查看文章

Operational Technology (OT) networks of industrial control systems (ICS) are increasingly connected to the public Internet, which has prompted ICSes to implement strong security measures (e.g., authentication and encryption) to protect end-to-end control communication. Despite the security measures, we show that an Internet adversary in the path of an ICS's communication can cause damage to the ICS without infiltrating it. We present ICS-Sniper, a targeted blackhole attack that analyzes the packet metadata (sizes, timing) to identify the packets carrying critical ICS commands or data, and drops the critical packets to disrupt the ICS's operations. We demonstrate two attacks on an emulation of a Secure Water Treatment (SWaT) plant that can potentially violate the operational safety of the ICS while evading state-of-the-art detection systems.