Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Vulnerabilities on the wire: Mitigations for insecure ICS device communication
Cyber Security: A Peer-Reviewed Journal,
4
(2),
160-181
(2020)
Abstract
Modbus transmission control protocol (TCP) and other legacy ICS protocols ported over from serial communications are widely used in many ICS verticals. Due to extended operational industrial control system (ICS) component life, these protocols will be used for many years to come. Insecure ICS protocols allow attackers to potentially manipulate programmable logic controller (PLC) code and logic values that could lead to disrupted critical system operations. These protocols are susceptible to replay attacks and unauthenticated command execution.1 This paper examines the viability of deploying PLC configuration modifications, programming best practices and network security controls to demonstrate that it is possible to increase the difficulty for attackers to maliciously abuse ICS devices and mitigate the effects of attacks based on insecure ICS protocols. Student kits provided in SANS ICS515 and ICS612 courses form the backdrop for testing and evaluating ICS protocols and device configurations.
Keywords: industrial control system (ICS); OT; Protocols; PLC; automation; Modbus
The full article is available to subscribers to the journal.
Author's Biography
Michael Hoffman has over 20 years’ combined experience across the oil and gas industry between industrial control system (ICS) security, controls and automation, and instrumentation. His roles have ranged from operational site support to global ICS security subject matter expert. He is a fervent believer in lifelong learning and has both an AAS degree in instrumentation and control technology and a BSc degree in computer science. Michael is currently enrolled in the SANS Technology Institute (STI) MSISE program with a focus on ICS security and is looking forward to completing the degree early 2021. Michael currently holds the GRID-Gold, GICSP-Gold, GCIP, GPEN, GCIH, GCIA, GPYC, GSEC, GSTRT, GCPM, GCCC, CISSP, PMP, CEH and CCNA certifications. He is currently working towards GSE certification to complete the STI MSISE degree. Outside of working, studying ICS security and supporting SANS as an instructor in development, Michael can be found in the mountains of Washington State, USA, where he enjoys camping and hiking with his family.
