Cyber-Mugging: Summary and Analysis of a Simulated ICS/SCADA Attack
ABSTRACT
In a representative Industrial Control System (ICS)/Supervisory Control And Data Acquisition (SCADA) laboratory environment, a simulated cyber attack suggests that an attacker with a low to moderate level of technical proficiency may utilize common, publicly-available tools and techniques to obtain complete control of the ICS environment. The cyber-physical relationship between information systems and industrial machinery has created environments where limited resources may be leveraged to trigger significant physical effects. The feasibility that such an incident has the potential to cause significant disruptive effects directly challenges the current paradigm that state-level resources are required to inflict catastrophic results.
AUTHORS
Information Assurance Directorate, National Security Agency
Patrick DeSantis is an analyst with the National Security Agency (NSA) Information Assurance Directorate (IAD). He now specializes in research of industrial- control-systems’ security vulnerabilities and exploits in support of IAD’s effort to secure National Security Systems and the national critical infrastructure. Mr. DeSantis earned master’s and bachelor’s degrees in Management Information Systems from the University of South Florida and holds numerous professional certifications, including Offensive Security Certified Professional (OSCP) and Certified Information Systems Security Professional (CISSP). Prior to joining NSA, Mr. DeSantis served as a Ranger in the U.S. Army, taught college-level computer science courses, and conducted professional information-security vulnerability assessments and penetration tests.
Published In
Keywords
Journal of Information Warfare
The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.
Quick Links
Archive