Abstract

The paper investigates cyber threats and potential solutions for protecting industrial control systems (ICS). On the cyber threats side, different <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">off-the-shelf</i> offensive solutions, both hardware and software, are analysed and tested. The goal of the paper is to increase cyber threat awareness by showing how such <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">off-the-shelf</i> solutions, well known to IT security experts, can be utilised as (or inspire) attack vectors to gain access to generally unprotected industrial plants. After obtaining an accessing point, Man-in-the-Middle (MITM) and Legal-Client-to-Server (LCSA) types of attacks from reconnaissance, client-to-server and server-to-client categories are demonstrated. For this purpose, a Modbus communication protocol implemented in a real compressor station is used as basis. Regarding potential protection solutions, the paper proposes a simple-to-implement and cheap hardening methodology applicable inside almost any industrial plant. A novel, PLC-based ICS cyber security protection method, made of a signal validity monitoring mechanism and a control system integrity check mechanism is also discussed and demonstrated. Both penetration testing and hardening methodology are verified experimentally, using real PLC and HMI devices.