Instrumentation for Vulnerability Assessment of Industrial Control Systems

Abstract

In this project, the PIs propose to automate (PLC) device finger printing, taking advantage of device~s analog emissions. They will investigate techniques for recognizing the device via analog emission, and generating intelligence regarding the amount and type of information that can be derived from analog emissions regarding a PLC~s operating parameters, indicating potential vulnerabilities.Objective:The objective of the proposed project is two-fold:~ Automate a large part of the reconnaissance phase of a vulnerability assessment by identifying/fingerprinting PLCs using analog emissions, enabling automatic vulnerability assessments of PLCs.~ Generate intelligence regarding the amount and type of information that can be derived from analog emissions regarding a PLC~s operating parameters, indicating potential vulnerabilities and PLC components that require further protection/attention from a cybersecurity perspective.Approach:This project is supplemental to an ONR-funded project titled ~Towards automatic vulnerability assessment of industrial control systems~ and managed by the three PIs. The aforementioned project focuses of this proposal is to develop a fully automated penetration tester for assessing the security posture of an integrated control system (ICS). The supplemental research will expand the capability of RTIB, to include the vulnerability assessment by identifying/fingerprinting PLCs using analog emissions.The automated tool (RTIB) will come in two versions: 1) as software to be installed and executed on an existing PC, and 2) As a stand-alone hardware box to be connected directly to the ICS environment. The expected use case is as follows: the penetration tester connects the tool to the target device (sensors, actuators, and PLCs) in an ICS environment and launches the vulnerability assessment procedure. The device can be connected in one of two ways: 1) through the network (internal/external), and 2) directly through available device ports (RJ45, USB, RS232, and JTAG). If the embedded devices are accessed over a network (option (1)), network discovery will precede the proposed vulnerability discovery phase. Network discovery, however, will not be the focus of the project. Once connected, the tool will automatically attempt to identify potential vulnerabilities of the target actuator, sensor and PLCs in the different components of ICS. The PIs may optionally develop an on-line, control-theoretic attack monitoring system based on dynamic observer and learning/adaptation algorithms implemented either on network-connected monitoring devices or as software components on computers within an existing ICS device. The attack monitoring system will observe/estimate deviations of the overall system behavior (and signals/communications in the system) to detect possible on-going attacks. The developed vulnerability analysis tool will be reinforced to uncover additional (although hard to exploit) vulnerabilities in such protected ICS systems.Merit/Relevance:The proposed research will develop an simple to use, fully automated penetration tester for industrial control systems. The availability of this tool will provide an economic and efficient way for testing the security posture of Navy~s ICS, including vessels HM&E systems. Frequent (as it is economic) assessment on Navy~s ICS will significantly enhance the security posture of Navy~s systems.Project Abstract The proposed project addresses the development of methodologies for identification of a PLC and estimation of some of its operating parameters based on remote observations of analog emissions. In particular, electromagnetic, acoustic, and thermal signals are remotely monitored. Additionally, the project aims to generate intelligence regarding the amount and type of information that can be derived from analog emissions regarding a PLC’s operating parameters, indicating potential vulnerabilities.

Document Details

Document Type

DoD Grant Award

Publication Date

Jan 04, 2017

Source ID

N000141712006

Entities

Tags