Cyber Threats and Vulnerabilities in Industrial

Control System
ANKITA GUPTA
M.TECH EMBEDDED SYSTEM ELECTRONICS AND TELECOMMUNICATIONS
SYMBIOSIS INSTITUTE OF TECHNOLOGY
PUNE, INDIA
[email protected] or ORCID-0009-0006-2973-9740

Abstract—Industrial control system is a system which is It also provide real time data. Some applications are-
used in critical infrastructure framework such as highways, Autotransformers, Motor controllers.
tunnels, railways, electric utilities, water management system, • Programmable Logic Controllers- PLCs, are electronic
mobile networks etc. ICS is a combination of various types of
control systems including instrumentation devices, network and devices that perform various functions like input/output
controllers used to operate and automate industrial process. This control, three modes control, counting and timing mecha-
case study is basically about the characteristics and abstract nisms, sequential control and intutive programming inter-
architecture of industrial control system and analyzing the cyber face. Some applications are- Escalator and lift operations.
threats and vulnerabilities status of industrial control system. • Safety Instrumented Systems- SIS, are used to perform
ICSs are essential to critical infrastructure operations, and their
successful misuse can cause in data malfeasance and also can safety functions in industries. It is hardware and software
cause significant physical damage including the loss of human based control systems which provides protection if haz-
lives. Nowadays cyber threats and vulnerabilities are increasingly ardous condition is detected.
shifting their focus from Industrial technology to Operational • Remote Terminal Units- RTUs, are microprocessor based
technology. Therefore critical industrial infrastructure owned by industrial control systems. These electronically connect
the government and private entities at high risk of detrimental
cyberattacks that can cause loss of life and severe economic various hardware to control systems. Some applications
damage as well. are- Air traffic equipments.
Index Terms—Industrial control system, Cyber threats, Vul- • Human Machine Interfaces- HMIs, are hardware and
nerability analysis, ICS Security. software based information transmit exchange device
between human and machine or computerized systems.
I. I NTRODUCTION Some applications are- Centralized control rooms.
Industrial control system mainly used to control large num- • Intelligent Electronic Devices- IEDs, are combination of
ber of operations of critical infrastructures such as power electronic devices with microprocessors such as circuit
supply systems, water management, oil industries, transporta- controllers that have many functions like power moni-
tion, manufacturing industries and so on. Initially ICS were toring, controlling and metering. Some applications are-
designed to operate with specific protocols and hardware Sewage treatment plants, Food processing industries.
tools, without any security requirements. Nowadays, ICS are
becoming more and more interconnected with Internet of A. Cyber Threats
things, therefore this evolution urges raising of cyber threats
and vulnerabilities risk in ICS. There are various types of ICS Industrial control systems generally threaten by various
that targeted by threat actors to carry out cyber attacks such cyber threat vectors such as; Bot-networks, Attackers, Crim-
as: inal groups, Foreign intelligence systems, Phishers, Insiders,
• Supervisory Control and Data Acquisition- SCADA, is a
Spammers, Spyware, Malware, Terrorists groups and Indus-
system that processes and collect data of control system trial spies. These threat sources make ICS’s vulnerable and
that operate higher level and for significant distances. exploit system completely. Any kind of attack through cyber
Some applications are- Pipeline systems, Microwave threat vectors on ICS protocols is a part of five major threat
transmissions. categories -
• Distributed Control Systems- DCS, are systems of spe- • Spoofing- In these kind of attacks a person or program
cially designed computers, controllers and sensors that successfully steal other’s data by falsifying identity.
are dispersed through industrial plants. Some applications • Data Tempering- In these kind of attacks malicious actors
are- chemical plants, nuclear power plants. manipulate data by means of accessing unauthorized files.
• Industrial Automation and Control Systems- IACS, are • Disclosing data- In these kind of attacks hackers usually
combination of electronic, mechanical and elctromechan- capable of breaching data in unauthorized fashion.
ical devices that perform various tasks like controlling, • Denial of service- In these kind of cyber attacks malicious
monitoring and actuation processes on logical devices. users make device unavailable to its intended user.
 • Privilege Escalation- In these kind of cyber attacks hack- configuration for that critical system. This security gap
ers gain unauthorized privileged access within system. can exploit the system by perpetrator.
To give a sense of the size of these attacks, following are some
C. ICS Security
of the biggest cyber attacks described as below;
In Industrial control system most of the cyber attacks have
• In 2010, a malware Stuxnet developed by US and Israeli
either targeted IT infrastructure or circuit breakers of OT.
Intelligence to target Iran’s nuclear facility. Stuxnet suc-
Therefore ICS security is essential as the defence of industrial
cessfully targeted Iranian centrifuges.
control system from cyber threats and attacks. ICS security
• In 2010, a malware Night dragon used to target global,
is also defined as Operational Technology security or OT
oil and petrochemicals companies.
security. Operation Technology security includes wide range
• In 2012, a malware Shamoon used to target large energy
of practices to reduce ICS vulnerabilities, these are following;
companies including Saudi Aramco and RasGas.
• In 2013, a remote access Trojan named Havex developed • Detection of organization list and details of assets its own.

