CYBERSEC 2021 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy. I Agree

May 4-6 at Taipei Nangang Exhibition Center, Hall 2

Taiwan's Cybersecurity Researchers
OT Security Forum
  • May 4th (Tue)
  • 14:45 - 15:15
  • 7F 701G

Common Flaws in Public and Private ICS Network Protocols

Chinese Onsite

Industrial Control Systems / Supervisory Control and Data Acquisition (ICS/SCADA) are both the lifeblood of any critical infrastructure, and play an important role in any operation’s ability to communicate between various ICS components, relay sensitive data, or manage critical sensors and equipment. Due to the specific and unique needs of the industrial control industry, ICS vendors are forced to choose between using public network protocols or creating private proprietary protocols based on the different needs of programmable logic controller (PLC) vendors. Each protocol has their own potential risk profile that must be considered in relation to security concerns and operational requirements.


In our research, we analyze 9 ICS protocols (5 public and 4 private) which are widely used in the critical infrastructure sectors of power, water, transportation, petroleum, and manufacturing. In each of these public and private ICS protocols, we found some common flaws which allow attackers to easily sniff unencrypted traffic and perform ICS protocol-centered attacks. These attacks include T833 - Modify Control Logic, T836 - Modify Parameter, T843 - Program Download, T856 - Spoof Reporting Message - Modbus/TCP and T855 - Unauthorized Command Message which map to MITRE ATT&CK for ICS. Attacker can be accomplished without the intruder needing to acquire authentication or authorization. Also, we provide 5 attack demos which across 1 public and 3 private protocols, to show how these common flaws will cause huge impacts such as T832 - Manipulation of View and T831 - Manipulation of Control to ICS. Finally, we demonstrate how to againist ICS network protocols attack.

ICS/SCADA Security Network SecurityCritical Infrastructure Protection
Mars Cheng

Mars Cheng

Threat Research Manager, TXOne Networks
Executive Director, Association of Hackers in Taiwan

Mars Cheng (@marscheng_) leads TXOne Networks’ PSIRT and Threat Research Team as their Threat Research Manager, coordinating product security initiatives and threat research efforts. He is also the Executive Director for the Association of Hackers in Taiwan and General Coordinator of HITCON CISO Summit 2024, facilitating collaboration between enterprises and the government to bolster the cybersecurity landscape. Additionally, Mars serves as a Cybersecurity Auditor for the Taiwan Government. His expertise spans ICS / SCADA systems, malware analysis, threat intelligence and hunting, and enterprise security. Mars has made significant contributions to the cybersecurity community, including authoring more than ten CVE-IDs and publishing in three SCI journals on applied cryptography. Mars is a frequent speaker and trainer at numerous prestigious international cybersecurity conferences and has presented over 50 times, including Black Hat USA / Europe / MEA, RSA Conference, DEF CON, CODE BLUE, SecTor, Troopers, FIRST, HITB, ICS Cyber Security Conference Asia and USA, HITCON, NoHat, ROOTCON, SINCON, CYBERSEC, and many others. He has successfully organized several past HITCON events, including HITCON CISO Summit 2023, HITCON PEACE 2022, HITCON 2021, and HITCON 2020, demonstrating his commitment to advancing the field of cybersecurity.

Selmon Yang

Selmon Yang

Staff Engineer, TXOne Networks

Selmon Yang is a Staff Engineer at TXOne Networks. He is responsible for parsing IT/OT Protocol, linux kernel programming, and honeypot development and adjustment. Selmon also spoke at DEFCON, ICS Cyber Security Conference Asia, HITCON, SecTor and HITB.