Practical Modbus flooding attack and detection

The Modicon Communication Bus (Modbus) protocol is one of the most commonly used protocols in industrial control systems. Modbus was not designed to provide security. This paper confirms that the Modbus protocol is vulnerable to flooding attacks. These attacks involve injection of commands that result in disrupting the normal operation of the control system. This paper describes a set of experiments that shows that an anomaly-based change detection algorithm and signature-based Snort threshold module are capable of detecting Modbus flooding attacks. In comparing these intrusion detection techniques, we find that the signature-based detection requires a carefully selected threshold value, and that the anomaly-based change detection algorithm may have a short delay before detecting the attacks depending on the parameters used. In addition, we also generate a network traffic dataset of flooding attacks on the Modbus control system protocol.

The power of hands-on exercises in SCADA cyber security education

For decades Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS) have used computers to monitor and control physical processes in many critical industries, including electricity generation, gas pipelines, water distribution, waste treatment, communications and transportation. Increasingly these systems are interconnected with corporate networks via the Internet, making them vulnerable and exposed to the same risks as those experiencing cyber-attacks on a conventional network. Very often SCADA networks services are viewed as a specialty subject, more relevant to engineers than standard IT personnel. Educators from two Australian universities have recognised these cultural issues and highlighted the gap between specialists with SCADA systems engineering skills and the specialists in network security with IT background. This paper describes a learning approach designed to help students to bridge this gap, gain theoretical knowledge of SCADA systems' vulnerabilities to cyber-attacks via experiential learning and acquire practical skills through actively participating in hands-on exercises.

Martha and her sisters : women in films about journalism

HBO's Hemingway and Gellhorn (Philip Kaufman, 2012), broadcast in May on US television and starring Nicole Kidman as the pioneering female foreign correspondent, hasn't been well reviewed by the majority of critics. Variety described the biopic (with Clive Owen as Hemingway) as “swollen and heavy-handed”, while the Huffington Post declared it an “expensive misfire … a gigantic missed opportunity, a jaw-droppingly trying waste of time”. Regardless of whether such criticisms are fair—as this essay went to press I had been unable to see the film, so I cannot judge one way or the other—Hemingway and Gellhorn should be viewed as a significant addition to the filmography of journalism, retrieving from history as it does the achievements of one of the most significant of the early female practitioners. Gellhorn was a pioneer in a patriarchal press universe, a foreign and war correspondent at a time when this branch of the profession was seen very much as man's work. She covered the Spanish Civil War and the Second World War, and with just as much viscerality as any man.

Typology of phishing email victims based on their behavioural response

A victim of phishing emails could be subjected to money loss and identity theft. This paper investigates the different types of phishing email victims, with the goal of increasing such victims' defences. To obtain this kind of information, an experiment which involves sending a phishing email to participants is conducted. Quantitative and qualitative methods are also used to collect users' information. A model for detecting deception has been employed to understand victims' behaviour. This paper reports the qualitative results. The findings suggest that victims of phishing emails do not always exhibit the same vulnerability. The cause of being a victim is a result of three weaknesses in the detection process: (1) lack of knowledge; (2) weak confirmation channel, and; (3) victims' high propensity towards risk-taking. Therefore, it is suggested that users be provided with suitable confirmation channels and be more risk averse in their behaviour so that they would not fall victim to phishing emails.

Cyber security of networked critical infrastructures [Guest Editorial]

A new era of cyber warfare has appeared on the horizon with the discovery and detection of Stuxnet. Allegedly planned, designed, and created by the United States and Israel, Stuxnet is considered the first known cyber weapon to attack an adversary state. Stuxnet's discovery put a lot of attention on the outdated and obsolete security of critical infrastructure. It became very apparent that electronic devices that are used to control and operate critical infrastructure like programmable logic controllers (PLCs) or supervisory control and data acquisition (SCADA) systems lack very basic security and protection measures. Part of that is due to the fact that when these devices were designed, the idea of exposing them to the Internet was not in mind. However, now with this exposure, these devices and systems are considered easy prey to adversaries.

