See All Nexus 2024 Sessions
Claroty Nexus Logo
Topics:
See all in Cyber Resilience See all in Articles
See all in Videos
See all in Podcasts
Professor Mauro Conti of the University of Padua, Italy, joins this episode of the Nexus Podcast to discuss a research paper that examines the extent of insecure OT and ICS protocols in use that are often vulnerable by design, most notably lacking encryption and authentication services.

Nexus Podcast: Mauro Conti on Assessing the Use of Insecure ICS Protocols

Michael Mimoso
/
Mar 11, 2021

As more companies connect industrial networks and devices to the internet, they're doing so over insecure protocols that are often vulnerable by design, most notably lacking encryption and authentication services.

A research paper published in 2020 explores the severity of this issue, and unlike past work that depended on active-scanning services such as Shodan to detect exposed industrial control systems, this one was able to passively access traffic from an Internet Exchange Point in order to get a clearer picture of industrial traffic.

The results were not encouraging. Professor Mauro Conti of the University of Padua, Italy, joins this episode of the Nexus Podcast, to discuss the results he and his colleagues uncovered, as well as the risks they pose to industrial networks and critical infrastructure.

The paper, "Assessing the Use of Insecure ICS Protocols via IXP Network Traffic Analysis," was written by Conti, Giovanni Barbieri, Nils Ole Tippenhauer, and Federico Turrin of the University of Padua in Italy and the CISPA Helmholtz Center for Information Security in Germany. It points out the reality that the presence of network address translation (NAT) and firewalls may prevent Shodan and other popular services—used to scan the TCP/IP space—from scanning, discovering, and querying industrial devices connected to the internet.

The researchers developed a framework and deployed it at an Italian IXP accessible to the University of Padua that identifies traffic emanating from an industrial host. As it turns out, Shodan listed only 2% of the hosts the researchers' framework identified as exchanging industrial traffic. Of the traffic listed by the framework, 75.6% of those hosts were using vulnerable ICS communication protocols; protocols such as EtherCAT, PROFINET, ENIP, Modbus, and others do not implement encryption, authentication, or integrity protection by default. This exposes that traffic to attackers who would be able to eavesdrop, and theoretically, modify those packets on the wire.

Many of these organizations also expose network ports reserved for IT systems (64%), many of those affected by a number of CVEs described in the paper.

"Active scanning of the IP address space performed by services such as Shodan is a common practice to detect exposed ICS, however it does not properly represent the real use of insecure industrial protocols," the researchers wrote.

Conti explored a number of other areas throughout this conversation, including:

  • Details about the framework, how it was developed, deployed, and how it collected information

  • Whether adversaries would need some sophistication to exploit industrial traffic

  • How engineers, operators, and plant managers should look at the takeaways from this paper

Subscribe, rate, and review the Nexus podcast on all the major platforms, including Apple Podcasts and Spotify.

Michael Mimoso
Editorial Director

Michael Mimoso is Director of Influencer Marketing at Claroty and Editorial Director of Nexus.

Stay in the know Get the Nexus Connect Newsletter
Subscribe
Listen on Apple Podcasts. Listen on Spotify Podcasts.
Share
LinkedIn Twitter Facebook Email
Featured Articles
Considerations for Medical Device Vulnerability Remediation Technical Debt in OT Environments: How It's Different and Why it Matters The Purdue Model's Risky Blindspot
Featured Videos
Browse by Topics
Cyber Resilience Cybersecurity Insurance Federal Food & Beverage Healthcare Industrial Internet of Things Nexus Conference Operational Resilience Operational Technology Ransomware Risk Management Technical Debt Vulnerability Management Zero Trust
You might also like… Read more
nexus_munish.jpg
Industrial
Operational Resilience
Operational Technology
Risk Management

Nexus Podcast: Munish Walther-Puri on Developing a Scale for OT Cybersecurity Incidents

Michael Mimoso
nexus_brian-foster.jpg
Industrial
Internet of Things
Operational Technology
Cyber Resilience

