Active Scanning in the Industrial Control Systems

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26220%2F21%3APU142412" target="_blank" >RIV/00216305:26220/21:PU142412 - isvavai.cz</a>

Výsledek na webu

<a href="https://ieeexplore.ieee.org/document/9644373/" target="_blank" >https://ieeexplore.ieee.org/document/9644373/</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1109/ISCSIC54682.2021.00049" target="_blank" >10.1109/ISCSIC54682.2021.00049</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Active Scanning in the Industrial Control Systems

Popis výsledku v původním jazyce

Industrial control systems (ICS) networks have faced challenges in incident detection over the last few years. One of the issues harming ICS networks is the active scanning of such structures. Active scanning can be used in two different key scenarios: either by an attacker causing network damage or by the network owner to explore network hosts and visualize network architecture; in both cases, it can affect ICS network traffic. This paper aims to demonstrate active scanning using two tools (Nmap, Zmap) from the penetration tester's perspective. The penetration tester operation was described in the context of the impact on the failure or the delay of communication in the network. As a part of this work, an industrial testbed was created to analyse the impact of the scanning. While scanning with the Zmap tool, there was a complete loss of communication between the device and the testbed network. On the other hand, the Nmap tool displayed a delay and an occasional network outage. The article then described and visualized the delay and outage data. These results clearly show that it is not appropriate to use active scanners in industrial networks, as they can have a fatal impact on the entire network's communication.

Název v anglickém jazyce

Active Scanning in the Industrial Control Systems

Popis výsledku anglicky

Industrial control systems (ICS) networks have faced challenges in incident detection over the last few years. One of the issues harming ICS networks is the active scanning of such structures. Active scanning can be used in two different key scenarios: either by an attacker causing network damage or by the network owner to explore network hosts and visualize network architecture; in both cases, it can affect ICS network traffic. This paper aims to demonstrate active scanning using two tools (Nmap, Zmap) from the penetration tester's perspective. The penetration tester operation was described in the context of the impact on the failure or the delay of communication in the network. As a part of this work, an industrial testbed was created to analyse the impact of the scanning. While scanning with the Zmap tool, there was a complete loss of communication between the device and the testbed network. On the other hand, the Nmap tool displayed a delay and an occasional network outage. The article then described and visualized the delay and outage data. These results clearly show that it is not appropriate to use active scanners in industrial networks, as they can have a fatal impact on the entire network's communication.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

20203 - Telecommunications

Projekt

<a href="/cs/project/FV40366" target="_blank" >FV40366: Datový monitoring pro zvýšení spolehlivosti procesů chytrých továren</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2021

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

2021 International Symposium on Computer Science and Intelligent Control (ISCSIC)

ISBN

978-1-6654-1627-6

ISSN

—

e-ISSN

—

Počet stran výsledku

6

Strana od-do

1-6

Název nakladatele

IEEE CPS

Místo vydání

Rome, Italy

Místo konání akce

Stockholm

Datum konání akce

13. 8. 2021

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

000803928000038