Security analysis of the non-aggressive challenge response of the DNP3 Protocol using a CPN Model

Distributed Network Protocol Version 3 (DNP3) is the de-facto communication protocol for power grids. Standard-based interoperability among devices has made the protocol useful to other infrastructures such as water, sewage, oil and gas. DNP3 is designed to facilitate interaction between master stations and outstations. In this paper, we apply a formal modelling methodology called Coloured Petri Nets (CPN) to create an executable model representation of DNP3 protocol. The model facilitates the analysis of the protocol to ensure that the protocol will behave as expected. Also, we illustrate how to verify and validate the behaviour of the protocol, using the CPN model and the corresponding state space tool to determine if there are insecure states. With this approach, we were able to identify a Denial of Service (DoS) attack against the DNP3 protocol.

Analysis of two authorization protocols using Colored Petri Nets

To prevent unauthorized access to protected trusted platform module (TPM) objects, authorization protocols, such as the object-specific authorization protocol (OSAP), have been introduced by the trusted computing group (TCG). By using OSAP, processes trying to gain access to the protected TPM objects need to prove their knowledge of relevant authorization data before access to the objects can be granted. Chen and Ryan’s 2009 analysis has demonstrated OSAP’s authentication vulnerability in sessions with shared authorization data. They also proposed the Session Key Authorization Protocol (SKAP) with fewer stages as an alternative to OSAP. Chen and Ryan’s analysis of SKAP using ProVerif proves the authentication property. The purpose of this paper was to examine the usefulness of Colored Petri Nets (CPN) and CPN Tools for security analysis. Using OSAP and SKAP as case studies, we construct intruder and authentication property models in CPN. CPN Tools is used to verify the authentication property using a Dolev–Yao-based model. Verification of the authentication property in both models using the state space tool produces results consistent with those of Chen and Ryan.

Your Loss is Our Gain

2 x 2.5 metre text based wall painting with a hidden automatic air freshener timed to spray every 60 seconds. The work formed part of a group exhibition that dealt with Humour,Politics and Art. It was part of a series of ongoing works made under the pseudonym Eve Roleston. Roleston is part of a trio of pseudonyms I use, the others being Ernesto Love, and Ernest Olove, to explore the research potential of the fictocritical in a visual arts practice.This forms part of an ongoing body of practice-led research undertaken in my PhD dealing with reconfiguring the relationship between art and politics.

World peace for video art

A single channel video projection with image, text and sound components. It was projected so as entirely fill a 3 x 3.5 wall in a 6 x 3.5 metre gallery space. The work deals with the role of humour and the fictocritical in exploring the relationship between politics and art.

Component modeling for SCADA network mapping

Supervisory Control and Data Acquisition systems (SCADA) are widely used to control critical infrastructure automatically. Capturing and analyzing packet-level traffic flowing through such a network is an essential requirement for problems such as legacy network mapping and fault detection. Within the framework of captured network traffic, we present a simple modeling technique, which supports the mapping of the SCADA network topology via traffic monitoring. By characterizing atomic network components in terms of their input-output topology and the relationship between their data traffic logs, we show that these modeling primitives have good compositional behaviour, which allows complex networks to be modeled. Finally, the predictions generated by our model are found to be in good agreement with experimentally obtained traffic.

The stewardship performance of forms of privatised water infrastructure

In this research Agency Theory and Stewardship Theory are used to analyse the relative performance of different forms of privitisation of water infrastructure and in doing so enriches understanding of previously underdeveloped aspects of both theories. The prior Agency Theory literature had established assumptions about the behaviour of principals and agents in contracts and these were found not to be correct in the context of contracts between modern government and private organisations. Agency theory was extended to include steward-like behaviour of an agent and Stewardship Theory was developed by the identification of factors within the contractual relationship which promote the sense of responsibility to the principal. The alliance, joint venture and Build Own Operate Transfer (BOOT) forms of privatisation were found to achieve stewardship of the infrastructure.