{"title":"工业控制系统(ICS)设备在互联网上的前景","authors":"W. Xu, Yaodong Tao, Xin Guan","doi":"10.1109/CyberSA.2018.8551422","DOIUrl":null,"url":null,"abstract":"Industrial control systems are employed in numerous critical infrastructure assets. Originally designed for closed systems, these protocols do not have built-in security. If these systems are the target of a cyberattack, it will cause serious damage to the physical world, However, there is an increasing number of ICS devices on the Internet. In order to study the number, distribution and trend of these systems, we analyzed the Censys scanning data for the five protocols of Modbus, Siemens S7, DNP3, BACnet, Tridium Fox. We find that there are still a large number of devices exposed on the Internet, distributed in more than 100 countries around the world, and the overall number of devices has been on the rise in the last two years. Separately, in the past two years, the number of Modbus and Siemens S7 protocol continued to grow rapidly, the number of DNP3 protocol devices has declined, and the number of BACnet and Tridium Fox protocol devices has basically remained unchanged. By analyzing the IP addresses of these devices, we find that some of the devices are continually exposed to the Internet, and some of the devices are temporarily exposed. We also find some Conpot honeypot records in these data.","PeriodicalId":352813,"journal":{"name":"2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":"47 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":"{\"title\":\"The Landscape of Industrial Control Systems (ICS) Devices on the Internet\",\"authors\":\"W. Xu, Yaodong Tao, Xin Guan\",\"doi\":\"10.1109/CyberSA.2018.8551422\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Industrial control systems are employed in numerous critical infrastructure assets. Originally designed for closed systems, these protocols do not have built-in security. If these systems are the target of a cyberattack, it will cause serious damage to the physical world, However, there is an increasing number of ICS devices on the Internet. In order to study the number, distribution and trend of these systems, we analyzed the Censys scanning data for the five protocols of Modbus, Siemens S7, DNP3, BACnet, Tridium Fox. We find that there are still a large number of devices exposed on the Internet, distributed in more than 100 countries around the world, and the overall number of devices has been on the rise in the last two years. Separately, in the past two years, the number of Modbus and Siemens S7 protocol continued to grow rapidly, the number of DNP3 protocol devices has declined, and the number of BACnet and Tridium Fox protocol devices has basically remained unchanged. By analyzing the IP addresses of these devices, we find that some of the devices are continually exposed to the Internet, and some of the devices are temporarily exposed. We also find some Conpot honeypot records in these data.\",\"PeriodicalId\":352813,\"journal\":{\"name\":\"2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)\",\"volume\":\"47 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"13\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CyberSA.2018.8551422\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CyberSA.2018.8551422","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
The Landscape of Industrial Control Systems (ICS) Devices on the Internet
Industrial control systems are employed in numerous critical infrastructure assets. Originally designed for closed systems, these protocols do not have built-in security. If these systems are the target of a cyberattack, it will cause serious damage to the physical world, However, there is an increasing number of ICS devices on the Internet. In order to study the number, distribution and trend of these systems, we analyzed the Censys scanning data for the five protocols of Modbus, Siemens S7, DNP3, BACnet, Tridium Fox. We find that there are still a large number of devices exposed on the Internet, distributed in more than 100 countries around the world, and the overall number of devices has been on the rise in the last two years. Separately, in the past two years, the number of Modbus and Siemens S7 protocol continued to grow rapidly, the number of DNP3 protocol devices has declined, and the number of BACnet and Tridium Fox protocol devices has basically remained unchanged. By analyzing the IP addresses of these devices, we find that some of the devices are continually exposed to the Internet, and some of the devices are temporarily exposed. We also find some Conpot honeypot records in these data.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
