Network Analysis of Reconnaissance and Intrusion of an Industrial Control System

Abstract

This report describes the results of an experiment assessing 5 security configurations in order to increase the amount of security for an industrial control system (ICS). The first objective was to evaluate how network topology affects the information learned by an attacker to conduct passive reconnaissance of an ICS. The second objective was to identify useful methods to detect network intrusion. The testbed experiment demonstrated that network segregation and technical controls can reduce the attack surface of an ICS network. The experiment also revealed that whitelisting techniques can detect an attacker since ICS network hosts rarely change. In addition, we describe general methods for characterizing baseline Modbus traffic that could be used for detecting anomalous ICS traffic from an attacker.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2016
Accession Number
AD1016413

Entities

People

  • Daniel T. Sullivan
  • Edward J. Colbert

Organizations

  • United States Army Research Laboratory

Tags

DTIC Thesaurus Topics

  • Computer Network Security
  • Computer Networks
  • Computer Programming
  • Computers
  • Control Systems
  • Human-Machine Interfaces
  • Industrial Control Systems
  • Intrusion
  • Intrusion Detection
  • Intrusion Detectors
  • Local Area Networks
  • Network Protocols
  • Network Topology
  • Operating Systems
  • Supervisory Control
  • Transport Protocols
  • Web Browsers

Fields of Study

  • Computer science

Readers

  • Cybersecurity.