by Russia’s civilian and military intelligence services to • Vulnerability management of system.

target targeted industrial control system; energy grids and • Network disturbance protection and detection.
electricity firms. • Terminus detection and response.
• In 2014, a trojan malware developed by a Russian-based
• Patch management to protect against vulnerabilities .
group known as Sandworm also known as Voodoo Bear
• Management to access services and resources.
to target Ukrainian’s power grid.
• In 2017, ICS malware Triton/Trisis/Hatman was discov- II. L ITERATURE S URVEY
ered which targeted petrochemical facilities in the Middle Some research paper review for ICS cyber security has
East. described below;
B. Vulnerabilities • Research paper [6], [9], [15], [22] have different ap-

Industrial control system consist of various devices, con- proaches to describe the cyber malware attacking be-
trollers, computers, software integration systems to communi- haviors. These cyber attacks have great impact for any
cate and operate industrial processes. These functions make nation’s national security and economy that can make any
ICS more vulnerable to cyber threats malware from both nation vulnerable for its citizen’s security. Concentrating
inside and outside the control system network. Some important on ICS security, each nation should implement ICS
vulnerabilities which are common to all ICS are given as security framework to secure ICS systems from internal
below; and external attacks. Framework steps describes as below;
• Buffer Overflows- These are programming errors where 1) Procedural security control.
program overruns the boundary of the buffer. 2) Operational security control.
• Unauthenticated Protocols- It is used by protocols to
3) Technological security control.
validate connectivity between devices. 4) Physical security control.
5) Regulatory security control.
• Weak User Authentication- It is a user identifier by
6) Compliance security control.
which user identifies itself through passwords, biometrics,
• Research paper [2] proposed a new model for Multi-
fingerprints and iris scans.
Attribute Vulnerability Criticality Analysis, MAVCA is a
• Untimely Adoption of Software- It occurs when software
probabilistic model which provides a unique way to find
not tested thoroughly for all input and error conditions,
out the issue of uncertainty in ICS network’s systems
can lead to exploitation of ICS and invite malicious
vulnerability management. It also provide methodology
hackers.
for security strategy to prevent cyber-attacks.
• Misconfigurations- Systems that have been misconfigured
• Research paper [18] has provide a survey of RowHam-
present major security vulnerabilities.
mer vulnerability. Failure of Dynamic Random Access
• Third party outsourcing- Having outside personnel ac-
Memory is called as RH. By RowHammer attack it is
cessing.
possible to change data of attcked hardware. RH is a first
• Weak Firewall rules- These are intricate part of networks.
example of how mechanism of circuit failure can cause
In the case of OT networks these not configured thor- vulnerabilities in system’s security.
oughly.
• Inadequate Hardware- Mostly companies often try to save III. A NALYSIS
money by purchasing inadequate hardware which leads to Developing countries like India where democracy play a
misconfigurations and vulnerability exploitation. major role is highly sensitive for any major cyber attacks.
• Insider threats- These threats are mainly responsible for Compare to global average cyber attacks, India alone witness
security breaches. approximately 1700 cyber attack each week on average. India’s
• No Working Backups- This happen when critical system health care sector is a prime target for cyber attackers due to
has failed and there is no secure copies of backup intrinsic vulnerabilities. In this technological advancement era
most of the countries still not a part of global conventions or [5] Rao Faizan Ali; Amgad Muneer; P D D. Dominic; Ebrahim A. A
forums which make other components vulnerable to major cy- Ghaleb; Ammar Al-Ashmor, ”Survey on Cyber Security for Industrial
Control Systems.”
ber threats. Creating a global framework by organizations and [6] Phitaya Nakhonthai; Krishna Chimmanee, ”Digital Forensic Analysis of
spreading awareness can prevent system from any hazardous Ransomware Attacks on Industrial Control Systems: A Case Study in
attack. Factories.”
[7] Zahra Jadidi; Yi Lu, ”A Threat Hunting Framework for Industrial
Control Systems.”
IV. R ESULT [8] Montri Wiboonrat, ”Cybersecurity in Industrial Control Systems: An
Before advancement of further industrial revolution some integration of information technology and operational technology.”
[9] Usman Javed Butt; Maysam Abbod; Anzor Lors; Hamid Jahankhani;
strict security policies are required for any country to protect Arshad Jamal; Arvind Kumar, ”Ransomware Threat and its Impact on
the critical infrastructure of information as well as operational SCADA.”
technology. For security of data and systems cyber laws should [10] Beulah Rani I; G. Matthew Palmer; G. Jaspher W. Kathrine; S.E Vinodh
