Industrial Control Systems Vulnerabilities and Security Issues and Future Enhancements

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Industrial Control Systems Vulnerabilities and Security Issues and Future Enhancements"

Transcription

1 , pp Industrial Control Systems Vulnerabilities and Security Issues and Future Enhancements Hongseok Chae 1, AAmir Shahzad 1, Muhammad Irfan 2, HyangRan Lee 1, Malrey Lee 1* 1, 1* ,Center for Advanced Image and Information Technology, School of Electronics & Information Engineering, Chon Buk National University, , 1Ga, Deokjin-Dong, Jeonju, Chon Buk, Korea 2 Infrastructure University Kuala Lumpur (IUKL), Malaysia Kuala Lumpur,Malaysia Abstract. Massive numbers of applications have been developed to fulfill the requirements of end-users; the world is considered as a cell of communication in which applications are centralized and distributed, and accessed by internet. Like traditional networks, real time networks such as supervisory control and data acquisition (SCADA) systems, distributed controller systems (DCSs) and others have been employing the internet technology to connect their various stations, and with central controller(s). Internet technology brought several benefits in terms of real time delivery of information to, and between geographical located stations; but at the other side, numerous of security issues have also been accounted and considered to be dangerous for information delivery. In survey, numbers of vulnerabilities and security issues are identified by reviewing of existing researches in real time networks, existing security developments are also reviewed and analyzed, and future directions are highlighted that will enhance the security in real time transmission(s). Keywords: Real time systems; Supervisory control and data acquisition systems; Distributed controller systems 1 Introduction The industrial control systems (ICSs) have been developed in various infrastructure sectors such as electrical sectors, water and water distribution systems, oil miles, gas stations, automobile and transportations sectors and others, and gaining popularity day-day in industrial processing and automation due to revolution of modern information technology (IT). Typical industrial control systems (ICSs) are divided into three main categories including supervisory control and data acquisition ISSN: ASTL Copyright 2015 SERSC

2 (SCADA) systems, distributed controller systems (DCSs) and programmable logical controllers (PLCs). Fig. 1. ICS Network and Operations ICS performs several operations as part of industries and basic there components such as control loop, human-machine interface (HMI) and diagnostics and maintenance applications, which mange the ICS operations [1], [2]. Fig 1 shows the basic network structure of ICS. 2 Existing work and security analysis The cloud computing is a new technology for industrial control systems (ICSs) and it s provide most efficient and scalable communication with minimal cost. Usually, ICS hardware s and software s are very expensive and difficult to understand and operates, or required deep knowledge during configuration and setup [4], [6]. However, cloud computing infrastructure provides easy and cheap access to ICS apparatus, while employing the cloud models [4]. Several remote units are geographically distributed and can access the services of main controller via cloud over internet. ICS have been employing proprietary protocols such as DNP3, Modbus, Field bus, Profibus and other IEC standards, and open protocols such as TCP/IP and UDP, are required to transmit information over internet [4], [5]. As consequence, number of vulnerabilities and security issues are accounted due to large interconnectivity between proprietary protocols and non- proprietary protocols (or networks); few common vulnerabilities and security attacks are considered and are depicted in table 1[1 12]. Table 1. Security Attacks and Vulnerabilities Attacks Integrity Attacks, Authentication Attacks, confidentiality Attacks, Non-Repudiation Attacks, Unauthorized Access Control, Bot-network operators, Criminal groups, Phishers, Spammers and Spyware/malware, etc. Copyright 2015 SERSC 145

