Abstract
The number of networked devices for automation in industrial environments is growing constantly. Therefore, network operators face the task of managing and securing these networks, as attacks and failures in these systems tend to have serious consequences. The decentralized nature of Operational Technology (OT) networks and the usage of legacy network equipment make passive scanning not feasible for device identification. To manage these networks properly, active network scans would be a suitable tool. However, these may influence or damage the fragile industrial devices and the physical processes they control. Nevertheless, device identification and asset management is increasingly important in industrial networks. An understanding of the impact of active scans on those devices is necessary to minimize the risk of negative effects. In this paper, we analyze the impact of five active scanning tools, capable of identifying Industrial Control System (ICS) components, on seven Programmable Logic Controllers (PLCs). Most devices show measurable influences during the scans, these range from few milliseconds to several hundred milliseconds. However, we are also able to show that it is possible to scan PLCs without influences at all, while gathering the required information. The results of the experiments can be used to evaluate the potential risks of these tools and whether or how they should be used in industrial environments.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bou-Harb, E., Debbabi, M., Assi, C.: Cyber scanning: a comprehensive survey. IEEE Commun. Surv. Tutorials 16(3), 1496–1519 (2013)
Bristow, M.: ModScan. https://code.google.com/archive/p/modscan/, Accessed 31 July 2020
Coffey, K., Smith, R., Maglaras, L., Janicke, H.: Vulnerability analysis of network scanning on scada systems. Secur. Commun. Netw. 2018, 1–21 (2018). https://www.hindawi.com/journals/scn/2018/3794603/
Durumeric, Z., Adrian, D., Mirian, A., Bailey, M., Halderman, J.A.: A search engine backed by internet-wide scanning. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 542–553 (2015)
Kalluri, R., Mahendra, L., Kumar, R.S., Prasad, G.G.: Simulation and impact analysis of denial-of-service attacks on power SCADA. In: 2016 National Power Systems Conference (NPSC), pp. 1–5. IEEE (2016)
Ljøsne, M.J.: Network scanning industrial control systems: A vulnerability analysis. Master’s thesis, University of Oslo (2019)
Lyon, G.F.: Nmap network scanning: The official Nmap project guide to network discovery and security scanning. Insecure (2009)
Matherly, J.: The complete guide to shodan: Collect. analyze. visualize. In: Make Internet Intelligence Work for You. Leanpub (2016)
Mohan, V.: IT asset management benefits & best practices. SolarWinds Worldwide LLC White Paper (2013)
Niedermaier, M., von Bodisco, A., Merli, D.: CoRT: a communication robustness testbed for industrial control system components. In: 4th International Conference on Event-Based Control, Communication, and Signal Processing EBCCSP 2018 (2018)
Niedermaier, M., et al.: You snooze, you lose: measuring PLC cycle times under attacks. In: 12th USENIX Workshop on Offensive Technologies (WOOT 18) (2018)
OpenVAS: Open vulnerability assessment system. http://www.openvas.org/, Accessed31 July 2020
PLCScan: PLCScan the internet. http://www.scada.sl/2012/11/plcscan.html, Accessed 31 July 2020
Saleae Inc.: Saleae logic analyzer. https://www.saleae.com/about/, Accessed 31 July 2020
Teixeira, A., Pérez, D., Sandberg, H., Johansson, K.H.: Attack models and scenarios for networked control systems. In: Proceedings of the 1st International Conference on High Confidence Networked Systems, pp. 55–64 (2012)
Wedgbury, A., Jones, K.: Automated asset discovery in industrial control systems - exploring the problem. In: 3rd International Symposium for ICS & SCADA Cyber Security Research 2015 (ICS-CSR 2015), vol. 3, pp. 73–83 (2015)
Wiberg, K.C.: Identifying supervisory control and data acquisition (SCADA) systems on a network via remote reconnaissance. Technical report, Naval Postgraduate School Monterey CA (2006)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Hanka, T., Niedermaier, M., Fischer, F., Kießling, S., Knauer, P., Merli, D. (2021). Impact of Active Scanning Tools for Device Discovery in Industrial Networks. In: Wang, G., Chen, B., Li, W., Di Pietro, R., Yan, X., Han, H. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2020. Lecture Notes in Computer Science(), vol 12383. Springer, Cham. https://doi.org/10.1007/978-3-030-68884-4_46
Download citation
DOI: https://doi.org/10.1007/978-3-030-68884-4_46
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-68883-7
Online ISBN: 978-3-030-68884-4
eBook Packages: Computer ScienceComputer Science (R0)