IDENTIFYING AND MITIGATING ZERO-DAY VULNERABILITIES IN INDUSTRIAL CONTROL SYSTEMS

Abstract

This dissertation addresses the critical issue of zero-day vulnerabilities within Industrial Control Systems (ICS), which govern essential infrastructure sectors such as energy, water, and manufacturing. As ICS environments integrate with Information Technology (IT) systems for enhanced operational efficiency, they become increasingly susceptible to cyber threats, including undetected zero-day exploits that can severely disrupt physical processes. This study focuses on identifying and mitigating zero-day vulnerabilities within ICS by developing a software tool that monitors and detects deviations in Windows services configuration against baseline configurations set by ICS vendors.

The research involved designing a tool using PowerShell to gather, preprocess, and compare service data from Windows-based ICS systems, aiming to identify potential misconfigurations or unauthorized modifications that could signal a zero-day exploit. Through an experimental setup in a controlled ICS environment, the tool was evaluated for its efficiency in detecting deviations in service existence and start modes, key indicators of potential vulnerabilities. Results demonstrate the tool’s high accuracy in detecting configuration drifts, enabling proactive vulnerability management and reducing the ICS attack surface. The study underscores the importance of continuous monitoring, baseline configuration checks, and anomaly detection as proactive security measures for ICS environments. This research contributes significantly to ICS security, proposing a scalable solution for safeguarding critical infrastructure against evolving cyber threats.