3 Vulnerabi lities[1] Inadequate security policy, No formal ICS security Inadequate security architecture, Lack of security administrative, no security audits, Lack of configuration, No proper OS and application security, Lack of adequate password policy Inadequate access controls applied, Inadequate testing of security changes, Insecure remote access on ICS components, Use of insecure industry-wide ICS protocols, Incidents are not detected, Malware protection software not installed, Weak network security architecture, Poorly configured security equipment, Passwords are not encrypted in transit, Inadequate access controls applied, No security perimeter defined, Inadequate firewall and router logs, No security monitoring on the ICS network, Lack of integrity checking for communications, Authentication of users, Inadequate authentication between clients and access points, Inadequate data protection between clients and access points and others. In paper [4], [5], [13], security mechanism using cryptograph algorithms has deployed to enhance the security of SCADA system and also gives directions for further developments. Key encryption is a time minimized security solution, while comparing with other encryption standards. Time is a very important factor, which has been counted for SCADA system [13]. Therefore, key encryption solution is proposed to secure the SCADA communication with time acquirements in mind. In this solution, message is not encrypted, only key or secret key is appended with desired message [4], [13]. Subsequently, key hash digest has been calculated and encrypted with private key. Then appended secret key and encrypted key hash digest is encrypted again with public key [4], [5], [12], [13]. This security solution significantly secured the SCADA communication against potential attacks including authentication attacks, integrity attacks, confidentiality attacks and non-repudiation attacks and required less time during encryption/decryption process [12], [13]. Cryptography dynamic buffer (CDB) has been proposed [14] after analyzing the detail existing security issues of SCADA system. The CDB is employed during whole security designed and implementation within SCADA protocol or DNP3 protocol. CBD has number of variable size fields that are utilized for security development within SCADA/DNP3 protocol [12 14]. During SCADA communication, the CBD kept the tracks of whole security implementation and its related detail such as sender/receiver port number and IP address, the sender/receiver security solution selection process according to communication needs, flow of bytes from lower to upper layer within stack and vice versa, indication of critical/non critical bytes that help to identify the authorized/ nonauthorized entity in SCADA communication and others [4], [5], [14]. The security solutions are implemented and validated successfully according to the SCADA/DNP3 communications needs and measured results are also compared with end-to-end performances [5], [12 14]. 3 Conclusion and future work This is a short report that reviews the industrial control system (ICS) and its major parts such as SCADA system, DCS and others (i.e., PLCs). The massive connectivity of real time systems with open networks over internet, made the communication of these system more vulnerable from various types of potential attacks (i.e., as discussed in literature). Real time access(or transmission) is more critical due to 146 Copyright 2015 SERSC

4 time limitations and more error, and attack prone, while comparing with traditional networks access, e.g., client/server applications or/and information exchanging between recipients in local area network(lan) and wide area network(wan). The current study made a review on potential vulnerabilities and on attacks that are residing in transmission of real time systems and also provides future directions (or analyzes the existing security mechanisms) that would be significant in enhancement of existing security References 1. Stouffer, J. Falco, K.Kent, 2006, Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security, Recommendations of the National Institute of Standards and Technology 2. Clarke, D. Reynders, E. Wright, 2004, Practical Modern SCADA Protocols: DNP3, and Related Systems. 3. S. Musa, A. Shahzad, A.Aborujilah, Secure security model implementation for security services and related attacks base on end- To-end, application layer and data link layer security, Proceeding ICUIMC '2013 Proceedings of the 7th International Conference on Ubiquitous Information Management and Communication, 2013, DOI: / Musa; Shahzad. A ; Aborujilah, Secure security model implementation for security services and related attacks base on end-to-end, application layer and data link layer security, Proceedings of the 7th International Conference on Ubiquitous Information Management and Communication, doi: / Jeffrey Hieb; James Graham; Sandip Patel, Security Enhancements for Distributed Control Systems, Critical Infrastructure Protection, IFIP International Federation for Information Processing Volume 253, 2008, pp doi: / _10 6. Shahzad, S., A. Aborujilah, M. Irfan, A Performance Approach: SCADA System Implementation within Cloud Computing Environment, ACSAT 2013, IEEE, doi: /ACSAT Hyung Jun Kim, Security and Vulnerability of SCADA Systems over IP-Based Wireless Sensor Networks, International Journal of Distributed Sensor Networks, vol. 2012, , 10 pages, doi: /2012/ Sugwon Hong; Myongho Lee, Challenges and Direction toward Secure Communication in the SCADA System, Communication Networks and Services Research Conference (CNSR), 2010 doi: /CNSR Zio, E.; Sansavini, G., "Vulnerability of Smart Grids With Variable Generation and Consumption: A System of Systems Perspective," Systems, Man, and Cybernetics: Systems, IEEE Transactions on, vol.43, no.3, pp.477,487, HyungJun Kim, Security and Vulnerability of SCADA Systems over IP-Based Wireless Sensor Networks, International Journal of Distributed Sensor Networks, vol. 2012, Article ID , pp.10. doi: /2012/ Hong; S. Lee, Challenges and perspectives in security measures for the SCADA system, In Proc. 5th Myongji-Tsinghua University Joint Seminar on Protection & Automation, A. Shahzad, S. Musa, M. Irfan, N-Secure Cryptography Solution for SCADA Security Enhancement, Trends in Applied Sciences Research, 2014, 9: doi: /tasr Shahzad, S., M. Irfan, Key Encryption Method for SCADA Security Enhancement, Journal of Applied Sciences,2014, DOI: /jas Copyright 2015 SERSC 147