Ewards, ”Intrusion Detection System for Cyber Attacks in Food and
be provided. According to above case study of cyber threat in Beverage Industry.”
ICS following steps are required; [11] Ercan Nurcan Ylmaz; Bünyamin Ciylan; Serkan Gönen; Erhan Sindiren;
Gökçe Karacayılmaz, ”Cyber security in industrial control systems:
• Cyber security policies should be endorse by country. Analysis of DoS attacks against PLCs and the insider effect.”
• Legal laws should be reviewed periodically to protect [12] Toshio Miyachi; Tsutomu Yamada, ”Current issues and challenges on
personal data from breaching. cyber security for industrial automation and control systems.”
[13] Mohamed Mesbah; Marianne Azer, ”Cyber Threats and Policies for
• Detection and protection system should be up to date. Industrial Control Systems.”
• Automatically encryption and decryption of data when- [14] Matthew G. Angle; Stuart Madnick; James L. Kirtley; Shaharyar Khan,
ever it is required by system. ”Identifying and Anticipating Cyberattacks That Could Cause Physical
Damage to Industrial Control Systems.”
• Identifying vulnerabilities in system and providing repair- [15] Omar EL Idrissi; Abdellatif Mezrioui; Abdelhamid Belmekki, ”Cyber
ing. Security challenges and Issues of Industrial Control Systems–Some
• Must have a backup solution. Security Recommendations.”
[16] Maesschalck S; Staves A; Derbyshire R; Green B; Hutchison D, ”Walk-
• Securing sensitive systems from any damage. ing under the ladder logic: PLC-VBS: a PLC control logic vulnerability
• Prohibition of unauthorized access. scanning tool.”
• Regular monitoring of tasks. [17] Alzahrani A; Aldhyani T, ”Design of Efficient Based Artificial Intelli-
gence Approaches for Sustainable of Cyber Security in Smart Industrial
• Upgradation in quality training to all staffs. Control System.”
[18] Aydin H; Sertbaş A, ”Cyber Security in Industrial Control Systems
V. C ONCLUSIONS (ICS): A Survey of Rowhammer Vulnerability.”
[19] Eric Byres; Justin Lowe, ”The Myths and Facts behind Cyber Security
Nowadays cyber threats and vulnerabilities are prime chal- Risks for Industrial Control Systems.”
lenges that any kind of organisations need to consider while [20] Kevin Hemsley; Ronald Fisher, ”A History of Cyber Incidents and
adopting advance technologies and internet of things. Modern Threats Involving Industrial Control Systems.”
[21] Joel F. Brenner, ”Eyes wide shut: The growing threat of cyber attacks
Industrial Control Systems are very important in our life on industrial control systems.”
because we use it as information and communication tools to [22] Zakarya Drias; Ahmed Serhrouchni; Olivier Vogel, ”Taxonomy of
manage, monitor and improve ICS usage. These ICS systems attacks on industrial control protocols.”
[23] Abdulrahman Al-Abassi; Hadis Karimipour; Ali Dehghantanha; Reza
are commonly used in critical infrastructure, if one these M. Parizi, ”An Ensemble Deep Learning-Based Cyber-Attack Detection
systems became slow down or shut down, it would have a in Industrial Control System.”
great impact on national economy as well as national security [24] Chenyang Liu; Yazeed Alrowaili; Neetesh Saxena; Charalambos Kon-
stantinou, ”Cyber Risks to Critical Smart Grid Assets of Industrial
for any country. Some Popular ICS attack incidents, like Control Systems.”
Colonial pipeline ransomware attack, Triton malware attack, [25] Allan Cook; Richard Smith; Leandros Maglaras; Helge Janicke, ”Mea-
Ukraine power grid trojan attack show that the impacts of suring the Risk of Cyber Attack in Industrial Control Systems.”
[26] Fan Zhang; Hansaka Angel Dias Edirisinghe Kodituwakku; J. Wesley
major cyber-attacks can cause considerable negative effects on Hines; Jamie Coble, ”Multilayer Data-Driven Cyber-Attack Detection
other connected components of entire system. To represent the System for Industrial Control Systems Based on Network, System, and
concern of advanced cyber attacks before any crucial damage Process Data.”
[27] Eric Luiijf, ”Threats in Industrial Control Systems.”
is done to physical system a multi-layer, data-driven cyber- [28] Maryna Krotofil; Dieter Gollmann, ”Industrial control systems security:
attack systems are required to improvise ICS cybersecurity by What is happening?”
providing wider attack detection. [29] Xinxin Lou; Asmaa Tellabi, ”Cybersecurity Threats, Vulnerability and
Analysis in Safety Critical Industrial Control System.”
[30] Nick Evancich; Jason Li, ”Attacks on Industrial Control Systems.”
R EFERENCES
[1] Xiaohe Fan, Kefeng Fan, Yong Wang1, Ruikang Zhou, ”Overview of
cyber security of Industrial control system.”
[2] Uchenna Daniel Ani; Hongmei He; Ashutosh Tiwari, ”Vulnerability-
Based Impact Criticality Estimation for Industrial Control Systems.”
[3] Alfred Ocaka; Diarmuid O Briain; Steven Davy; Keara Barrett, ”Cy-
bersecurity Threats, Vulnerabilities, Mitigation Measures in Industrial
Control and Automation Systems: A Technical Review.”
[4] Ming Wan; Jiawei Li; Ying Liu; Jianming Zhao; Jiushuang Wang,
”Characteristic insights on industrial cyber security and popular defense
mechanisms.”