An Analysis of Adversary-Centric Security Testing within Information and Operational Technology Environments-Reference-Cited by-同舟云学术

An Analysis of Adversary-Centric Security Testing within Information and Operational Technology Environments

Published:2023-03-31 Issue:1 Volume:4 Page:1-29
ISSN:2692-1626
Container-title:Digital Threats: Research and Practice
language:en
Short-container-title:Digital Threats

Author:

Staves Alexander¹,Gouglidis Antonios¹,Hutchison David¹

Affiliation:

1. Lancaster University, United Kingdom

Abstract

Assurance techniques such as adversary-centric security testing are an essential part of the risk assessment process for improving risk mitigation and response capabilities against cyber attacks. While the use of these techniques, including vulnerability assessments, penetration tests, and red team engagements, is well established within Information Technology (IT) environments, there are challenges to conducting these within Operational Technology (OT) environments, often due to the critical nature of the OT system. In this article, we provide an analysis of the technical differences between IT and OT from an asset management perspective. This analysis provides a base for identifying how these differences affect the phases of adversary-centric security tests within industrial environments. We then evaluate these findings by using adversary-centric security testing techniques on an industrial control system testbed. Results from this work demonstrate that while legacy OT is highly susceptible to disruption during adversary-centric security testing, modern OT that uses better hardware and more optimised software is significantly more resilient to tools and techniques used for security testing. Clear requirements can, therefore, be identified for ensuring appropriate adversary-centric security testing within OT environments by quantifying the risks that the tools and techniques used during such engagements present to the operational process.

Publisher

Association for Computing Machinery (ACM)

Subject

Computer Networks and Communications,Computer Science Applications,Hardware and Architecture,Safety Research,Information Systems,Software

Link

https://dl.acm.org/doi/pdf/10.1145/3569958

Reference93 articles.

1. IEEE Standard for Electric Power Systems Communications -- Distributed Network Protocol (DNP3)

2. AboutSSL. History of the Internet—An Invention That Changed the World. (June 2021). Retrieved June 30 2021 from https://aboutssl.org/history-of-the-internet/.

3. Rob Antrobus, Sylvain Frey, Benjamin Green, and Awais Rashid. 2016. SimaticScan: Towards A Specialised Vulnerability Scanner for Industrial Control Systems. Technical Report.

4. Michael Assant and Robert Lee. 2015. The Industrial Control System Cyber Kill Chain. Technical Report. SANS Institute. Last Accessed: 03-21-2022.

5. Liron Benbenishti. 2017. SCADA MODBUS Protocol Vulnerabilities. (September 2021). Retrieved September 15 2021 from https://bit.ly/3nEeYy6.

Cited by 4 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Interdisciplinary Approaches to Cybervulnerability Impact Assessment for Energy Critical Infrastructure;Proceedings of the CHI Conference on Human Factors in Computing Systems;2024-05-11

2. Leveraging Digital Twin Technology for Enhanced Cybersecurity in Cyber–Physical Production Systems;Future Internet;2024-04-17

3. Detection of Smartphone Permissioned Security Breaches using Machine Learning Techniques;2023 World Conference on Communication & Computing (WCONF);2023-07-14

4. Performance Evaluation of Machine Learning Algorithms for Website Defacement Attack Detection;2023 International Conference on Smart Systems for applications in Electrical Sciences (ICSSES);2023-07-07