Operational Technology (OT) networks of industrial control systems (ICS) are increasingly connected to the public Internet, which has prompted ICSes to implement strong security measures (e.g., authentication and encryption) to protect end-to-end control communication. Despite the security measures, we show that an Internet adversary in the path of an ICS's communication can cause damage to the ICS without infiltrating it. We present ICS-Sniper, a targeted blackhole attack that analyzes the packet metadata (sizes, timing) to identify the packets carrying critical ICS commands or data, and drops the critical packets to disrupt the ICS's operations. We demonstrate two attacks on an emulation of a Secure Water Treatment (SWaT) plant that can potentially violate the operational safety of the ICS while evading state-of-the-art detection systems.

翻译：工业控制系统（ICS）的运营技术（OT）网络日益与公共互联网连接，这促使ICS实施强有力的安全措施（例如身份验证和加密）以保护端到端的控制通信。尽管存在这些安全措施，我们表明，位于ICS通信路径中的互联网对手无需渗透系统即可对ICS造成损害。我们提出ICS-Sniper，一种定向黑洞攻击，通过分析数据包元数据（大小、时序）来识别携带关键ICS命令或数据的数据包，并丢弃这些关键数据包以破坏ICS的运行。我们在一个安全水处理（SWaT）仿真平台上演示了两种攻击，这些攻击可能违反ICS的运行安全性，同时规避了最先进的检测系统。