Back to Search Start Over

Insecure by Design in the Backbone of Critical Infrastructure

Authors :
Wetzels, Jos
Santos, Daniel dos
Ghafari, Mohammad
Publication Year :
2023

Abstract

We inspected 45 actively deployed Operational Technology (OT) product families from ten major vendors and found that every system suffers from at least one trivial vulnerability. We reported a total of 53 weaknesses, stemming from insecure by design practices or basic security design failures. They enable attackers to take a device offline, manipulate its operational parameters, and execute arbitrary code without any constraint. We discuss why vulnerable products are often security certified and appear to be more secure than they actually are, and we explain complicating factors of OT risk management.<br />Comment: IEEE/ACM Workshop on the Internet of Safe Things 2023

Subjects

Subjects :
Computer Science - Cryptography and Security

Details

Database :
arXiv
Publication Type :
Report
Accession number :
edsarx.2303.12340
Document Type :
Working Paper
Full Text :
https://doi.org/10.1145/3576914.3587485
Full Text Access
View/download PDF

Tools

Authors Abstract Subjects Details