25th USENIX Security Symposium

Security is an emergent property. It is the outcome of an interaction between many sub-components and processes. One of the biggest problems of ICS security today is that systems undergo security assessments without recognizing the environment in which they are used. This has led to a situation where many systems have undergone cyber security assessments without addressing the ICS component, leading to a false sense of security. While Industrial Control System (ICS) vulnerability researchers and vendors became quite practiced at finding and fixing implementation bugs, many have minimal experience with design bugs. In the near future, we can expect the attacker community to leverage this weakness, as it did with earlier technologies. Therefore, ICS vendors must begin focusing better on the design of the environment and protocols, and ICS audits must begin now to focus on design. This paper a joint effort of the authors who independently researched design vulnerabilities in ICS with the goal of attracting more attention to ICS-specific design vulnerabilities.