When will my PLC support Mirai? The security economics of large-scale attacks against internet-connected ICS devices

Dodson, Michael and Beresford, Alastair R. and Thomas, Daniel R.; (2021) When will my PLC support Mirai? The security economics of large-scale attacks against internet-connected ICS devices. In: Proceedings of the 2020 APWG Symposium on Electronic Crime Research, eCrime 2020. eCrime Researchers Summit, eCrime . IEEE, Piscataway, N.J.. ISBN 9781665425391 (https://doi.org/10.1109/eCrime51433.2020.9493257)

[thumbnail of Dodson-etal-APWG-eCrime-2020-When-will-my-PLC-support-Mirai-the-security-economics-of-large-scale-attacks]
Preview
 Text. Filename: Dodson_etal_APWG_eCrime_2020_When_will_my_PLC_support_Mirai_the_security_economics_of_large_scale_attacks.pdf
Accepted Author Manuscript
Download (176kB)| Preview

Abstract

For nearly a decade, security researchers have highlighted the grave risk presented by Internet-connected Industrial Control Systems (ICS). Predictions of targeted and indiscriminate attacks have yet to materialise despite continued growth of a vulnerable population of devices. We investigate the missing attacks against ICS, focusing on large-scale attacks enabled by Internet-connected populations. We fingerprint and track more than 10,000 devices over four years to confirm that the population is growing, continuously-connected, and unpatched. We also track 150,000 botnet hosts, monitor 120 global ICS honeypots, and sift 70 million underground forum posts to show that the cybercrime community has little competence or interest in the ICS domain. Attackers may be dissuaded by the high cost of entry, the fragmented ICS population, and limited onboard resources; however, this justification is incomplete. We use a series of case studies to develop a security economics model for large-scale attacks against Internet-connected populations in general, and use it to explain both the current lack of interest in ICS and the features of Industry 4.0 that will make the domain more accessible and attractive to attackers.

ORCID iDs

Dodson, Michael, Beresford, Alastair R. and Thomas, Daniel R. ORCID logoORCID: https://orcid.org/0000-0001-8936-0683;
  • Item type:Book Section
    ID code:75272
    Dates:
    Date
    Event
    27 July 2021
    Published
    16 November 2020
    Published Online
    21 August 2020
    Accepted
    Notes:© 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting /republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
    Subjects:Science > Mathematics > Electronic computers. Computer science
    Department:Faculty of Science > Computer and Information Sciences
    Depositing user: Pure Administrator
    Date deposited:03 Feb 2021 12:45
    Last modified:11 Nov 2024 15:23
    Related URLs:
    URI:https://strathprints.strath.ac.uk/id/eprint/75272
CORE (COnnecting REpositories)