HoneyPLC: A Next-Generation Honeypot for Industrial Control Systems

158121-Thumbnail Image.png
Description
Utilities infrastructure like the electric grid have been the target of more sophisticated cyberattacks designed to disrupt their operation and create social unrest and economical losses. Just in 2016, a cyberattack targeted the Ukrainian power grid and successfully caused

Utilities infrastructure like the electric grid have been the target of more sophisticated cyberattacks designed to disrupt their operation and create social unrest and economical losses. Just in 2016, a cyberattack targeted the Ukrainian power grid and successfully caused a blackout that affected 225,000 customers.

Industrial Control Systems (ICS) are a critical part of this infrastructure. Honeypots are one of the tools that help us capture attack data to better understand new and existing attack methods and strategies. Honeypots are computer systems purposefully left exposed to be broken into. They do not have any inherent value, instead, their value comes when attackers interact with them. However, state-of-the-art honeypots lack sophisticated service simulations required to obtain valuable data.

Worst, they cannot adapt while ICS malware keeps evolving and attacks patterns are increasingly more sophisticated.

This work presents HoneyPLC: A Next-Generation Honeypot for ICS. HoneyPLC is, the very first medium-interaction ICS honeypot, and includes advanced service simulation modeled after S7-300 and S7-1200 Siemens PLCs, which are widely used in real-life ICS infrastructures.

Additionally, HoneyPLC provides much needed extensibility features to prepare for new attack tactics, e.g., exploiting a new vulnerability found in a new PLC model.

HoneyPLC was deployed both in local and public environments, and tested against well-known reconnaissance tools used by attackers such as Nmap and Shodan's Honeyscore. Results show that HoneyPLC is in fact able to fool both tools with a high level of confidence. Also, HoneyPLC recorded high amounts of interesting ICS interactions from all around the globe, proving not only that attackers are in fact targeting ICS systems, but that HoneyPLC provides a higher level of interaction that effectively deceives them.
Date Created
2020
Agent

Ardent Health Aegis

133733-Thumbnail Image.png
Description
The proliferation of interconnected and networked medical devices has resulted in the development of innovative Medical Cyber-Physical Systems (MCPS). MCPS are life-critical, distributed systems that are utilized to monitor and control healthcare organizations in order to provide a more coordinated,

The proliferation of interconnected and networked medical devices has resulted in the development of innovative Medical Cyber-Physical Systems (MCPS). MCPS are life-critical, distributed systems that are utilized to monitor and control healthcare organizations in order to provide a more coordinated, cohesive care-continuum focused on the whole patient resulting in better outcomes, and a happier, healthier patient. Medical Cyber Physical (MCPS) systems are life-critical, networked systems used to monitor and control healthcare and medical devices in order to provide more coordinated and cohesive care for the patient. Cyber-securing MCPS is difficult due to their complex and interconnected nature, and this project sets about analyzing current security requirements for MCPS using an ontology and exploration techniques, and developing a risk assessment and monitoring framework to better secure such systems.
Date Created
2018-05
Agent