Industrial control systems (ICS) are essential for safe and efficient operations of critical infrastructures such as power grids, pipelines, and water treatment facilities. Attackers target ICS, mainly programmable logic controllers (PLC), to sabotage underlying infrastructure. A PLC controls a physical process through connected sensors and actuators. It runs a control-logic program that specifies monitoring and controlling a physical process and is a common target of cyberattacks. A vendor-provided proprietary engineering software is typically used to investigate the infected control logic. This paper shows that an attacker can use control-logic obfuscation as an anti-forensics technique to hinder the investigations and incident response. The control-logic obfuscation subverts the engineering software’s decompiirlation function; therefore, we call it a denial-of-decompilation attack. The attack exploits a fundamental design principle of creating compiled control logic in engineering software, thereby affecting the engineering software of multiple vendors in the industry. Read more...
Control Logic Obfuscation Attack in Industrial Control Systems
- Conference Paper