Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
139 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
46 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Threat Analysis of Industrial Internet of Things Devices (2405.16314v1)

Published 25 May 2024 in cs.CR

Abstract: As part of the Internet of Things, industrial devices are now also connected to cloud services. However, the connection to the Internet increases the risks for Industrial Control Systems. Therefore, a threat analysis is essential for these devices. In this paper, we examine Industrial Internet of Things devices, identify and rank different sources of threats and describe common threats and vulnerabilities. Finally, we recommend a procedure to carry out a threat analysis on these devices.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (30)
  1. M. Hung, “Leading the IoT: Gartner Insights on How to Lead in a Connected World,” Gartner, White Paper, 2017.
  2. IDC Corporate USA, “The Growth in Connected IoT Devices Is Expected to Generate 79.4ZB of Data in 2025, According to a New IDC Forecast,” June 18th, 2019. [Online]. Available: https://www.idc.com/getdoc.jsp?containerId=prUS45213219 [accessed: 2020-08-25]
  3. F-Secure, “Attack Landscape H1 2019,” 2019. [Online]. Available: https://blog-assets.f-secure.com/wp-content/uploads/2019/09/12093807/2019_attack_landscape_report.pdf [accessed: 2020-08-25]
  4. J. Santagate, R. Glaisner, and R. Westervelt, “Operational Cybersecurity for Digitized Manufacturing: Emerging Approaches for the Converged Physical-Virtual Environment,” IDC, 2019. [Online]. Available: https://www.fortinet.com/content/dam/fortinet/assets/white-papers/wp-idc-operational-cybersecurity-for-digitized-manufacturing.pdf [accessed: 2020-08-25]
  5. A. Greenberg, “A Notorious Iranian Hacking Crew Is Targeting Industrial Control Systems,” Wired, November 20th, 2019. [Online]. Available: https://wired.com/story/iran-apt33-industrial-control-systems/ [accessed: 2020-08-25]
  6. B. Bostami, M. Ahmed, and S. Choudhury, “False Data Injection Attacks in Internet of Things,” in Performability in Internet of Things, F. Al-Turjman, Ed. Cham: Springer International Publishing, 2019, pp. 47–58.
  7. B. Dorsemaine, J.-P. Gaulier, J.-P. Wary, N. Kheir, and P. Urien, “Internet of Things: A Definition & Taxonomy,” in 2015 9th International Conference on Next Generation Mobile Applications, Services and Technologies, Cambridge, United Kingdom, 2015, pp. 72–77.
  8. E. Sisinni, A. Saifullah, S. Han, U. Jennehag, and M. Gidlund, “Industrial Internet of Things: Challenges, Opportunities, and Directions,” IEEE Trans. Ind. Inf., vol. 14, no. 11, pp. 4724–4734, Nov. 2018, DOI: 10.1109/TII.2018.2852491.
  9. A. Hahn, “Operational Technology and Information Technology in Industrial Control Systems,” in Cyber-security of SCADA and Other Industrial Control Systems, 2016, pp. 51–68, DOI: 10.1007/978-3-319-32125-7_4.
  10. Symantec, “Internet of Things: Protecting Against Industrial Cyber Attacks,” 2018. [Online]. Available: https://www.symantec.com/content/dam/symantec/docs/brochures/internet-of-things-protecting-against-industrial-cyber-attacks-en.pdf [accessed: 2020-08-25]
  11. H. P. Breivold, “A Survey and Analysis of Reference Architectures for the Internet-of-things,” in The Twelfth International Conference on Software Engineering Advances, 2017, pp. 132-138.
  12. M. Abomhara and G. M. Køien, “Cyber security and the internet of things: Vulnerabilities, threats, intruders and attacks,” Journal of Cyber Security and Mobility, vol. 4, no. 1, pp. 65–88, 2015.
  13. J. Wurm, K. Hoang, O. Arias, A. Sadeghi, and Y. Jin, “Security analysis on consumer and industrial IoT devices,” 2016 21st Asia and South Pacific Design Automation Conference (ASP-DAC), Macau, 2016, pp. 519-524, DOI: 10.1109/ASPDAC.2016.7428064.
