A critical analysis of the industrial device scanners’ potentials, risks, and preventives

IF 10.4 1区 计算机科学 Q1 COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS
Mohammad Borhani, Gurjot Singh Gaba, Juan Basaez, Ioannis Avgouleas, Andrei Gurtov
{"title":"A critical analysis of the industrial device scanners’ potentials, risks, and preventives","authors":"Mohammad Borhani,&nbsp;Gurjot Singh Gaba,&nbsp;Juan Basaez,&nbsp;Ioannis Avgouleas,&nbsp;Andrei Gurtov","doi":"10.1016/j.jii.2024.100623","DOIUrl":null,"url":null,"abstract":"<div><p>Industrial device scanners allow anyone to scan devices on private networks and the Internet. They were intended as network security tools, but they are commonly exploited as attack tools, as scanning can reveal vulnerable devices. However, from a defensive perspective, this vulnerability disclosure could be used to secure devices if characteristics such as type, model, manufacturer, and firmware could be identified. Automated scanning reports can help to apply security measures before an attacker finds a vulnerability. A complete device recognition procedure can then be seen as the basis for auditing networks and identifying vulnerabilities to mitigate cyber-attacks, especially among Industrial Internet of Things (IIoT) devices that are part of critical systems. In this survey, considering SCADA (Supervisory Control and Data Acquisition) systems as monitoring and control components of essential infrastructure, we focus on analyzing the architectures, specifications, and constraints of several industrial device scanners. In addition, we examine the information revealed by the scanners to identify the threats posed by them on industrial systems and networks. We analyze monthly and yearly statistics of cyber-attack incidents to investigate the role of these scanners in accelerating attacks. By presenting the findings of an experimentation, we highlight how easily anyone could identify hundreds of Internet-connected industrial devices in Sweden, which could lead to a major service interruption in industrial environments designed for minimal human involvement. We also discuss several methods to avoid scanners or reduce their identifying capabilities to conceal industrial devices from unauthorized access.</p></div>","PeriodicalId":55975,"journal":{"name":"Journal of Industrial Information Integration","volume":"41 ","pages":"Article 100623"},"PeriodicalIF":10.4000,"publicationDate":"2024-05-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2452414X24000670/pdfft?md5=e6aee547d6d83a56a1b8f87d3225fa84&pid=1-s2.0-S2452414X24000670-main.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Industrial Information Integration","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2452414X24000670","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS","Score":null,"Total":0}
引用次数: 0

Abstract

Industrial device scanners allow anyone to scan devices on private networks and the Internet. They were intended as network security tools, but they are commonly exploited as attack tools, as scanning can reveal vulnerable devices. However, from a defensive perspective, this vulnerability disclosure could be used to secure devices if characteristics such as type, model, manufacturer, and firmware could be identified. Automated scanning reports can help to apply security measures before an attacker finds a vulnerability. A complete device recognition procedure can then be seen as the basis for auditing networks and identifying vulnerabilities to mitigate cyber-attacks, especially among Industrial Internet of Things (IIoT) devices that are part of critical systems. In this survey, considering SCADA (Supervisory Control and Data Acquisition) systems as monitoring and control components of essential infrastructure, we focus on analyzing the architectures, specifications, and constraints of several industrial device scanners. In addition, we examine the information revealed by the scanners to identify the threats posed by them on industrial systems and networks. We analyze monthly and yearly statistics of cyber-attack incidents to investigate the role of these scanners in accelerating attacks. By presenting the findings of an experimentation, we highlight how easily anyone could identify hundreds of Internet-connected industrial devices in Sweden, which could lead to a major service interruption in industrial environments designed for minimal human involvement. We also discuss several methods to avoid scanners or reduce their identifying capabilities to conceal industrial devices from unauthorized access.

对工业设备扫描仪的潜力、风险和预防措施的重要分析
工业设备扫描仪允许任何人扫描专用网络和互联网上的设备。这些扫描仪原本是作为网络安全工具使用的,但由于扫描可以发现易受攻击的设备,因此它们通常被用作攻击工具。不过,从防御的角度来看,如果可以识别设备的类型、型号、制造商和固件等特征,这种漏洞披露可以用来保护设备的安全。自动扫描报告有助于在攻击者发现漏洞之前采取安全措施。完整的设备识别程序可作为审计网络和识别漏洞的基础,以减少网络攻击,尤其是作为关键系统一部分的工业物联网(IIoT)设备。在本调查中,考虑到 SCADA(监控和数据采集)系统是重要基础设施的监控组件,我们重点分析了几种工业设备扫描仪的架构、规格和限制因素。此外,我们还研究了扫描仪揭示的信息,以确定它们对工业系统和网络构成的威胁。我们分析了网络攻击事件的月度和年度统计数据,以研究这些扫描仪在加速攻击中所起的作用。通过介绍一项实验的结果,我们强调了任何人都能轻易识别瑞典数百台连接互联网的工业设备,这可能会导致为尽量减少人工参与而设计的工业环境中的重大服务中断。我们还讨论了几种避开扫描仪或降低其识别能力的方法,以隐藏工业设备,防止未经授权的访问。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Journal of Industrial Information Integration
Journal of Industrial Information Integration Decision Sciences-Information Systems and Management
CiteScore
22.30
自引率
13.40%
发文量
100
期刊介绍: The Journal of Industrial Information Integration focuses on the industry's transition towards industrial integration and informatization, covering not only hardware and software but also information integration. It serves as a platform for promoting advances in industrial information integration, addressing challenges, issues, and solutions in an interdisciplinary forum for researchers, practitioners, and policy makers. The Journal of Industrial Information Integration welcomes papers on foundational, technical, and practical aspects of industrial information integration, emphasizing the complex and cross-disciplinary topics that arise in industrial integration. Techniques from mathematical science, computer science, computer engineering, electrical and electronic engineering, manufacturing engineering, and engineering management are crucial in this context.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信