Skip to main content
SpringerLink
Log in

Getting Security Objectives Wrong: A Cautionary Tale of an Industrial Control System (Transcript of Discussion)

  • Conference paper
  • First Online:
Security Protocols XXV (Security Protocols 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10476))

Included in the following conference series:

Abstract

Simon Foley: This is work that evolved by accident. Last year I started a project on industrial control system security, and by way of educating myself about the kinds of things that can go wrong, I used Shodan to search for an existing Industrial Control System connected to the Internet. I gave my first version of this talk in March 2016, and have given it a couple of times in the interim. Each time I prepared for the talk, I revisited the ICS, and each time its configuration had changed. This talk is what I learned from that experience.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Shodan reported other services available, including PPTP and CWMP, and the reader of this transcript is directed to Sect. 2 of the associated paper for further details. In short, it illustrates that security is not as simple as ensuring that just one objective is met.

  2. 2.

    A cartoon entitled The Professor’s invention for peeling potatoes by Heath Robinson.

  3. 3.

    On being alerted to this issue, the advice was removed from the Manufacturer’s website.

  4. 4.

    The reader of this transcript can find the account of these changes and their security implications in Sect. 4 of the accompanying paper; they provide the tale on how difficult it can be to get multiple security objectives right.

Author information

Authors and Affiliations

  1. IMT Atlantique, LabSTICC, Université Bretagne Loire, Rennes, France

    Simon N. Foley

Authors
  1. Simon N. Foley
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Simon N. Foley .

Editor information

Editors and Affiliations

  1. University of Cambridge, Cambridge, United Kingdom

    Frank Stajano

  2. Memorial University of Newfoundland, St. John’s, Newfoundland and Labrador, Canada

    Jonathan Anderson

  3. University of Hertfordshire, Hatfield, United Kingdom

    Bruce Christianson

  4. Masaryk University, Brno, Czech Republic

    Vashek Matyáš

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Foley, S.N. (2017). Getting Security Objectives Wrong: A Cautionary Tale of an Industrial Control System (Transcript of Discussion). In: Stajano, F., Anderson, J., Christianson, B., Matyáš, V. (eds) Security Protocols XXV. Security Protocols 2017. Lecture Notes in Computer Science(), vol 10476. Springer, Cham. https://doi.org/10.1007/978-3-319-71075-4_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-71075-4_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-71074-7

  • Online ISBN: 978-3-319-71075-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation