A Comprehensive Security Analysis of a SCADA Protocol: from OSINT to Mitigation

Authors

Abstract

It is an established fact that the security of Industrial Automation and Control Systems (IACS) strongly depends on the robustness of the underlying SCADA network protocols (amongst other factors). This becomes especially evident when considering the extent to which certain protocols, designed with poor or nonexistent security mechanisms, have led to a considerable number of past incident reports affecting Critical Infrastructures and Essential Services. Considering the current situation, it is rather obvious why the proper auditing and analysis of SCADA protocols is considered key when it comes to design and/or protect IACS infrastructures. But while the security of some protocols such as Modbus or DNP3 has already been extensively analysed, the same cannot be said for other protocols and technologies being used in the same domain, that have not received the same amount of attention. In this paper we provide a comprehensive security analysis of the PCOM SCADA protocol, including a dissection of PCOM, a demonstration of several attacks scenarios on PCOM-based systems, and also an analysis of possible mitigation strategies against these potential attacks. Moreover, this paper also describes a number of open-source tools we developed for further analysis and research of PCOM security aspects, including a PCOM Wireshark dissector, a Nmap NSE PCOM scan, multiple Metasploit PCOM modules, a set of Snort PCOM rules, and several network traffic datasets containing multiple samples of different types of PCOM operations.

Keywords

SCADA , Security , PCOM , ICS , IACS

Related Project

H2020 ATENA (Advanced Tools to assEss and mitigate the criticality of ICT compoNents and their dependencies over Critical InfrAstructures)

Journal

IEEE Access (Open Access), March 2019

DOI