Abstract
Programmable logic controllers are key components of industrial control systems that are used across the critical infrastructure. The infamous Stuxnet malware attacked programmable logic controllers that managed uranium hexafluoride centrifuges in Iran’s Natanz facility, causing the centrifuges to operate outside their designed limits while leading plant operators to believe all was well. This attack and others have rendered the task of securing programmable logic controllers an important problem. Most research in the area has focused on network-level intrusion detection and protection mechanisms. Few research efforts have specifically considered threats to the internal networks of industrial control systems, which include connections from the computer platforms that manage programmable logic controllers. This chapter analyzes the threats to the internal environment of an elevator control system that engages a Siemens programmable logic controller. Several approaches for mitigating the threats are presented.
Chapter PDF
Similar content being viewed by others
References
S. Abe, M. Fujimoto, S. Horata, Y. Uchida and T. Mitsunaga, Security threats of Internet-reachable ICSs, Proceedings of the Fifty-Fifth Annual Conference of the Society of Instrument and Control Engineers of Japan, pp. 750–755, 2016.
D. Beresford, Exploiting Siemens Simatic S7 PLCs, presented at Black Hat USA, 2011.
A. Cardenas, T. Roosta and S. Sastry, Rethinking security properties, threat models and the design space in sensor networks: A case study in SCADA systems, Ad Hoc Networks, vol. 7(8), pp. 1434–1447, 2009.
F. Cohen, A reference architecture approach to ICS security, Proceedings of the Fourth International Symposium on Resilient Control Systems, pp. 21–25, 2011.
B. Ghena, W. Beyer, A. Hillaker, J. Pevarnek and J. Haldeman, Green lights forever: Analyzing the security of traffic infrastructure, Proceedings of the Eighth USENIX Workshop on Offensive Technologies, 2014.
D. Hadziosmanovic, D. Bolzoni, S. Etalle and P. Hartel, Challenges and opportunities in securing industrial control systems, Proceedings of the Workshop on Complexity in Engineering, 2012.
P. Jie and L. Li, Industrial control system security, Proceedings of the International Conference on Intelligent Human-Machine Systems and Cybernetics, vol. 2, pp. 156–158, 2011.
E. Korkmaz, A. Dolgikh, M. Davis and V. Skormin, ICS security testbed with delay attack case study, Proceedings of the IEEE Military Communications Conference, pp. 283–288, 2016.
M. Krotofil and D. Gollmann, Industrial control systems security: What is happening? Proceedings of the Eleventh IEEE International Conference on Industrial Informatics, pp. 670–675, 2013.
J. Malchow, D. Marzin, J. Klick, R. Kovacs and V. Roth, PLC Guard: A practical defense against attacks on cyber-physical systems, Proceedings of the IEEE Conference on Communications and Network Security, pp. 326–334, 2015.
S. McLaughlin and S. Zonouz, Controller-aware false data injection against programmable logic controllers, Proceedings of the IEEE International Conference on Smart Grid Communications, pp. 848–853, 2014.
T. Miyachi and T. Yamada, Current issues and challenges on cyber security for industrial automation and control systems, Proceedings of the SICE Annual Conference, pp. 821–826, 2014.
Y. Mo and B. Sinopoli, False data injection attacks in control systems, presented at the First Workshop on Secure Control Systems, 2010.
R. Piggin, Emerging good practice for cyber security of industrial control systems and SCADA, Proceedings of the Seventh IET International Conference on System Safety, 2012.
T. Spyridopoulos, T. Tryfonas and J. May, Incident analysis and digital forensics in SCADA and industrial control systems, Proceedings of the Eighth IET International System Safety Conference, 2013.
A. Timorin, SCADA deep inside: Protocols and security mechanisms, presented at the Balkan Computer Congress, 2014.
D. Wei and K. Ji, Resilient industrial control system (RICS): Concepts, formulation, metrics and insights, Proceedings of the Third International Symposium on Resilient Control Systems, pp. 15–22, 2010.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 IFIP International Federation for Information Processing
About this paper
Cite this paper
Chan, R., Chow, KP. (2017). THREAT ANALYSIS OF AN ELEVATOR CONTROL SYSTEM. In: Rice, M., Shenoi, S. (eds) Critical Infrastructure Protection XI. ICCIP 2017. IFIP Advances in Information and Communication Technology, vol 512. Springer, Cham. https://doi.org/10.1007/978-3-319-70395-4_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-70395-4_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-70394-7
Online ISBN: 978-3-319-70395-4
eBook Packages: Computer ScienceComputer Science (R0)