Don’t get stung, cover your ICS in honey: How do honeypots fit within industrial control system security

Maesschalck, Sam; Giotsas, Vasileios; Green, Ben; Race, Nicholas

doi:10.1016/j.cose.2021.102598

Cited by 31 publications

(5 citation statements)

References 43 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The structure and high-level overview of controls were found to be adequate; however, areas concerning practical implementation require further development. The parent documents of the reviewed standards are mostly IT-focused or do not cover the applicability or implementation of novel security approaches, such as honeypots [33], for OT environments.…”

Section: Discussionmentioning

confidence: 99%

Learning to Walk: Towards Assessing the Maturity of OT Security Control Standards and Guidelines

Staves

Maesschalck

Derbyshire³

et al. 2023

2023 IFIP Networking Conference (IFIP Networking)

Self Cite

View full text Add to dashboard Cite

The convergence of IT and OT has presented OT environments with several challenges, such as increasing the attack surface of its real time systems to include more commonplace enterprise vulnerabilities. As OT is used across heavily regulated sectors, including water and nuclear, many standards and guidelines are available to these sectors, providing them with assistance towards continued improvements from a cyber security perspective. However, these standards and guidelines are not always as mature as their IT counterparts. This paper proposes a model to benchmark the maturity of OT focused standards and guidelines, which we then use to analyse seven commonly adopted resources. Based on this analysis, we find that these OT standards and guidelines do not always provide in-depth implementation guidance, and often refer instead to IT standards and guidelines for more information. Improvements are urgently needed in security and risk mitigation for interconnected OT and IT systems, as security controls in OT are typically reappropriated IT controls. To help achieve this goal, OT standards must mature further.

show abstract

Section: Discussionmentioning

confidence: 99%

Learning to Walk: Towards Assessing the Maturity of OT Security Control Standards and Guidelines

Staves

Maesschalck

Derbyshire³

et al. 2023

2023 IFIP Networking Conference (IFIP Networking)

Self Cite

View full text Add to dashboard Cite

show abstract

“…Within the paper, there is an overview of many attacks involving critical infrastructure, their impact, and how they have evolved over the years. Although there is a lot of regulation within this space related to the security of these systems (Maesschalck et al, 2022), these have not stopped nation-states or nonstate actors from infiltrating the systems. Dealing with nation-state threat actors requires a different approach than other threat actors (Derbyshire et al, 2021(Derbyshire et al, , 2018, and the cooperation of states on this is crucial as they can work toward the identification of these actors by collaborating on investigations.…”

Section: International Security and Cyberspacementioning

confidence: 99%

Gentlemen, you can't fight in here. Or can you?: How cyberspace operations impact international security

Maesschalck

2024

World Affairs

Self Cite

View full text Add to dashboard Cite

The military now views cyberspace as a new warfare domain, with constant cyber operations potentially causing significant consequences. Internationally, countries are heavily involved in cyberspace, but international law lags behind this evolution, raising questions about its application and retaliation measures. This article investigates international law in cyberspace and cyber operations in warfare and terrorism, exploring recent calls for increased legislation. The impact of cyberspace nonregulation on international security is examined from both positive and negative perspectives. It argues that solving anonymity and attribution issues requires state collaboration, with an initial step of cooperation against cyber‐terrorism. The conclusion emphasizes the necessity of cyberspace regulation and legislation for international and national security, offering a starting point for discussion.

show abstract

“…The proposed framework architecture actively detects and mitigates threats as it contains multiple components in terms of security tools that may keep the network safe, such as a firewall [ 44 ], an AI-based IDS, and a specific type of IDS called a honeypot [ 45 ]. The honeypot mechanism relies on deception and diversion methods for detection and prevention to deflect and reroute the attackers by luring and entrapping them inside a heterogeneous environment that mimics the real network traffic [ 46 ]. In addition to providing existing vulnerabilities and exploits inside the simulated environment that entice the attacker by weakened systems to latch on and enable the monitoring and studying of the behavior of the malicious actors by capturing their activities for intelligence gathering and fore-sighting future risks and newly developed cyberattack patterns [ 47 ].…”

Section: Ids Architecturementioning

confidence: 99%

Security Analysis for Smart Healthcare Systems

Ibrahim,

Al-Wadi,

Elhafiz

2024

Sensors

View full text Add to dashboard Cite

The healthcare industry went through reformation by integrating the Internet of Medical Things (IoMT) to enable data harnessing by transmission mediums from different devices, about patients to healthcare staff devices, for further analysis through cloud-based servers for proper diagnosis of patients, yielding efficient and accurate results. However, IoMT technology is accompanied by a set of drawbacks in terms of security risks and vulnerabilities, such as violating and exposing patients’ sensitive and confidential data. Further, the network traffic data is prone to interception attacks caused by a wireless type of communication and alteration of data, which could cause unwanted outcomes. The advocated scheme provides insight into a robust Intrusion Detection System (IDS) for IoMT networks. It leverages a honeypot to divert attackers away from critical systems, reducing the attack surface. Additionally, the IDS employs an ensemble method combining Logistic Regression and K-Nearest Neighbor algorithms. This approach harnesses the strengths of both algorithms to improve attack detection accuracy and robustness. This work analyzes the impact, performance, accuracy, and precision outcomes of the used model on two IoMT-related datasets which contain multiple attack types such as Man-In-The-Middle (MITM), Data Injection, and Distributed Denial of Services (DDOS). The yielded results showed that the proposed ensemble method was effective in detecting intrusion attempts and classifying them as attacks or normal network traffic, with a high accuracy of 92.5% for the first dataset and 99.54% for the second dataset and a precision of 96.74% for the first dataset and 99.228% for the second dataset.

show abstract

Don’t get stung, cover your ICS in honey: How do honeypots fit within industrial control system security

Cited by 31 publications

References 43 publications

Learning to Walk: Towards Assessing the Maturity of OT Security Control Standards and Guidelines

Learning to Walk: Towards Assessing the Maturity of OT Security Control Standards and Guidelines

Gentlemen, you can't fight in here. Or can you?: How cyberspace operations impact international security

Security Analysis for Smart Healthcare Systems

Contact Info

Product

Resources

About