When will my PLC support Mirai? The security economics of large-scale attacks against internet-connected ICS devices

Michael Dodson, Alastair R. Beresford, Daniel R. Thomas

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

5 Downloads (Pure)


For nearly a decade, security researchers have highlighted the grave risk presented by Internet-connected Industrial Control Systems (ICS). Predictions of targeted and indiscriminate attacks have yet to materialise despite continued growth of a vulnerable population of devices. We investigate the missing attacks against ICS, focusing on large-scale attacks enabled by Internet-connected populations. We fingerprint and track more than 10,000 devices over four years to confirm that the population is growing, continuously-connected, and unpatched. We also track 150,000 botnet hosts, monitor 120 global ICS honeypots, and sift 70 million underground forum posts to show that the cybercrime community has little competence or interest in the ICS domain. Attackers may be dissuaded by the high cost of entry, the fragmented ICS population, and limited onboard resources; however, this justification is incomplete. We use a series of case studies to develop a security economics model for large-scale attacks against Internet-connected populations in general, and use it to explain both the current lack of interest in ICS and the features of Industry 4.0 that will make the domain more accessible and attractive to attackers.
Original languageEnglish
Title of host publicationProceedings of the 2020 APWG Symposium on Electronic Crime Research, eCrime 2020
Place of PublicationPiscataway, N.J.
Number of pages14
ISBN (Electronic)9781665425391
ISBN (Print)9781665430845
Publication statusPublished - 27 Jul 2021
EventAPWG Symposium on Electronic Crime Research - Online
Duration: 16 Nov 202019 Nov 2020

Publication series

NameeCrime Researchers Summit, eCrime
ISSN (Print)2159-1237
ISSN (Electronic)2159-1245


ConferenceAPWG Symposium on Electronic Crime Research
Abbreviated titleeCrime 2020
Internet address


  • ICS
  • industrial control systems
  • internet scanning
  • underground forums
  • cybercrime
  • security economics

Cite this