Abstract
Industrial control systems and critical infrastructures have become an important target for cyber-crime, cyber-terrorism and industrial espionage. In order to protect these systems from cyber-attacks it is important to obtain accurate and up-to-date intelligence on cyber security threats. Honeypots are simulated systems, deliberately exposed on the Internet to attract the attention of cyber criminals, in order to observe attacks and gain intelligence. Whilst honeypots can be a very effective way of gathering intelligence, it is not trivial to simulate a realistic industrial control system, without raising the attacker’s suspicion. In this experience report, we describe the development of a honeypot, representing a water treatment plant, from the point of view of a cyber security service provider charged with the protection of critical infrastructure. The system has been continuously exposed and has provided intelligence for more than two years, feeding intelligence used in our monitoring toolchain and managed security services. (This work was partially supported by the Spanish Ministry for Industry, Energy and Tourism under grant number TSI-100200-2014-19 and the European Horizon 2020 Programme under grant agreement number 740477).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ukranian power supply attack: BBC News (2016). http://www.bbc.com/news/technology-38573074
WannaCry cyber attack: Symantec Security Center (2017). https://www.symantec.com/security_response/writeup.jsp?docid=2017-051310-3522-99
Wilhoit, K.: Who’s Really Attacking Your ICS Equipment?. TrendMicro (2013). https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-whos-really-attacking-your-ics-equipment.pdf
Elasticsearch Kibana: https://www.elastic.co/products
Modbus Industrial Protocol Specificacion. http://www.modbus.org/specs.php
Siemens S7Comm Protcol. https://support.industry.siemens.com/cs/document/26483647/what-properties-advantages-and-special-features-does-the-s7-protocol-offer-?dti=0&lc=en-WW
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Navarro, Ó., Balbastre, S.A.J., Beyer, S. (2019). Gathering Intelligence Through Realistic Industrial Control System Honeypots. In: Luiijf, E., Žutautaitė, I., Hämmerli, B. (eds) Critical Information Infrastructures Security. CRITIS 2018. Lecture Notes in Computer Science(), vol 11260. Springer, Cham. https://doi.org/10.1007/978-3-030-05849-4_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-05849-4_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-05848-7
Online ISBN: 978-3-030-05849-4
eBook Packages: Computer ScienceComputer Science (R0)