Network Security Testing

Industrial automation and control systems (IACS) play an important role in modern production plants. Their robustness and safety are also becoming increasingly important due to progressive networking. Highly networked IACS are particularly susceptible to attacks from a distance, as they can be reached by an attacker from the network on the one hand, and can influence the production process on the other. Thus, an attacker has the possibility to cause damage to the production process without physical access. The attacker achieves this by exploiting weak points in the IACS. For this reason it is necessary to avoid weak points in IACS. One possibility for this is security testing. The aim is to detect weaknesses already during the development of IACS. If the vulnerabilities are already found during the development process, they can be closed before the IACS is used productively.

In the ILT department different forms of security testing are scientifically processed. The focus is mainly on automated black box security testing of industrial automation components. The systems to be tested are only viewed from the outside, knowledge of internal aspects does not have to be included in the investigation.

An important element of our research is the Security Testing Framework ISuTest [1]. It is the basis for further research efforts and is also used productively in our security testing laboratory. On the basis of ISuTest, research in the field of fuzzing the PROFINET industrial protocol was advanced [2]. The fuzzing component of ISuTest was used in a study on the security of bus couplers of various German manufacturers [3].

A further area of our research is in the field of web security scanners. Various web security scanners have already been evaluated and integrated into ISuTest [4]. Current research aims to reduce the disclosed limitations of Web Security Scanners.

The research project CyberProtect also deals with the subject area of security testing and the establishment and further development of a security testing laboratory. Through regular security tests of real hardware in our security testing laboratory, our systems are constantly evaluated and further developed. This ensures that they can meet the current requirements for security tests in the field of industrial automation components.

References

[1] Pfrang, S., Meier, D., & Kautz, V. (2017, September). Towards a modular security testing framework for industrial automation and control systems: Isutest. In 2017 22nd IEEE International Conference on Emerging Technologies and Factory Automation (ETFA) (pp. 1-5). IEEE.

[2] Pfrang, S., Meier, D., Friedrich, M., & Beyerer, J. (2018). Advancing Protocol Fuzzing for Industrial Automation and Control Systems. In ICISSP (pp. 570-580).

3] Steffen Pfrang, Anne Borcherding: „Security-Testing für industrielle Automatisierungskomponenten: Ein Framework, sein Einsatz und Ergebnisse am Beispiel von Profinet-Buskopplern“,16. Deutscher IT-Sicherheitskongress des BSI, 2019

[4] Pfrang, S., Borcherding, A., Meier, D., & Beyerer, J. (2019). Automated security testing for web applications on industrial automation and control systems. at-Automatisierungstechnik, 67(5), pp. 383-401.