Constructing cost-effective and targetable industrial control system honeypots for production networks

Critical infrastructure assets - and especially industrial control systems - are at risk. Malicious actors are constantly developing exploits that sneak past security controls. Honeypots offer an opportunity to acquire knowledge about the tactics, techniques and procedures used by malicious entities to compromise sensitive systems. However, the proprietary, and often expensive, hardware and software used by industrial control systems make it very challenging to build flexible, economical and scalable honeypots. This paper describes a technique that uses proxy technology to produce multiple high-interaction honeypots using a single programmable logic controller. The technique provides a cost-effective method for distributing multiple, authentic, targetable honeypots at slightly more than the cost of a single programmable logic controller.