Identifying systemic cyber-security weaknesses in Internet-facing OT and consumer IoT networks

Despite the incessant growth of cyber attacks both in frequency and impact, basic security measures are still widely overlooked. A vast number of Internet-facing devices still lack proper access control, encryption, and maintenance. This thesis explores vulnerability identification methods through Internet measurements as a medium to better understand where systemic cyber-security weaknesses occur and how they can be mitigated.

Our work examines cyber-security issues affecting Internet of Things (IoT) and Operational Technology (OT) networks that originate from negligence, abandonment, and obsolescence. We propose more than ten protocol-specific identification methods to detect misconfigurations, fleet-wide vulnerabilities, and poor security maintenance. Furthermore, we investigate the long-tail effects of these issues and highlight the importance of monitoring OT networks. Our work also includes discussions on the results of multiple ethical disclosure campaigns, which reveal that, despite the efforts, advice is often ignored.

Laying the path forward, we present a new framework to orchestrate complex Internet measurements and monitor OT networks, building on the lessons from previous studies and best practices developed over time for reproducible and comparable measurements. Lastly, we present novel methods to remove noise from Internet surveys targeting OT protocols, which we estimate account for a fifth of the results reported in the literature.