Design of a Novel Manual and Automated Penetration Testing Framework for Connected Industrial Control Systems (ICS)
Date of Award
Doctor of Philosophy
Seyed Hosseini, Hamed Seifoddini, Matthew Petering, Abdelshakour Abuzneid, Maryam Hashemian
This research presents the design of new framework—a manually executed and an automated penetration testing process for Connected Industrial Control Systems (ICS). Both frameworks were built using open-source security software and ICS equipment currently used in critical infrastructure, manufacturing companies, and other institutions in the United States and around the world. Existing penetration testing frameworks have largely been focused on manual testing and are specific to Information Technology (IT). In addition, a new severity scoring system framework, called Common Vulnerability Scoring System for Industrial Control Systems (CVSS-ICS), was recommended for calculating the severity score in Industrial Control Systems (ICS).The broader goal of this research is to build penetration frameworks, both manual and automated, for Operations Technology (OT). Four objectives were used to achieve this goal. First, an OT-based testbed was built comprised of PLCs (Programmable Logic Controllers), HMIs (Human Machine Interfaces), a motor drive, and the expected embedded network devices that enable connectivity to emulate a real manufacturing environment. In addition, special security VMs (Virtual Machines) were created and used in the OT testbed. Second, this research ran a manual process of penetration testing against the ICS network using open-source tools that are used by many IT security professionals and hackers; the data was then collected and analyzed manually. Third, a software program was created using python programming language to automate the above manual process. In addition, the program automates data acquisition, generates security analyses, and makes recommendations. Fourth, a recommended framework of a new severity scoring system, Common Vulnerability Scoring System for Industrial Control Systems (CVSS-ICS), takes into account the importance of safety as a key metric in addition to confidentiality, integrity, and availability in calculating the severity of a single vulnerability, an individual ICS device, or the entire ICS system. The test results revealed several vulnerabilities related to safety, confidentiality, integrity, and availability of ICS devices used in this testbed. It is recommended to run additional future testing and apply control measures to automate penetration testing in the ICS environment to ensure that the process does not get out of hand in such in an environment, where safety is of concern.
Elsharef, Rafat, "Design of a Novel Manual and Automated Penetration Testing Framework for Connected Industrial Control Systems (ICS)" (2021). Theses and Dissertations. 2660.
Available for download on Thursday, June 22, 2023