5 14. A. Shahzad, S. Musa, M. Irfan, S. Asadullah, Deployment of New Dynamic Cryptography Buffer for SCADA Security Enhancement, Journal of Applied Sciences, 2014, 14: doi: /jas Copyright 2015 SERSC

THE SCADA REVIEW: SYSTEM COMPONENTS, ARCHITECTURE, PROTOCOLS AND FUTURE SECURITY TRENDS

THE SCADA REVIEW: SYSTEM COMPONENTS, ARCHITECTURE, PROTOCOLS AND FUTURE SECURITY TRENDS American Journal of Applied Sciences 11 (8): 1418-1425, 2014 ISSN: 1546-9239 2014 A. Shahzad et al., This open access article is distributed under a Creative Commons Attribution (CC-BY) 3.0 license doi:10.3844/ajassp.2014.1418.1425

More information

Wireless Communications for SCADA Systems Utilizing Mobile Nodes

Wireless Communications for SCADA Systems Utilizing Mobile Nodes , pp. 1-8 http://dx.doi.org/10.14257/ijsh.2013.7.5.01 Wireless Communications for SCADA Systems Utilizing Mobile Nodes Minkyu Choi Security Engineering Research Support Center, Daejon, Republic of Korea

More information

Conceptual Model of Real Time Infrastructure Within Cloud Computing Environment

Conceptual Model of Real Time Infrastructure Within Cloud Computing Environment Conceptual Model of Real Time Infrastructure Within Cloud Computing Environment AAmir Shahzad Shahrulniza Musa Abdulaziz Aborujilah Mohd Nazri Ismail Muhammad Irfan Windfield College, Kuala Lumpur,Malaysia

More information

Security Testing in Critical Systems

Security Testing in Critical Systems Security Testing in Critical Systems An Ethical Hacker s View Peter Wood Chief Executive Officer First Base Technologies Who is Peter Wood? Worked in computers & electronics since 1969 Founded First Base

More information

A Concise Model to Evaluate Security of SCADA Systems based on Security Standards

A Concise Model to Evaluate Security of SCADA Systems based on Security Standards A Concise Model to Evaluate Security of SCADA Systems based on Security Standards Nasser Aghajanzadeh School of Electrical and Computer Engineering, Shiraz University, Shiraz, Iran Alireza Keshavarz-Haddad

More information

ISACA rudens konference

ISACA rudens konference ISACA rudens konference 8 Novembris 2012 Procesa kontroles sistēmu drošība Andris Lauciņš Ievads Kāpēc tēma par procesa kontroles sistēmām? Statistics on incidents Reality of the environment of industrial

More information

SCADA System Security, Complexity, and Security Proof

SCADA System Security, Complexity, and Security Proof SCADA System Security, Complexity, and Security Proof Reda Shbib, Shikun Zhou, Khalil Alkadhimi School of Engineering, University of Portsmouth, Portsmouth, UK {reda.shbib,shikun.zhou,khalil.alkadhimi}@port.ac.uk

More information

Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion

Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion Network Security Tampere Seminar 23rd October 2008 1 Copyright 2008 Hirschmann 2008 Hirschmann Automation and and Control GmbH. Contents Overview Switch Security Firewalls Conclusion 2 Copyright 2008 Hirschmann

