Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Exploitation of Security Vulnerabilities Inherent in Common Development of Process Control Systems

Published

Author(s)

Freemon Johnson

Abstract

According to a 2003 study commissioned by the Department of Commerce's National Institute of Standards and Technology, software bugs or errors are prevalent and so detrimental that they cost the U.S. economy an estimated $59.5 billion annually, or about 0.6 percent of the gross national product [18]. These errors translate into security vulnerabilities which are easily exploited. Understanding the inherent risk and consequences of these vulnerabilities is the subject of this paper. Specifically, security issues associated with client/server or producer/consumer software use in industrial control systems are addressed. As shown in the paper, the security issues differ over the system life cycle because security was not designed into the applications, but was added as an afterthought. For this reason, recommended changes to the development life cycle are proposed.
Citation
Poster Session

Keywords

Bugs, CIP (Common Industrial Protocols), ICS (Industrial Control Systems), Networks, OSI (Open Systems Interconnect), Risk, SCADA (Supervisory Control and Data Acquisition), SDLC (System Development Life Cycle), Security, Vulnerabilities

Citation

Johnson, F. (2008), Exploitation of Security Vulnerabilities Inherent in Common Development of Process Control Systems, Poster Session, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=823048 (Accessed July 18, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created August 1, 2008, Updated January 27, 2020