  14. E. Nakashima and J. Warrick, “Stuxnet was work of U.S. and Israeli experts, officials say,” The Washington Post, June 2nd, 2012. [Online]. Available: https://www.washingtonpost.com/world/national-security/stuxnet-was-work-of-us-and-israeli-experts-officials-say/2012/06/01/gJQAlnEy6U_story.html [accessed: 2020-08-25]
  15. R. Lee, M. Assante, and T. Conway, “Analysis of the Cyber Attack on the Ukrainian Power Grid,” E-ISAC, 2016. [Online]. Available: https://ics.sans.org/media/E-ISAC_SANS_Ukraine_DUC_5.pdf [accessed: 2020-08-25]
  16. H. Tanriverdi, S. Eckert, J. Strozyk, M. Zierer, and R. Ciesielski, “Attacking the Heart of the German Industry,” BR, July 24th, 2019. [Online]. Available: https://web.br.de/interaktiv/winnti/english/ [accessed: 2020-08-25]
  17. A. Greenberg, “Mysterious New Ransomware Targets Industrial Control Systems,” Wired, February 3rd, 2020. [Online]. Available: https://wired.com/story/ekans-ransomware-industrial-control-systems/ [accessed: 2020-08-25]
  18. C. Cimpanu, “A decade of malware: Top botnets of the 2010s,” Wired, December 3rd, 2019. [Online]. Available: https://www.zdnet.com/article/a-decade-of-malware-top-botnets-of-the-2010s/ [accessed: 2020-08-25]
  19. S. Sin, E. Asiamah, L. Blackerby, and R. Washburn, “Determining Extremist Organisations’ Likelihood of Conducting Cyber Attacks,” presented at the 8th International Conference on Cyber Conflict, Tallinn, 2016.
  20. Ponemon Institute, “2018 Cost of Insider Threats: Global,” April, 2018. [Online]. Available: https://153j3ttjub71nfe89mc7r5gb-wpengine.netdna-ssl.com/wp-content/uploads/2018/04/ObserveIT-Insider-Threat-Global-Report-FINAL.pdf [accessed: 2020-08-25]
  21. Siemens, “Caught in the Crosshairs: Are Utilities Keeping Up with the Industrial Cyber Threat?,” 2019. [Online]. Available: https://assets.new.siemens.com/siemens/assets/api/uuid:35089d45-e1c2-4b8b-b4e9-7ce8cae81eaa/version:1572434569/siemens-cybersecurity.pdf [accessed: 2020-08-25]
  22. U.S. Department of the Interior Office of Inspector General, “U.S. Bureau of Reclamation Selected Hydropower Dams at Increased Risk from Insider Threats,” June, 2018. [Online]. Available: https://www.hsdl.org/?view&did=829751 [accessed: 2020-08-25]
  23. K. Fazzini, “Rising Hacktivist Attacks Take Companies By Surprise,” Dow Jones, April 4th, 2017. [Online]. Available: https://dowjones.com/insights/rising-hacktivist-attacks-take-companies-surprise/ [accessed: 2020-08-25]
  24. radware, “’BrickerBot’ Results In PDoS Attack,” 2018. [Online]. Available: https://security.radware.com/ddos-threats-attacks/brickerbot-pdos-permanent-denial-of-service/ [accessed: 2020-08-25]
  25. S. Miller, N. Brubaker, D. Kapellmann Zafra, and D. Caban, “TRITON Actor TTP Profile, Custom Attack Tools, Detections, and ATT&CK Mapping,” FireEye, April 10th, 2019. [Online]. Available: https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html [accessed: 2020-08-25]
  26. A. Cherepanov and R. Lipovsky, “Industroyer: Biggest threat to industrial control systems since Stuxnet,” welivesecurity, June 12th, 2017. [Online]. Available: https://www.welivesecurity.com/2017/06/12/industroyer-biggest-threat-industrial-control-systems-since-stuxnet/ [accessed: 2020-08-25]
  27. Cybersecurity and Infrastructure Security Agency (CISA), “Ransomware Impacting Pipeline Operations,” February 18th, 2020. [Online]. Available: https://www.us-cert.gov/ncas/alerts/aa20-049a [accessed: 2020-08-25]
  28. Kaspersky, “Kaspersky Lab discovers critical vulnerabilities in popular industrial protocol, affecting products from multiple vendors,” May 10th, 2018. [Online]. Available: https://www.kaspersky.com/about/press-releases/2018_kaspersky-lab-discovers-critical-vulnerabilities-in-popular-industrial-protocol [accessed: 2020-08-25]
  29. OWASP, “OWASP Top 10 - 2017,” 2017. [Online]. Available: https://owasp.org/www-pdf-archive/OWASP_Top_10-2017_(en).pdf.pdf [accessed: 2020-08-25]
  30. M. Kol and S. Oberman, “Ripple20,” JSOF, White Paper, 2020. [Online]. Available: https://www.jsof-tech.com/wp-content/uploads/2020/06/JSOF_Ripple20_Technical_Whitepaper_June20.pdf [accessed: 2020-08-25]
Citations (8)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets