Skip to main content
SpringerLink
Log in

Vulnerability assessment of industrial systems using Shodan

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

The Internet, and many of the related things, hence the term Internet of Things, IoT, continue to expand and take more roles in human lives. Indeed, this enables us to be connected with our devices and the environment. The Internet also enabled us to be continuously informed about the status of our cars, homes, health, family, friends, etc. However, such exposure or publicity for all those things around us risks them being accessed and used by illegitimate users or intruders. In recent years, Industrial Control Systems (ICSs) have been exposed to the public Internet after being traditionally existed in closed communication systems. As a result, there is a critical need to shed light on network security concerns for these systems' safety. Our study evaluates the different communication protocols used in these systems and assesses and analyzes their security vulnerabilities. The results showed no significant correlation between the number of open ports and total recorded vulnerabilities. Results also showed that specific ports are more vulnerable than the rest due to the nature of their services or applications.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

References

  1. Rrushi, J.L.: SCADA protocol vulnerabilities. In Proceedings of the Critical Infrastructure Protection, pp. 150–176 (2012)

  2. Fovino, I.N., Carcano, A., Masera, M., Trombetta, A.: Design and implementation of a secure modbus protocol. In International conference on critical infrastructure protection, pp. 83–96 (2009)

  3. Bellettini, C., Rrushi, J.: Combating memory corruption attacks on scada devices. In Proceedings of the International Conference on Critical Infrastructure Protection, pp. 141–156 (2008)

  4. Akerberg, J., Bjorkman, M.: Exploring security in PROFINET IO. In Proceedings of the 2009 33rd Annual IEEE International Computer Software and Applications Conference, vol. 1, pp. 406–412 (2009)

  5. Åkerberg, J., Björkman, M.: Exploring network security in profisafe. In Proceedings of the International Conference on Computer Safety, Reliability, and Security, pp. 67–80 (2009)

  6. Nicholson, A., Webber, S., Dyer, S., Patel, T., Janicke, H.: SCADA security in the light of Cyber-Warfare. Comput. Secur. 31(4), 418–436 (2012)

    Article  Google Scholar 

  7. Thomas, R.J., Chothia, T.: Learning from Vulnerabilities-Categorising, Understanding and Detecting Weaknesses in Industrial Control Systems. Comput Secur., pp. 100–116 (2020)

  8. Rea-Guaman, A.M., Mejía, J., San Feliu, T., Calvo-Manzano, J.A.: AVARCIBER: a framework for assessing cybersecurity risks. Clust. Comput. 23(3), 1827–1843 (2020)

    Article  Google Scholar 

  9. Amoah, R., Camtepe, S., Foo, E.: Securing DNP3 broadcast communications in SCADA systems. IEEE Trans. Ind. Inf. 12(4), 1474–1485 (2016)

    Article  Google Scholar 

  10. Samtani, S., Yu, S., Zhu, H., Patton, M., Chen, H.: Identifying SCADA vulnerabilities using passive and active vulnerability assessment techniques. In Proceedings of the 2016 IEEE Conference on Intelligence and Security Informatics (ISI) IEEE, pp. 25–30 (2016)

  11. Shahzad, A., Kim, Y.G., Elgamoudi, A.: Secure IoT platform for industrial control systems. In Proceedings of the 2017 International Conference on Platform Technology and Service (PlatCon), pp. 1–6 (2017)

  12. Mattioli, R., Moulinos, K.: Analysis of ICS-SCADA cyber security maturity levels in critical sectors. European Union Agency for Network and Information Security (ENISA) (2015)

  13. Mirian, A., Ma, Z., Adrian, D., Tischer, M., Chuenchujit, T., Yardley, T., et al.: An internet-wide view of ics devices. In Proceedings of the 2016 14th Annual Conference on Privacy, Security and Trust (PST), 96–103 (2016)

  14. Sahoo, K.S., Panda, S.K., Sahoo, S., Sahoo, B., Dash, R.: Toward secure software-defined networks against distributed denial of service attack. J. Supercomput. 75(8), 4829–4874 (2019)

    Article  Google Scholar 

  15. Beresford, D.: Exploiting siemens simatic s7 plcs. Black Hat USA 16(2), 723–733 (2011)

    Google Scholar 

  16. Alfandi, O., Khanji, S., Ahmad, L., Khattak, A.: A survey on boosting IoT security and privacy through blockchain. Clust. Comput. 24, 37–55 (2020)

    Article  Google Scholar 

  17. Xiaoqin, C., Jun, W.: Smarter industry, better life. Beijing Rev., 1 (2017).

  18. Zanesville, O.: Articles on Industrial Ethernet, Including: Modbus, Profinet, Avionics Full-Duplex Switched Ethernet, List of Automation Protocols, Ethernet Powerlink (2011)

  19. Bellagente, P., Ferrari, P., Flammini, A., Rinaldi, S., Sisinni, E.: Enabling PROFINET devices to work in IoT: Characterization and requirements. In Proceedings of the 2016 IEEE International Instrumentation and Measurement Technology Conference Proceedings, 1–6 (2016)

  20. Rosborough, C., et al.: All About Eve: Comparing DNP3 Secure Authentication with Standard Security Technologies for SCADA Communications ( 2019)

  21. Armstrong, R., Hunkar, P.: The OPC UA security model for administrators. Whitepaper, OPC Foundation (2010)

  22. Kaur, J., Tonejc, J., Wendzel, S., & Meier, M.: Securing BACnet's pitfalls. In Proceedings of the IFIP International Information Security and Privacy Conference, 616–629 (2015)

  23. Jovanovic, P., Neves, S.: Dumb Crypto in smart grids: practical cryptanalysis of the open smart grid protocol. IACR Cryptol. ePrint Arch., 428 (2015)

  24. Dissanayaka, A.M., Mengel, S., Gittner, L., Khan, H.: Security assurance of MongoDB in singularity LXCs: an elastic and convenient testbed using Linux containers to explore vulnerabilities. Clust. Comput. 23(3), 1955–1971 (2020)

    Article  Google Scholar 

  25. Upadhyay, D., Sampalli, S.: SCADA (Supervisory Control and Data Acquisition) systems: vulnerability assessment and security recommendations. Comput. Secur. J. (2020)

  26. Sundell, M.: White paper on industrial automation security in fieldbus and field device level. Vacon PLC (2011)

  27. Martin, K.E.: Synchrophasor standards development-IEEE C37. 118 & IEC 61850. In Proceedings of the In Proceedings of the 2011 44th Hawaii International Conference on System Sciences IEEE, pp. 1–8 (2011)

  28. Boddy, S., Shattuck, J., Walkowski, D., & Warburton, D.: the hunt for iot: multi-purpose attack thingbots threaten Internet stability and human life. F5 Labs, 24 (2018)

  29. Fovino, I.N., Coletta, A., Masera, M.: Taxonomy of security solutions for the SCADA Sector, Deliverable: D 2.2, Version: 1.1. A European Network For The Security Of Control And Real Time Systems (2010)

  30. Fovino, I.N., Carcano, A., Murel, T.D.L., Trombetta, A., Masera, M.: Modbus/DNP3 state-based intrusion detection system. In Proceedings of the 2010 24th IEEE International Conference on Advanced Information Networking and Applications IEEE, pp. 729–736 (2010)

  31. East, S., Butts, J., Papa, M., & Shenoi, S.: A Taxonomy of Attacks on the DNP3 Protocol. In Proceedings of the International Conference on Critical Infrastructure Protection, pp. 67–81 (2009)

Download references

Author information

Authors and Affiliations

  1. Department of Computing and Cyber Security, Texas A&M University, San Antonio, One University Way, San Antonio, TX, 78224, USA

    Izzat Alsmadi & Ricardo Cantu

  2. Department of Computer Engineering, Hashemite University, Zarqa, Jordan

    Zyad Dwekat

  3. Computer Information Systems Department, The University of Jordan, Aqaba, Jordan

    Bilal Al-Ahmad

Authors
  1. Izzat Alsmadi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zyad Dwekat
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ricardo Cantu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Bilal Al-Ahmad
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Izzat Alsmadi.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Alsmadi, I., Dwekat, Z., Cantu, R. et al. Vulnerability assessment of industrial systems using Shodan. Cluster Comput 25, 1563–1573 (2022). https://doi.org/10.1007/s10586-021-03330-3

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-021-03330-3

Keywords

Search

Navigation