Browse > Article
http://dx.doi.org/10.13089/JKIISC.2014.24.2.295

A study on vulnerability analysis and incident response methodology based on the penetration test of the power plant's main control systems  

Ko, Ho-Jun (Korea South-East Power Co)
Kim, Huy-Kang (Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.24, no.2, 2014 , pp. 295-310 More about this Journal
Abstract
DCS (Distributed Control System), the main control system of power plants, is an automated system for enhancing operational efficiency by monitoring, tuning and real-time operation. DCS is becoming more intelligent and open systems as Information technology are evolving. In addition, there are a large amount of investment to enable proactive facility management, maintenance and risk management through the predictive diagnostics. However, new upcoming weaponized malware, such as Stuxnet designed for disrupting industrial control system(ICS), become new threat to the main control system of the power plant. Even though these systems are not connected with any other outside network. The main control systems used in the power plant usually have been used for more than 10 years. Also, this system requires the extremely high availability (rapid recovery and low failure frequency). Therefore, installing updates including security patches is not easy. Even more, in some cases, installing security updates can break the warranty by the vendor's policy. If DCS is exposed a potential vulnerability, serious concerns are to be expected. In this paper, we conduct the penetration test by using NESSUS, a general-purpose vulnerability scanner under the simulated environment configured with the Ovation version 1.5. From this result, we suggest a log analysis method to detect the security infringement and react the incident effectively.
Keywords
DCS security; log analysis; vulnerability analysis; penetration test; incident response;
Citations & Related Records
연도 인용수 순위
  • Reference
1 James D. Murray "Windows NT Event Logging" O'Reilly, newton.ma.us, pp. 105, Sep. 1998
2 D. Y. Ha, "The analysis procedures for Hacking damages(Win NT/2000)," CERTCC-KR , pp. 4-7, Apr. 2001
3 Y. S. Kim, "Automation of Sewage Treatment Facilities by DCS," Monthly journal of automation systems, pp. 115-116, Jan. 1997
4 J. O. Kwon, Y. J. Hong, "A study on the security management plan of ICS," Samsung SDS Journal of IT Services Vol.8/No.2, pp. 114-115, Sep. 2011
5 The Japan Society Of Automation, "The opening and security problems for DCS," Automation System, v.26, pp. 52-57, Aug. 2010
6 Matt Tani "DOE Focuses on Cyber Security" Transmission & Distribution World, pp. 97, Mar. 2007
7 Y. S. Jang, "Report of Nessus analysis," CERTCC-KR, pp. 5, Jul. 2001
8 H. K. Kim, K. H. Im, and S. C. Park, "DSS for computer security incident response applying CBR and collaborative response," Expert Systems with Applications, Vol 37, Issue 1, pp. 852-870, Jan. 2010   DOI   ScienceOn