More information

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶 Network Security 網 路 安 全 Lecture 1 February 20, 2012 洪 國 寶 1 Outline Course information Motivation Introduction to security Basic network concepts Network security models Outline of the course 2 Course

More information

Scheme to Secure Communication of SCADA Master Station and Remote HMI s through Smart Phones

Scheme to Secure Communication of SCADA Master Station and Remote HMI s through Smart Phones 보안공학연구논문지 (Journal of Security Engineering), 제 8권 제 3호 2011년 6월 Scheme to Secure Communication of SCADA Master Station and Remote HMI s through Smart Phones Rosslin John Robles 1) and Tai-hoon Kim 2) Abstract

More information

A Proposed Integration of Hierarchical Mobile IP based Networks in SCADA Systems

A Proposed Integration of Hierarchical Mobile IP based Networks in SCADA Systems , pp. 49-56 http://dx.doi.org/10.14257/ijsh.2013.7.5.05 A Proposed Integration of Hierarchical Mobile IP based Networks in SCADA Systems Minkyu Choi 1 and Ronnie D. Caytiles 2 1 Security Engineering Research

More information

This is a preview - click here to buy the full publication

This is a preview - click here to buy the full publication TECHNICAL REPORT IEC/TR 62443-3-1 Edition 1.0 2009-07 colour inside Industrial communication networks Network and system security Part 3 1: Security technologies for industrial automation and control systems

More information

SCADA Security: Challenges and Solutions

SCADA Security: Challenges and Solutions SCADA Security: Challenges and Solutions June 2011 / White paper by Metin Ozturk, Philip Aubin Make the most of your energy Summary Executive Summary... p 2 Protecting Critical Infrastructure Includes

More information

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1 Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3

More information

Securing Distribution Automation

Securing Distribution Automation Securing Distribution Automation Jacques Benoit, Cooper Power Systems Serge Gagnon, Hydro-Québec Luc Tétreault, Hydro-Québec Western Power Delivery Automation Conference Spokane, Washington April 2010

More information

Advancement in Virtualization Based Intrusion Detection System in Cloud Environment

Advancement in Virtualization Based Intrusion Detection System in Cloud Environment Advancement in Virtualization Based Intrusion Detection System in Cloud Environment Jaimin K. Khatri IT Systems and Network Security GTU PG School, Ahmedabad, Gujarat, India Mr. Girish Khilari Senior Consultant,

More information

Introduction to Cyber Security / Information Security

Introduction to Cyber Security / Information Security Introduction to Cyber Security / Information Security Syllabus for Introduction to Cyber Security / Information Security program * for students of University of Pune is given below. The program will be

More information

Security Threats on National Defense ICT based on IoT

Security Threats on National Defense ICT based on IoT , pp.94-98 http://dx.doi.org/10.14257/astl.205.97.16 Security Threats on National Defense ICT based on IoT Jin-Seok Yang 1, Ho-Jae Lee 1, Min-Woo Park 1 and Jung-ho Eom 2 1 Department of Computer Engineering,

More information

The Advantages of an Integrated Factory Acceptance Test in an ICS Environment

The Advantages of an Integrated Factory Acceptance Test in an ICS Environment The Advantages of an Integrated Factory Acceptance Test in an ICS Environment By Jerome Farquharson, Critical Infrastructure and Compliance Practice Manager, and Alexandra Wiesehan, Cyber Security Analyst,

More information

Innovative Defense Strategies for Securing SCADA & Control Systems

Innovative Defense Strategies for Securing SCADA & Control Systems 1201 Louisiana Street Suite 400 Houston, Texas 77002 Phone: 877.302.DATA Fax: 800.864.6249 Email: info@plantdata.com Innovative Defense Strategies for Securing SCADA & Control Systems By: Jonathan Pollet

More information

SCADA System Security. ECE 478 Network Security Oregon State University March 7, 2005

SCADA System Security. ECE 478 Network Security Oregon State University March 7, 2005 SCADA System Security ECE 478 Network Security Oregon State University March 7, 2005 David Goeke Hai Nguyen Abstract Modern public infrastructure systems

More information

CAISO Information Security Requirements for the Energy Communication Network (ECN)

