Internet connection from the ones that do not need
to prevent the attacker from accessing the vulnerable
devices.
7 CONCLUSION
As a crucial component of modern city infrastructure,
the industrial control system exists in every corner of
our life. However, the Internet-facing ICS devices
are under the risk of known vulnerabilities. In this
work, we develop ICScope to discover the vulnerable
Internet-facing ICS devices. Base on the results, we
perform a comprehensive analysis of the security sta-
tus for online ICS devices. We find that 49.58% of
Internet-facing ICS devices that we can extract com-
plete device information are affected by known vul-
nerabilities. The most serious ICS protocol is Niagara
Fox, which proportion of vulnerable devices is even
as high as 96.25%. We observe that most of the vul-
nerable devices are affected by the same vulnerabil-
ity in Niagara Fox, PCWorx, and CoDeSys protocols.
In all ICS protocols, at least 60% of the ICS vulner-
abilities are with high or critical level severity. We
also observe a slowly decreasing trend in the number
of vulnerable ICS devices during our six-month mea-
surement period. Moreover, our measurement results
only present the lower limit of the actual situation. In
response to these severe industrial control security is-
sues, we also discuss the mitigation measures, such as
add firewall policy.
ACKNOWLEDGEMENTS
We would like to thank all anonymous reviewers for
their valuable feedback that greatly helped us improve
this paper. Besides, we would like to thank Yuxiang
Lu, Zhenbang Ma, Yu Wang, for their helping in our
work.
REFERENCES
Comer, D. E. and Lin, J. C. (1994). Probing tcp implemen-
tations. In Usenix Summer, pages 245–255.
Di Pinto, A. A., Dragoni, Y., and Carcano, A. (2018). Tri-
ton: The first ics cyber attack on safety instrument sys-
tems. In Proc. Black Hat USA, pages 1–26.
Dong, Y., Guo, W., Chen, Y., Xing, X., Zhang, Y., and
Wang, G. (2019). Towards the detection of inconsis-
tencies in public security vulnerability reports. In 28th
{USENIX} Security Symposium ({USENIX} Security
19), pages 869–885.
Durumeric, Z., Adrian, D., Mirian, A., Bailey, M., and Hal-
derman, J. A. (2015). A search engine backed by
internet-wide scanning. In Proceedings of the 22nd
ACM SIGSAC Conference on Computer and Commu-
nications Security, pages 542–553. ACM.
Durumeric, Z., Wustrow, E., and Halderman, J. A. (2013).
Zmap: Fast internet-wide scanning and its security ap-
plications. In 22nd {USENIX} Security Symposium
({USENIX} Security 13), pages 605–620.
Fachkha, C., Bou-Harb, E., Keliris, A., Memon, N. D., and
Ahamad, M. (2017). Internet-scale probing of cps:
Inference, characterization and orchestration analysis.
In NDSS.
Feng, X., Li, Q., Wang, H., and Sun, L. (2016). Character-
izing industrial control system devices on the internet.
In 2016 IEEE 24th International Conference on Net-
work Protocols (ICNP), pages 1–10. IEEE.
Genge, B. and En
˘
achescu, C. (2016). Shovat: Shodan-
based vulnerability assessment tool for internet-facing
services. Security and communication networks,
9(15):2696–2714.
Guo, G., Zhuge, J., Yang, M., Zhou, G., and Wu, Y. (2018).
A survey of industrial control system devices on the
internet. In 2018 International Conference on Inter-
net of Things, Embedded Systems and Communica-
tions (IINTEC), pages 197–202. IEEE.
Leverett,
´
E. and Wightman, R. (2013). Vulnerability inheri-
tance programmable logic controllers. In Proceedings
of the Second International Symposium on Research
in Grey-Hat Hacking.
Mirian, A., Ma, Z., Adrian, D., Tischer, M., Chuenchujit,
T., Yardley, T., Berthier, R., Mason, J., Durumeric,
Z., Halderman, J. A., et al. (2016). An internet-wide
view of ics devices. In 2016 14th Annual Conference
on Privacy, Security and Trust (PST), pages 96–103.
IEEE.
Moon, B., Jagadish, H. V., Faloutsos, C., and Saltz, J. H.
(2001). Analysis of the clustering properties of the
hilbert space-filling curve. IEEE Transactions on
knowledge and data engineering, 13(1):124–141.
O’Hare, J., Macfarlane, R., and Lo, O. (2019). Identifying
vulnerabilities using internet-wide scanning data. In
2019 IEEE 12th International Conference on Global
Security, Safety and Sustainability (ICGS3), pages 1–
10. IEEE.
Samtani, S., Yu, S., Zhu, H., Patton, M., and Chen, H.
(2016). Identifying scada vulnerabilities using pas-
sive and active vulnerability assessment techniques.
In 2016 IEEE Conference on Intelligence and Secu-
rity Informatics (ISI), pages 25–30. IEEE.
Serbanescu, A. V., Obermeier, S., and Yu, D.-Y. (2015). Ics
threat analysis using a large-scale honeynet. In 3rd In-
ternational Symposium for ICS & SCADA Cyber Se-
curity Research 2015 (ICS-CSR 2015) 3, pages 20–30.
Vasilomanolakis, E., Srinivasa, S., Cordero, C. G., and
M
¨
uhlh
¨
auser, M. (2016). Multi-stage attack detec-
tion and signature generation with ics honeypots.
In NOMS 2016-2016 IEEE/IFIP Network Opera-
tions and Management Symposium, pages 1227–1232.
IEEE.
ICISSP 2021 - 7th International Conference on Information Systems Security and Privacy
248