Cyber-Mugging: Summary and Analysis of a Simulated ICS/SCADA Attack

ABSTRACT

In a representative Industrial Control System (ICS)/Supervisory Control And Data Acquisition (SCADA) laboratory environment, a simulated cyber attack suggests that an attacker with a low to moderate level of technical proficiency may utilize common, publicly-available tools and techniques to obtain complete control of the ICS environment. The cyber-physical relationship between information systems and industrial machinery has created environments where limited resources may be leveraged to trigger significant physical effects. The feasibility that such an incident has the potential to cause significant disruptive effects directly challenges the current paradigm that state-level resources are required to inflict catastrophic results.


AUTHORS

Information Assurance Directorate, National Security Agency

Patrick DeSantis is an analyst with the National Security Agency (NSA) Information Assurance Directorate (IAD). He now specializes in research of industrial- control-systems’ security vulnerabilities and exploits in support of IAD’s effort to secure National Security Systems and the national critical infrastructure. Mr. DeSantis earned master’s and bachelor’s degrees in Management Information Systems from the University of South Florida and holds numerous professional certifications, including Offensive Security Certified Professional (OSCP) and Certified Information Systems Security Professional (CISSP). Prior to joining NSA, Mr. DeSantis served as a Ranger in the U.S. Army, taught college-level computer science courses, and conducted professional information-security vulnerability assessments and penetration tests.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Keywords

A

AI
APT

C

C2
C2S
CDX
CIA
CIP
CPS

D

DNS
DoD
DoS

I

IA
ICS

M

P

PDA

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455

 757.510.4574

 JIW@ArmisteadTec.com