CAISO Information Security Requirements for the Energy Communication Network (ECN) Page 1 of 11 REVISION HISTORY VERSION DATE DESCRIPTION DRAFT 0.1 11/27/2002 Initial Draft 1.0 10/13/2003 Initially Released Version 1.1 11/15/2005 Minor clean-up. 1.2 05/30/2006 New logo and appendix change

More information

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN) MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file

More information

HMS Industrial Networks. Putting industrial applications on the cloud

HMS Industrial Networks. Putting industrial applications on the cloud HMS Industrial Networks Putting industrial applications on the cloud Whitepaper Best practices for managing and controlling industrial equipment remotely. HMS Industrial Networks Inc 35 E Wacker Drive,

More information

Security (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

Security (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012 Course Outline: Fundamental Topics System View of Network Security Network Security Model Security Threat Model & Security Services Model Overview of Network Security Security Basis: Cryptography Secret

More information

Cloud-based Distribute Processing of User-Customized Mobile Interface in U-Sensor Network Environment

Cloud-based Distribute Processing of User-Customized Mobile Interface in U-Sensor Network Environment , pp.18-22 http://dx.doi.org/10.14257/astl.2013.42.05 Cloud-based Distribute Processing of User-Customized Mobile Interface in U-Sensor Network Environment Changhee Cho 1, Sanghyun Park 2, Jadhav Yogiraj

More information

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network WP 1004HE Part 5 1. Cyber Security White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network Table of Contents 1. Cyber Security... 1 1.1 What

More information

Cloud Computing for SCADA

Cloud Computing for SCADA Cloud Computing for SCADA Moving all or part of SCADA applications to the cloud can cut costs significantly while dramatically increasing reliability and scalability. A White Paper from InduSoft Larry

More information

Industrial Security Solutions

Industrial Security Solutions Industrial Security Solutions Building More Secure Environments From Enterprise to End Devices You have assets to protect. Control systems, networks and software can all help defend against security threats

More information

Network/Cyber Security

Network/Cyber Security Network/Cyber Security SCAMPS Annual Meeting 2015 Joe Howland,VC3 Source: http://www.information-age.com/technology/security/123458891/how-7-year-old-girl-hacked-public-wi-fi-network-10-minutes Security

More information

IT Networking and Security

IT Networking and Security elearning Course Outlines IT Networking and Security powered by Calibrate elearning Course Outline CompTIA A+ 801: Fundamentals of Computer Hardware/Software www.medallionlearning.com Fundamentals of Computer

More information

Holistic View of Industrial Control Cyber Security

Holistic View of Industrial Control Cyber Security Holistic View of Industrial Control Cyber Security A Deep Dive into Fundamentals of Industrial Control Cyber Security Learning Goals o Understanding security implications involving industrial control systems

More information

Testing Intelligent Device Communications in a Distributed System

Testing Intelligent Device Communications in a Distributed System Testing Intelligent Device Communications in a Distributed System David Goughnour (Triangle MicroWorks), Joe Stevens (Triangle MicroWorks) dgoughnour@trianglemicroworks.com United States Smart Grid systems

More information

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323

More information

Network Security Administrator

Network Security Administrator Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze

More information

Easily Connect, Control, Manage, and Monitor All of Your Devices with Nivis Cloud NOC

Easily Connect, Control, Manage, and Monitor All of Your Devices with Nivis Cloud NOC Easily Connect, Control, Manage, and Monitor All of Your Devices with Nivis Cloud NOC As wireless standards develop and IPv6 gains widespread adoption, more and more developers are creating smart devices

More information

Security Issues in SCADA Networks

Security Issues in SCADA Networks Security Issues in SCADA Networks by V. M. Igure, S. A. Laughter, and R. D. Williams Computers & Security, 25(7): 498-506, 2006 presented by Ruilong Deng Postdoctoral Research Fellow School of Electrical

More information

MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE

MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But

More information

PCI DSS Requirements - Security Controls and Processes

PCI DSS Requirements - Security Controls and Processes 1. Build and maintain a secure network 1.1 Establish firewall and router configuration standards that formalize testing whenever configurations change; that identify all connections to cardholder data

