Industrial and Critical Infrastructure Security: Technical Analysis of Real-Life Security Incidents
Critical 1 infrastructures (CI) and industrial organizations aggressively move towards integrating elements of modern Information Technology (IT) into their monolithic Operational Technology (OT) architectures. Yet, as OT systems progressively become more and more interconnected, they silently have turned into alluring targets for diverse groups of adversaries. Meanwhile, the inherent complexity of these systems, along with their advanced-in-age nature, prevents defenders from fully applying contemporary security controls in a timely manner. Forsooth, the combination of these hindering factors has led to some of the most severe cybersecurity incidents of the past years. This work contributes a full-fledged and up-to-date survey of the most prominent threats against OT systems and technologies, including Industrial Control Systems (ICS), along with the communication protocols and devices adopted in these environments. Our study highlights that threats against CI follow an upward spiral due to the mushrooming of commodity tools and techniques that can facilitate either the early or late stages of attacks. Furthermore, our survey exposes that existing vulnerabilities in the design and implementation of several of the OT-specific network protocols may easily grant adversaries the ability to decisively impact physical processes. We provide a categorization of such threats and the corresponding vulnerabilities based on various criteria. As far as we are aware, this is the first time an exhaustive and detailed survey of this kind is attempted.
- Research Organization:
- Idaho National Laboratory (INL), Idaho Falls, ID (United States)
- Sponsoring Organization:
- USDOE Office of Nuclear Energy (NE)
- Grant/Contract Number:
- AC07-05ID14517
- OSTI ID:
- 1834268
- Alternate ID(s):
- OSTI ID: 1834269; OSTI ID: 1899153
- Report Number(s):
- INL/JOU-21-63073-Rev000; 9638617
- Journal Information:
- IEEE Access, Journal Name: IEEE Access; ISSN 2169-3536
- Publisher:
- Institute of Electrical and Electronics EngineersCopyright Statement
- Country of Publication:
- United States
- Language:
- English
Similar Records
Gamification of Cybersecurity for Workforce Development in Critical Infrastructure
Quantum Key Distribution for Critical Infrastructures: Towards Cyber-Physical Security for Hydropower and Dams