Share Email Print
cover

Proceedings Paper

ICS logging solution for network-based attacks using Gumistix technology
Author(s): Jeremy R. Otis; Dustin Berman; Jonathan Butts; Juan Lopez
Format Member Price Non-Member Price
PDF $14.40 $18.00
cover GOOD NEWS! Your organization subscribes to the SPIE Digital Library. You may be able to download this paper for free. Check Access

Paper Abstract

Industrial Control Systems (ICS) monitor and control operations associated with the national critical infrastructure (e.g., electric power grid, oil and gas pipelines and water treatment facilities). These systems rely on technologies and architectures that were designed for system reliability and availability. Security associated with ICS was never an inherent concern, primarily due to the protections afforded by network isolation. However, a trend in ICS operations is to migrate to commercial networks via TCP/IP in order to leverage commodity benefits and cost savings. As a result, system vulnerabilities are now exposed to the online community. Indeed, recent research has demonstrated that many exposed ICS devices are being discovered using readily available applications (e.g., ShodanHQ search engine and Google-esque queries). Due to the lack of security and logging capabilities for ICS, most knowledge about attacks are derived from real world incidents after an attack has already been carried out and the damage has been done. This research provides a method for introducing sensors into the ICS environment that collect information about network-based attacks. The sensors are developed using an inexpensive Gumstix platform that can be deployed and incorporated with production systems. Data obtained from the sensors provide insight into attack tactics (e.g., port scans, Nessus scans, Metasploit modules, and zero-day exploits) and characteristics (e.g., attack origin, frequency, and level of persistence). Findings enable security professionals to draw an accurate, real-time awareness of the threats against ICS devices and help shift the security posture from reactionary to preventative.

Paper Details

Date Published: 28 May 2013
PDF: 6 pages
Proc. SPIE 8757, Cyber Sensing 2013, 875705 (28 May 2013); doi: 10.1117/12.2015958
Show Author Affiliations
Jeremy R. Otis, Air Force Institute of Technology (United States)
Dustin Berman, Air Force Institute of Technology (United States)
Jonathan Butts, Air Force Institute of Technology (United States)
Juan Lopez, Air Force Institute of Technology (United States)


Published in SPIE Proceedings Vol. 8757:
Cyber Sensing 2013
Igor V. Ternovskiy; Peter Chin, Editor(s)

© SPIE. Terms of Use
Back to Top