When will my PLC support Mirai? The security economics of large-scale attacks against internet-connected ICS devices

Michael Dodson, Alastair R. Beresford, Daniel R. Thomas

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

Abstract

For nearly a decade, security researchers have highlighted the grave risk presented by Internet-connected Industrial Control Systems (ICS). Predictions of targeted and indiscriminate attacks have yet to materialise despite continued growth of a vulnerable population of devices. We investigate the missing attacks against ICS, focusing on large-scale attacks enabled by Internet-connected populations. We fingerprint and track more than 10,000 devices over four years to confirm that the population is growing, continuously-connected, and unpatched. We also track 150,000 botnet hosts, monitor 120 global ICS honeypots, and sift 70 million underground forum posts to show that the cybercrime community has little competence or interest in the ICS domain. Attackers may be dissuaded by the high cost of entry, the fragmented ICS population, and limited onboard resources; however, this justification is incomplete. We use a series of case studies to develop a security economics model for large-scale attacks against Internet-connected populations in general, and use it to explain both the current lack of interest in ICS and the features of Industry 4.0 that will make the domain more accessible and attractive to attackers.
Original languageEnglish
Title of host publication2020 APWG Symposium on Electronic Crime Research (eCrime)
Place of PublicationPiscataway, N.J.
PublisherIEEE
Number of pages14
Publication statusAccepted/In press - 21 Aug 2020
EventAPWG Symposium on Electronic Crime Research - Online
Duration: 16 Nov 202019 Nov 2020
https://apwg.org/ecrime2020/

Conference

ConferenceAPWG Symposium on Electronic Crime Research
Abbreviated titleeCrime 2020
Period16/11/2019/11/20
Internet address

Keywords

  • ICS
  • industrial control systems
  • internet scanning
  • underground forums
  • cybercrime
  • security economics

Fingerprint Dive into the research topics of 'When will my PLC support Mirai? The security economics of large-scale attacks against internet-connected ICS devices'. Together they form a unique fingerprint.

Cite this