Poster: Using Honeypots to Understand Attacks to Industrial Control Systems

We describe our ongoing efforts toward the development of an advanced honeypot that simulates a complex distributed control system (DCS) used in industrial settings such as chemical, oil and gas, water treatment, and food processing plants. Indeed, while anecdotally it is known that ICS are targets of attacks, the details of most incidents are not publicly released (with the exception of high profile cases such as Stuxnet or TRITON). Thus, we believe that, by deploying a honeypot that replicates a real-world deployment of a DCS, we will be able to capture the attempts of attacks toward complex control systems and gain useful insights for the research community. We recently deployed the honeypot in the network of a multinational company that uses the DCS in the course of their business. As a long term goal, we aim to deploy the honeypot on multiple network vantage points, and to collect a repository of ICS attack techniques, as well as ICS malware, to be shared with the security community.