Your Industrial Facility and Its IP Address: A First Approach for Cyber-Physical Attack Modeling

  • Robert ClausingEmail author
  • Robert Fischer
  • Jana Dittmann
  • Yongjian Ding
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9922)


In the last decade, the amount of cyber-attacks targeting industrial facilities with specialized knowledge, tools and malware increased dramatically. The wide variety of industrial IT-systems and various required expertise for cyber-physical attack modeling is currently a challenge for interdisciplinary research. To address the variety of systems and get a point of reference, we merged architecture descriptions from available resources. Based on this reference architecture, we introduce attack scopes and provide exemplary attack scenarios per scope. As modeling strategy for the introduced scopes and to realize abstracted representations of particular industrial facility architectures, a component-based modeling approach is proposed. The main contribution of the presented work is a first generic attack modeling technique facilitating the required interdisciplinary collaboration in this important field of research.


Cybersecurity Interdisciplinary security modeling Attack modeling Industrial control systems Supervisory control and data acquisition 



The presented work is funded by the German Federal Ministry of Economic Affairs and Energy (BMWi, project no. 1501502A, 1501502B) in the framework of the German reactor safety research program. The authors thank all project partners and reviewers for their helpful comments.


  1. 1.
    ICS-CERT: IR-ALERT-H-16-056-01 Cyber-Attack Against Ukrainian Critical Infrastructure. (2016)
  2. 2.
    Harp, D., Gregory-Brown, B.: The State of Security in Control Systems Today. (2015)
  3. 3.
    Cherdantseva, Y., Hilton, J.: A reference model of information assurance & security. In: Eighth International Conference on Availability, Reliability and Security (ARES), pp. 546–555. IEEE (2013)Google Scholar
  4. 4.
    Lang, A., Dittmann, J., Kiltz, S., Hoppe, T.: Future perspectives: the car and its IP-address – a potential safety and security risk assessment. In: Saglietti, F., Oster, N. (eds.) SAFECOMP 2007. LNCS, vol. 4680, pp. 40–53. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  5. 5.
    U.S. Department of Homeland Security: Recommended Practice: Improving Industrial Control Systems Cybersecurity with Defense-In-Depth Strategies. (2009)
  6. 6.
    Stouffer, K., Pillitteri, V., Lightman, S., Abrams, M., Hahn, A.: Guide to Industrial Control Systems (ICS) Security. National Institute of Standards and Technology (2015)Google Scholar
  7. 7.
    Krotofil, M., Gollmann, D.: Industrial control systems security: what is happening? In: 2013 11th IEEE International Conference on Industrial Informatics (INDIN), pp. 670–675. IEEE (2013)Google Scholar
  8. 8.
    Ahmed, I., Obermeier, S., Naedele, M., Richard III, G.G.: SCADA systems: challenges for forensic investigators. Computer 45, 44–51 (2012)CrossRefGoogle Scholar
  9. 9.
    Howard, J.D., Longstaff, T.A.: A common language for computer security incidents. Sandia National Laboratories (1998)Google Scholar
  10. 10.
    Kordy, B., Piètre-Cambacédès, L., Schweitzer, P.: DAG-based attack and defense modeling: don’t miss the forest for the attack trees. Comput. Sci. Rev. 13–14, 1–38 (2014)CrossRefzbMATHGoogle Scholar
  11. 11.
    Bendik, F., Schmidt, N.: Exchange of engineering data for communication systems based on AutomationML using an EtherNet/IP example. Presented at the ODVA Industry Conference and 17th Annual Meeting, Friso, Texas, USA (2015)Google Scholar
  12. 12.
    Sommestad, T., Ekstedt, M., Holm, H.: The cyber security modeling language: a tool for assessing the vulnerability of enterprise system architectures. Syst. J. IEEE 7, 363–373 (2013)CrossRefGoogle Scholar
  13. 13.
    Kotzanikolaou, P., Theoharidou, M., Gritzalis, D.: Assessing n-order dependencies between critical infrastructures. Int. J. Crit. Infrastruct. 9, 93–110 (2013)CrossRefGoogle Scholar
  14. 14.
    U.S. Department of Homeland Security: Seven Steps to Effectively Defend Industrial Control Systems. (2016)
  15. 15.
    The MITRE Corporation: CVE-2016-2200 (2016)Google Scholar
  16. 16.
    Floyd, S.: RFC 3360 Inappropriate TCP Resets Considered Harmful. (2002)
  17. 17.
    CENELEC: EN 61158-4-3:2014: Industrial communication networks - Fieldbus specifications - Part 4-3: Data-link layer protocol specification - Type 3 elements (IEC 61158-4-3:2014) (2014)Google Scholar
  18. 18.
    The MITRE Corporation: CVE-2015-1356 (2015)Google Scholar
  19. 19.
    The MITRE Corporation: CVE-2010-2772 (2010)Google Scholar
  20. 20.
    Object Management Group: OMG Unified Modeling Language (OMG UML) Version 2.5. (2015)
  21. 21.
    Mauerer, W.: Professional Linux Kernel Architecture. Wiley, Indianapolis (2008)Google Scholar
  22. 22.
    Tanenbaum, A.S.: Modern Operating Systems. Pearson Education, Upper Saddle River (2009)zbMATHGoogle Scholar
  23. 23.
    Siemens AG: CPU-CPU Communication with SIMATIC Controllers (SIMATIC S7) Version 2.1. (2013)
  24. 24.
    ISO/IEC: ISO/IEC 7498-1:1994(E) Information technology - Open Systems Interconnection - Basic Reference Model (1994)Google Scholar
  25. 25.
    Fischer, R., Clausing, R., Dittmann, J., Ding, Y.: Industrie 4.0 Schwachstellen: Basisangriffe und Szenarien. In: Proceedings of DACH Security 2016 (2016, to appear)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Robert Clausing
    • 1
    Email author
  • Robert Fischer
    • 2
  • Jana Dittmann
    • 2
  • Yongjian Ding
    • 1
  1. 1.Department of Electrical EngineeringMagdeburg-Stendal University of Applied SciencesMagdeburgGermany
  2. 2.Department of Computer Science, AMSL Research GroupOtto-Von-Guericke University of MagdeburgMagdeburgGermany

Personalised recommendations