Penetration testing of OPC as part of process control systems
2008 (English)Conference paper (Refereed)
We have performed penetration testing on OPC, which is a central component in process control systems on oil installations. We have shown how a malicious user with different privileges - outside the network, access to the signalling path and physical access to the OPC server - can fairly easily compromise the integrity, availability and confidentiality of the system. Our tentative tests demonstrate that full-scale penetration testing of process control systems in offshore installations is necessary in order to sensitise the oil and gas industry to the evolving threats.
Place, publisher, year, edition, pages
2008. 271-283 p.
, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), ISSN 03029743
Information security, OPC, Penetration testing, Process control, Control systems, Control theory, Gas industry, Identification (control systems), Liquefied petroleum gas, Offshore structures, Production control, Quality control, Reliability, Ubiquitous computing, Central component, In-process control, International conferences, Offshore installations, Oil and Gas Industry, Oil installations, OPC server, Physical access, Process Control Systems, Ubiquitous intelligence
IdentifiersURN: urn:nbn:se:kth:diva-154444DOI: 10.1007/978-3-540-69293-5_22ISI: 000257237300022ScopusID: 2-s2.0-48249152968ISBN: 3540692924ISBN: 9783540692928OAI: oai:DiVA.org:kth-154444DiVA: diva2:758552
5th International Conference on Ubiquitous Intelligence and Computing, UIC 2008, 23-25 June 2008, Oslo, Norway
QC 201410272014-10-272014-10-202014-10-27Bibliographically approved