Critical Infrastructure: You Get What You Pay For

Abstract:

Programmable Logic Controllers (PLCs) have proliferated into multiple commercial sectors,  including  critical  infrastructure  applications.  PLCs  often  manage  resources  that  offer high-impact targets but with a lackadaisical treatment of security—a recipe for trouble. This paper proposes a misuser-driven approach for PLC assessment. The technique is a negativist spin on the user-story-driven software engineering approach of agile development. The paper presents a case study approach by examining a commercially available low-cost PLC; it also highlights the investigational process and describes the specific vulnerabilities uncovered by the process.


AUTHORS

Photo of Gary A. Roth

School of Interdisciplinary Informatics (Cybersecurity) University of Nebraska at Omaha Nebraska,
U.S.

Gary A. Roth is a security analyst at NTT Security and a graduate student in the School of Interdisciplinary Informatics at the University of Nebraska at Omaha. He is pursuing an M.S. in Cybersecurity. He received his B.A.  in Music from the University of Nebraska at Lincoln in 2008 and his B.S. in Cybersecurity from the University of Nebraska at Omaha in 2017. He holds membership in (ISC)2 as an Associate of (ISC)2 working towards CISSP certification and holds the CompTIA Security+ and Splunk Certified User certifications. His research has focused on investigating the security weaknesses of programmable logic controllers through reverse engineering their proprietary networking protocols. Gary is an avid clarinettist, who often performs with concert bands and musical theatre pit orchestras.

Photo of William R Mahoney

School of Interdisciplinary Informatics University of Nebraska at Omaha, Nebraska,
USA

Dr. William R. Mahoney received his B.A. and B.S. degrees from Southern Illinois University, and his M.A. and Ph.D. degrees from the University of Nebraska Lincoln.   He is an Associate Professor in the   College of Information Science and Technology, University of Nebraska at Omaha. His primary research interests include language compilers, hardware and instruction set design, and code generation and optimization, as these topics relate to cybersecurity goals. As such his interests are in areas such as code obfuscation, reverse engineering and anti-reverse engineering techniques, and vulnerability analysis. Industrial control systems are a specific target of these research areas. Prior to working at the Kiewit Institute, Dr. Mahoney worked for 20+ years in the computer design industry, specifically in the areas of embedded computing and real-time operating systems.  During this time, he was also on the part time faculty of the University of Nebraska at Omaha.

Phot of Dr. Matthew L. Hale

School of Interdisciplinary Informatics (Cybersecurity) University of Nebraska at Omaha Nebraska,
U.S.

Dr. Matthew L. Hale is an Assistant Professor of Cybersecurity in the School of Interdisciplinary Informatics at the University of Nebraska at Omaha. He received his PhD in Computer Science from the University of Tulsa in 2014. His dissertation created a framework and interlingua for web service security certification in the cloud. His research interests lie at the intersection of software engineering and security with foci in the areas of building secure web services, evaluating internet of things devices and services, and investigating security problems in the context of human psychology. In his spare time, Dr. Hale enjoys cooking, which he thinks isn't all that different from software engineering (components, connectors, and patterns), disc golfing, and tabletop games.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Media Parner to JIW.

Media Partner

Keywords

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

  • Journal of Information Warfare
    114 Ballard Street
    Yorktown, VA
    23690
  • 757.234.6664
  • jiw@gbpts.com