Abstract: SCADA (Supervisory Control and Data Acquisition) systems are used to control and monitor critical national infras-tructure functions like electricity, gas, water and railways. Field devices such as PLC’s (Programmable Logic Controllers) are one of the most critical components of a control system. Cyber-attacks usually target valuable infrastructures assets, taking advantage of architectural/technical vulnerabilities or even weaknesses in the defense systems. Even though novel intrusion detection systems are being implemented and used for defending cyber-attacks, certain vulnerabilities of SCADA systems can still be exploited. In this article we present an attack scenario based on a Human Interface Device (HID) device which is used as a means of communication/exploitation tool to compromise SCADA systems. The attack, which is a normal series of commands that are sent from the HID to the PLC cannot be detected through current intrusion detection mechanisms. Finaly we provide possible counter measures and defense mechanisms against this kind of cyber attacks.

Grigoris Tzokatziou, Helge Janicke, Leandros A. Maglaras and Ying He, “Exploiting SCADA vulnerabilities using a Human Interface Device” International Journal of Advanced Computer Science and Applications(IJACSA), 6(7), 2015. http://dx.doi.org/10.14569/IJACSA.2015.060731

@article{Tzokatziou2015,
title = {Exploiting SCADA vulnerabilities using a Human Interface Device},
journal = {International Journal of Advanced Computer Science and Applications},
doi = {10.14569/IJACSA.2015.060731},
url = {http://dx.doi.org/10.14569/IJACSA.2015.060731},
year = {2015},
publisher = {The Science and Information Organization},
volume = {6},
number = {7},
author = {Grigoris Tzokatziou and Helge Janicke and Leandros A. Maglaras and Ying He}
}