modules, and zero-day exploits) and characteristics (e.g., attack origin, frequency, and level of persistence). Findings enable security professionals to draw an accurate, real-time awareness of the threats against ICS devices and help shift the security posture from reactionary to preventative.

Citation Download Citation

Jeremy R. Otis, Dustin Berman, Jonathan Butts, and Juan Lopez Jr. "ICS logging solution for network-based attacks using Gumistix technology", Proc. SPIE 8757, Cyber Sensing 2013, 875705 (28 May 2013); https://doi.org/10.1117/12.2015958

ACCESS THE FULL ARTICLE

INSTITUTIONAL
Select your institution to access the SPIE Digital Library.

SELECT YOUR INSTITUTION

PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.

PERSONAL SIGN IN

No SPIE Account? Create one

PURCHASE THIS CONTENT

SUBSCRIBE TO DIGITAL LIBRARY

50 downloads per 1-year subscription

Members: $195

Non-members: $335 ADD TO CART

25 downloads per 1 - year subscription

Members: $145

Non-members: $250 ADD TO CART

PURCHASE SINGLE ARTICLE

Includes PDF, HTML & Video, when available

Members: $17.00

Non-members: $21.00 ADD TO CART

PROCEEDINGS
6 PAGES

DOWNLOAD PAPER SAVE TO MY LIBRARY

GET CITATION

RIGHTS & PERMISSIONS

Get copyright permission Get copyright permission on Copyright Marketplace

KEYWORDS

Sensors

Network security

Analytical research

Information security

Control systems

Environmental sensing

Computer security

Show All Keywords

Keywords/Phrases

Search In:

Publication Years