Benchmarking Vulnerability Assessment Tools for Enhanced Cyber-Physical System (CPS) Resiliency
Title | Benchmarking Vulnerability Assessment Tools for Enhanced Cyber-Physical System (CPS) Resiliency |
Publication Type | Conference Paper |
Year of Publication | 2018 |
Authors | McMahon, E., Patton, M., Samtani, S., Chen, H. |
Conference Name | 2018 IEEE International Conference on Intelligence and Security Informatics (ISI) |
ISBN Number | 978-1-5386-7848-0 |
Keywords | computational algorithms, computer network security, cps resiliency, Cyber-physical systems, cyber-physical systems resiliency, cybersecurity, cybersecurity posture, Denial of Service attacks, ICs, industrial control, industrial control systems, Internet, Internet accessible CPS devices, Internet of Things, IoT, large-scale vulnerability assessment, Nessus, OpenSSH vulnerabilities, OpenVAS, Operating systems, PHP vulnerabilities, physical components, pubcrawl, resilience, Resiliency, search engine, search engines, smart cars, smart home devices, smart water system, unauthorized information disclosure, vulnerability assessment tools |
Abstract | Cyber-Physical Systems (CPSs) are engineered systems seamlessly integrating computational algorithms and physical components. CPS advances offer numerous benefits to domains such as health, transportation, smart homes and manufacturing. Despite these advances, the overall cybersecurity posture of CPS devices remains unclear. In this paper, we provide knowledge on how to improve CPS resiliency by evaluating and comparing the accuracy, and scalability of two popular vulnerability assessment tools, Nessus and OpenVAS. Accuracy and suitability are evaluated with a diverse sample of pre-defined vulnerabilities in Industrial Control Systems (ICS), smart cars, smart home devices, and a smart water system. Scalability is evaluated using a large-scale vulnerability assessment of 1,000 Internet accessible CPS devices found on Shodan, the search engine for the Internet of Things (IoT). Assessment results indicate several CPS devices from major vendors suffer from critical vulnerabilities such as unsupported operating systems, OpenSSH vulnerabilities allowing unauthorized information disclosure, and PHP vulnerabilities susceptible to denial of service attacks. |
URL | https://ieeexplore.ieee.org/document/8587353 |
DOI | 10.1109/ISI.2018.8587353 |
Citation Key | mcmahon_benchmarking_2018 |
- Nessus
- vulnerability assessment tools
- unauthorized information disclosure
- smart water system
- smart home devices
- smart cars
- search engines
- search engine
- Resiliency
- resilience
- pubcrawl
- physical components
- PHP vulnerabilities
- operating systems
- OpenVAS
- OpenSSH vulnerabilities
- computational algorithms
- large-scale vulnerability assessment
- IoT
- Internet of Things
- Internet accessible CPS devices
- internet
- Industrial Control Systems
- industrial control
- ICs
- Denial of Service attacks
- cybersecurity posture
- Cybersecurity
- cyber-physical systems resiliency
- cyber-physical systems
- cps resiliency
- computer network security