Industrial and Critical Infrastructure Security: Technical Analysis of Real-Life Security Incidents

Makrakis, Georgios Michail; Kolias, Constantinos; Kambourakis, Georgios; Rieger, Craig; Benjamin, Jacob

doi:10.1109/ACCESS.2021.3133348

Title: Industrial and Critical Infrastructure Security: Technical Analysis of Real-Life Security Incidents

Journal Article · Fri Jan 01 00:00:00 EST 2021 · IEEE Access

DOI:https://doi.org/10.1109/ACCESS.2021.3133348· OSTI ID:1834268

Makrakis, Georgios Michail; Kolias, Constantinos; Kambourakis, Georgios; Rieger, Craig; Benjamin, Jacob

Critical 1 infrastructures (CI) and industrial organizations aggressively move towards integrating elements of modern Information Technology (IT) into their monolithic Operational Technology (OT) architectures. Yet, as OT systems progressively become more and more interconnected, they silently have turned into alluring targets for diverse groups of adversaries. Meanwhile, the inherent complexity of these systems, along with their advanced-in-age nature, prevents defenders from fully applying contemporary security controls in a timely manner. Forsooth, the combination of these hindering factors has led to some of the most severe cybersecurity incidents of the past years. This work contributes a full-fledged and up-to-date survey of the most prominent threats against OT systems and technologies, including Industrial Control Systems (ICS), along with the communication protocols and devices adopted in these environments. Our study highlights that threats against CI follow an upward spiral due to the mushrooming of commodity tools and techniques that can facilitate either the early or late stages of attacks. Furthermore, our survey exposes that existing vulnerabilities in the design and implementation of several of the OT-specific network protocols may easily grant adversaries the ability to decisively impact physical processes. We provide a categorization of such threats and the corresponding vulnerabilities based on various criteria. As far as we are aware, this is the first time an exhaustive and detailed survey of this kind is attempted.

View Journal Article

Cite

Export

Save

Research Organization:: Idaho National Laboratory (INL), Idaho Falls, ID (United States)

Sponsoring Organization:: USDOE Office of Nuclear Energy (NE)

Grant/Contract Number:: AC07-05ID14517

OSTI ID:: 1834268

Alternate ID(s):: OSTI ID: 1834269; OSTI ID: 1899153

Report Number(s):: INL/JOU-21-63073-Rev000; 9638617

Journal Information:: IEEE Access, Journal Name: IEEE Access; ISSN 2169-3536

Publisher:: Institute of Electrical and Electronics EngineersCopyright Statement

Country of Publication:: United States

Language:: English

Similar Records

Autonomous System Inference, Trojan, and Adversarial Reprogramming Attack and Defense (Final)

Technical Report · Fri Sep 01 00:00:00 EDT 2023 · OSTI ID:1834268

Spirito, Christopher M.; Lamb, Patience

Gamification of Cybersecurity for Workforce Development in Critical Infrastructure

Journal Article · Sat Jan 01 00:00:00 EST 2022 · IEEE Access · OSTI ID:1834268

Ashley, Travis D.; Kwon, Roger; Gourisetti, Sri Nikhil Gupta; +3 more

Quantum Key Distribution for Critical Infrastructures: Towards Cyber-Physical Security for Hydropower and Dams

Journal Article · Thu Dec 14 00:00:00 EST 2023 · Sensors · OSTI ID:1834268

Green, Adrien; Lawrence, Jeremy; Siopsis, George; +2 more

Related Subjects

97 MATHEMATICS AND COMPUTING
42 ENGINEERING
OT
ICS
IIoT
critical infrastructure
cybersecurity
network protocols
security

Title: Industrial and Critical Infrastructure Security: Technical Analysis of Real-Life Security Incidents

Citation Formats

Similar Records

Related Subjects