Don't get stung, cover your ICS in honey: How do honeypots fit within industrial control system security. Issue 114 (March 2022)
- Record Type:
- Journal Article
- Title:
- Don't get stung, cover your ICS in honey: How do honeypots fit within industrial control system security. Issue 114 (March 2022)
- Main Title:
- Don't get stung, cover your ICS in honey: How do honeypots fit within industrial control system security
- Authors:
- Maesschalck, Sam
Giotsas, Vasileios
Green, Benjamin
Race, Nicholas - Abstract:
- Abstract: The advent of Industry 4.0 and smart manufacturing has led to an increased convergence of traditional manufacturing and production technologies with IP communications. Legacy Industrial Control System (ICS) devices, now interconnected via public networks, are exposed to a wide range of previously unconsidered threats, which must be considered to ensure the continued safe operation of industrial processes. This paper surveys the ICS honeypot deployments in the literature to date, provides an overview of ICS focused threat vectors, and studies how honeypots can be integrated within an organisations defensive strategy. We discuss relevant legislation, such as the UK Cyber Assessment Framework, the US NIST Framework for Improving Critical Infrastructure Cybersecurity, and associated industry-based standards and guidelines supporting operator compliance. This is used to frame a discussion on our survey of existing ICS honeypot implementations, and the role of honeypots in supporting regulatory objectives. We observe that many low-interaction honeypots are limited in their use. This is largely due to the increased knowledge attackers have on how real-world ICS devices are configured and operate vs the configurability of simulated honeypot systems. Furthermore, we find that environments with increased interaction provide more extensive capabilities and value, due to their inherent obfuscation delivered through the use of real-world systems. Based on these insights, weAbstract: The advent of Industry 4.0 and smart manufacturing has led to an increased convergence of traditional manufacturing and production technologies with IP communications. Legacy Industrial Control System (ICS) devices, now interconnected via public networks, are exposed to a wide range of previously unconsidered threats, which must be considered to ensure the continued safe operation of industrial processes. This paper surveys the ICS honeypot deployments in the literature to date, provides an overview of ICS focused threat vectors, and studies how honeypots can be integrated within an organisations defensive strategy. We discuss relevant legislation, such as the UK Cyber Assessment Framework, the US NIST Framework for Improving Critical Infrastructure Cybersecurity, and associated industry-based standards and guidelines supporting operator compliance. This is used to frame a discussion on our survey of existing ICS honeypot implementations, and the role of honeypots in supporting regulatory objectives. We observe that many low-interaction honeypots are limited in their use. This is largely due to the increased knowledge attackers have on how real-world ICS devices are configured and operate vs the configurability of simulated honeypot systems. Furthermore, we find that environments with increased interaction provide more extensive capabilities and value, due to their inherent obfuscation delivered through the use of real-world systems. Based on these insights, we propose a novel framework towards the classification and implementation of ICS honeypots. … (more)
- Is Part Of:
- Computers & security. Issue 114(2022)
- Journal:
- Computers & security
- Issue:
- Issue 114(2022)
- Issue Display:
- Volume 114, Issue 114 (2022)
- Year:
- 2022
- Volume:
- 114
- Issue:
- 114
- Issue Sort Value:
- 2022-0114-0114-0000
- Page Start:
- Page End:
- Publication Date:
- 2022-03
- Subjects:
- Honeypots -- Industrial control systems -- ICS -- Malware -- Security -- Critical infrastructure
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2021.102598 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 20630.xml