Nexus Podcast: Brian Foster on the Risks of a Hyperconnected Power Grid

Michael Mimoso
matthew-rogers-cisa.jpeg
Cyber Resilience
Operational Technology
Industrial

Nexus Podcast: CISA on Secure-by-Demand for OT

Michael Mimoso
noam-moshe-headshot.jpeg
Internet of Things
Operational Technology

Nexus Podcast: Noam Moshe on the IOCONTROL Malware

Michael Mimoso
Team82’s Noam Moshe discusses state actor targeting of OT, why it’s so challenging to develop ransomware for OT and industrial control systems, and the mitigation strategies available to defenders of cyber-physical systems.
Cyber Resilience
Internet of Things

Nexus Podcast: Team82 on Attacking the Insecure IoT Cloud

Michael Mimoso
nexus_steven-adair.jpg
Cyber Resilience
Vulnerability Management
Risk Management

Nexus Podcast: Volexity’s Steven Adair on the Nearest Neighbor Attack

Michael Mimoso
In this episode of the Nexus Podcast. Runsafe Security CEO and cofounder Joe Saunders examines the motivations of these adversaries, the targeting of memory-based vulnerabilities in embedded systems prevalent in OT and healthcare, and how initiatives such as secure-by-design/default/demand can make a dent in ensuring the resilience of critical infrastructure.
Cyber Resilience
Industrial
Healthcare

Nexus Podcast: Joe Saunders on Advanced Attacks Against Critical Infrastructure

Michael Mimoso
nexus_grant1.jpg
Industrial
Healthcare
Ransomware
Cyber Resilience
Operational Resilience
Operational Technology

Nexus Podcast: Grant Geyer on the Business Impact of Disruptions from Cyberattacks

Michael Mimoso
In this episode of the Nexus Podcast, Alethe Denis, a senior security consultant at Bishop Fox, joins to discuss the ongoing effectiveness of open-source intelligence analysis and social engineering tactics as a precursor to larger intrusions against critical infrastructure.
Cyber Resilience
Healthcare
Industrial
Risk Management

Nexus Podcast: Alethe Denis on Social Engineering, Red-Teaming

Michael Mimoso
On this episode of the Nexus Podcast, Alon Dankner of the Technion Institute in Israel explains his research into the Siemens S7 protocol and PLCs. A vulnerability uncovered during research allows an attacker to expose and steal private cryptographic keys by leveraging a severe vulnerability and configuration error.
Operational Technology

Nexus Podcast: Alon Dankner on Extracting Private Crypto Keys from PLCs

Michael Mimoso
In this episode of the Nexus Podcast, Claroty Team82 researcher Noam Moshe explains the challenges involved in gathering attack forensic artifacts from OT devices, in this case, Unitronics PLCs that were exploited in 2023 in attacks against water facilities in the U.S. and Israel.
Operational Technology
Industrial

Nexus Podcast: Noam Moshe on Extracting Forensic Data from Unitronics PLCs

Michael Mimoso
In this episode of the Claroty Nexus Podcast, Alexander Antukh, the chief information security officer at AboitizPower, the Philippines’ largest owner and operator of renewable energy, discusses one path toward translating risk and losses into business terms: cyber risk quantification (CRQ).
Risk Management

Nexus Podcast: Alexander Antukh on Cyber Risk Quantification

Michael Mimoso
Latest on Nexus Podcast
See all episodes
The Nexus podcast features conversations with security leaders, researchers, and experts sharing their expertise on cyber-physical systems security.
nexus_munish.jpg
Industrial
Operational Resilience
Operational Technology
Risk Management

Nexus Podcast: Munish Walther-Puri on Developing a Scale for OT Cybersecurity Incidents
nexus_brian-foster.jpg
Industrial
Internet of Things
Operational Technology
Cyber Resilience

Nexus Podcast: Brian Foster on the Risks of a Hyperconnected Power Grid
matthew-rogers-cisa.jpeg
Cyber Resilience
Operational Technology
Industrial

Nexus Podcast: CISA on Secure-by-Demand for OT