Abstract
This paper investigates vulnerabilities in the University of South Carolina Aiken (USCA) Centre’s IP infrastructure, focusing on ICS/SCADA network security. The study follows a systematic approach, incorporating the CIS (Center for Internet Security) security controls methodology throughout the project phases, including asset identification, vulnerability assessment, risk assessment, and flexibility study. The asset identification phase utilized tools such as Nmap, Maltego and Lansweeper to comprehensively identify and catalog assets within the network. Subsequently, the vulnerability assessment phase employed tools like OpenVAS, Nexpose, Nessus and manual penetration testing to uncover potential weaknesses. The research team then conducted a risk assessment using the FAIR (Factor Analysis of Information Risk) Methodology to quantitatively analyze and prioritize identified risks. In parallel, a flexibility study was undertaken to assess the system’s adaptability to potential threats. Collaborating with the technology service department(TSD), the research team addressed the identified vulnerabilities. This research paper provides a thorough exploration of ICS/SCADA network vulnerabilities, offering insights into the effectiveness of the CIS security controls methodology in enhancing cybersecurity measures.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Samtani, S., Yu, S., Zhu, H., Patton, M., Chen, H.: Identifying SCADA vulnerabilities using passive and active vulnerability assessment techniques. In: 2016 IEEE Conference on Intelligence and Security Informatics (ISI), pp. 25–30. IEEE (2016)
Nankya, M., Chataut, R., Akl, R.: Securing industrial control systems: components, cyber threats, and machine learning-driven defense strategies. Sensors 23(21), 8840 (2023)
Kaura, C., Sindhwani, N., Chaudhary, A.: Analysing the impact of cyber-threat to ICS and SCADA systems. In: 2022 International Mobile and Embedded Technology Conference (MECON), pp. 466–470. IEEE (2022)
Francia III, G. A., Thornton, D., Dawson, J.: Security best practices and risk assessment of SCADA and industrial control systems. In: Proceedings of the international conference on security and management (SAM), p. 1. The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp) (2012)
Shypovskyi, V.: Enhancing the factor analysis of information risk methodology for assessing cyberresilience in critical infrastructure information systems. Polit. Sci. Secur. Stud. J. 4(1), 25–33 (2023)
Christensen, K.K., Petersen, K.L.: Public-private partnerships on cyber security: a practice of loyalty. Int. Aff. 93(6), 1435–1452 (2017)
Tunggal, A.T.: How to Perform a Cybersecurity Risk Assessment. UpGuard (2018). Accessed 19 Oct 2023. https://www.upguard.com/blog/how-to-perform-a-cybersecurity-risk-assessment
Cybersecurity risk assessments. SailPoint (2023). Accessed 19 Oct 2023. https://www.sailpoint.com/identity-library/cybersecurity-risk-assessments/
Stefinko, Y., Piskozub, A., Banakh, R.: Manual and automated penetration testing. Benefits and drawbacks: modern tendency. In: 2016 13th International Conference on Modern Problems of Radio Engineering, Telecommunications and Computer Science (TCSET), pp. 488–491. IEEE (2016)
Alavi, S., Bessler, N., Massoth, M.: A comparative evaluation of automated vulnerability scans versus manual penetration tests on false-negative errors. In: Proceedings of the Third International Conference on Cyber-Technologies and Cyber-Systems, IARIA, Athens, Greece, pp. 18–22 (2018)
Cremer, F., et al.: Cyber risk and cybersecurity: a systematic review of data availability. Geneva Papers Risk Insur.-Issues Pract. 47(3), 698–736 (2022)
Johnston, A.C.: A closer look at organizational cybersecurity research trending topics and limitations. Organ. Cybersecur. J. Pract. Process People 2(2), 124–133 (2022)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Strohmier, H., Londhe, A.R., Clark, C.A., Pawar, R., Kram, B. (2024). Exploring ICS/SCADA Network Vulnerabilities. In: Moallem, A. (eds) HCI for Cybersecurity, Privacy and Trust. HCII 2024. Lecture Notes in Computer Science, vol 14729. Springer, Cham. https://doi.org/10.1007/978-3-031-61382-1_14
Download citation
DOI: https://doi.org/10.1007/978-3-031-61382-1_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-61381-4
Online ISBN: 978-3-031-61382-1
eBook Packages: Computer ScienceComputer Science (R0)