PLC Cybersecurity Test Platform Establishment and Cyberattack Practice-Reference-Cited by-同舟云学术

PLC Cybersecurity Test Platform Establishment and Cyberattack Practice

Published:2023-03-01 Issue:5 Volume:12 Page:1195
ISSN:2079-9292
Container-title:Electronics
language:en
Short-container-title:Electronics

Author:

Ramirez Ramiro¹,Chang Chun-Kai²,Liang Shu-Hao²^ORCID

Affiliation:

1. Department of Industrial Engineering and Management, National Taipei University of Technology, Taipei City 106344, Taiwan

2. Graduate Institute of Intelligent Manufacturing Tech, National Taiwan University of Science and Technology, Taipei City 106335, Taiwan

Abstract

Programming logic controllers (PLCs) are vital components for conveyors in production lines, and the sensors and actuators controlled underneath the PLCs represent critical points in the manufacturing process. Attacks targeting the exploitation of PLC vulnerabilities have been on the rise recently. In this study, a PLC test platform aims to analyze the vulnerabilities of a typical industrial setup and perform cyberattack exercises to review the system cybersecurity challenges. The PLC test platform is a sorting machine consisting of an automatic conveyor belt, two Mitsubishi FX5U-32M PLCs, and accessories for material sorting, and Modbus is the selected protocol for data communication. The O.S. on the attacker is Kali ver. 2022.3, runs Nmap and Metasploit to exploit the target Modbus registers. On the other hand, the target host runs the O.S., Ubuntu 22.04 in the cyberattack exercises. The selected attack method for this study is packet reply which can halt operations sending custom data packets to the PLC. In summary, this study provides a basic step-by-step offensive strategy targeting register modification, and the testbed represents a typical industrial environment and its vulnerabilities against cyberattacks with common open-source tools.

Funder

National Science and Technology Council (NSTC) of Taiwan

The Center for Cyber-Physical System Innovation (CPSi), National Taiwan University of Science and Technology (NTUST), Taiwan

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering

Link

https://www.mdpi.com/2079-9292/12/5/1195/pdf

Reference46 articles.

1. Public Safety Canada (2009). National Strategy of Critical Infrastructure, Public Safety Canada.

2. Congress.gov (2001, October 26). H.R.3162-107th Congress (2001–2002): Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT ACT) Act of 2001, Available online: https://www.congress.gov/bill/107th-congress/house-bill/3162.

3. National Institute for Standards and Technology (NSIT) (2018). Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1, NSIT.

4. Trend Micro Inc. (2022). The State of Industrial Cybersecurity, Trend Micro Inc.. Whitepaper, Trend Micro Survey Report.

5. International Telecommunication Union (ITU) (2022). Global Cybersecurity Index 2020, ITU Publications. Whitepaper.

Cited by 6 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Design and Construction of a Portable IoT Station;Sensors;2024-06-25

2. Cyber-Attack detection of Bias Injection Attacks using Extended State Kalman Filters;2023 International Automatic Control Conference (CACS);2023-10-26

3. Design and Research of a Field Bus Control System Laboratory for Metal Mining, Beneficiation and Metallurgy;Processes;2023-09-06

4. Digital Transformation and Cybersecurity Challenges for Businesses Resilience: Issues and Recommendations;Sensors;2023-07-25

5. Security of Programmable Logic Controllers and Related Systems: Today and Tomorrow;IEEE Open Journal of the Industrial Electronics Society;2023