More information

The Protection Mission a constant endeavor

The Protection Mission a constant endeavor a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring

More information

IT Security and OT Security. Understanding the Challenges

IT Security and OT Security. Understanding the Challenges IT Security and OT Security Understanding the Challenges Security Maturity Evolution in Industrial Control 1950s 5/4/2012 # 2 Technology Sophistication Security Maturity Evolution in Industrial Control

More information

TASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices

TASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security

More information

ICS, SCADA, and Non-Traditional Incident Response. Kyle Wilhoit Threat Researcher, Trend Micro

ICS, SCADA, and Non-Traditional Incident Response. Kyle Wilhoit Threat Researcher, Trend Micro ICS, SCADA, and Non-Traditional Incident Response Kyle Wilhoit Threat Researcher, Trend Micro 1 $whoami Threat Researcher, FTR, Trend Micro Threat Researcher at Trend Micro- research and blogger on criminal

More information

Benefits of Network Level Security at the RTU Level. By: Kevin Finnan and Philippe Willems

Benefits of Network Level Security at the RTU Level. By: Kevin Finnan and Philippe Willems By: Kevin Finnan and Philippe Willems Introduction New security capabilities at the remote terminal unit (RTU) level are substantially easing implementation of cyber security measures in SCADA systems.

More information

Current and Future Research into Network Security Prof. Madjid Merabti

Current and Future Research into Network Security Prof. Madjid Merabti Current and Future Research into Network Security Prof. Madjid Merabti School of Computing & Mathematical Sciences Liverpool John Moores University UK Overview Introduction Secure component composition

More information

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst. 2010. Page 1 of 7 www.ecfirst.com

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst. 2010. Page 1 of 7 www.ecfirst.com Policy/Procedure Description PCI DSS Policies Install and Maintain a Firewall Configuration to Protect Cardholder Data Establish Firewall and Router Configuration Standards Build a Firewall Configuration

More information

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS

More information

Security for. Industrial. Automation. Considering the PROFINET Security Guideline

Security for. Industrial. Automation. Considering the PROFINET Security Guideline Security for Industrial Considering the PROFINET Security Guideline Automation Industrial IT Security 2 Plant Security Physical Security Physical access to facilities and equipment Policies & Procedures

More information

A Model Design of Network Security for Private and Public Data Transmission

A Model Design of Network Security for Private and Public Data Transmission 2011, TextRoad Publication ISSN 2090-424X Journal of Basic and Applied Scientific Research www.textroad.com A Model Design of Network Security for Private and Public Data Transmission Farhan Pervez, Ali

More information

On the use of Honeypots for Detecting Cyber Attacks on Industrial Control Networks

On the use of Honeypots for Detecting Cyber Attacks on Industrial Control Networks CIBSI 2013 Panama City, Panama, October 30 th, 2013 On the use of Honeypots for Detecting Cyber Attacks on Industrial Control Networks Paulo Simões, Tiago Cruz, Jorge Gomes, Edmundo Monteiro psimoes@dei.uc.pt

More information

Control Architecture for Substation Automation Systems based on IEC 61850 and IEC 61499 Standards

Control Architecture for Substation Automation Systems based on IEC 61850 and IEC 61499 Standards Control Architecture for Substation Automation Systems based on IEC 61850 and IEC 61499 Standards VALENTIN VLAD, CEZAR DUMITRU POPA, CORNELIU OCTAVIAN TURCU, CORNELIU BUZDUGA Electrical Engineering and

More information

SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTING SECURITY ENVIRONMENT

SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTING SECURITY ENVIRONMENT SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTING SECURITY ENVIRONMENT K.karthika 1, M. Daya kanimozhi Rani 2 1 K.karthika, Assistant professor, Department of IT, Adhiyamaan College of Engineering, Hosur

More information

AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS

AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS http://dx.doi.org/10.5516/net.04.2012.091 AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS JAE-GU SONG *, JUNG-WOON LEE, GEE-YONG PARK, KEE-CHOON KWON,

More information

SCADA Protocols and Security

SCADA Protocols and Security WHITE PAPER ON SCADA Protocols and Security Prepared by Mohammed Samiuddin www.itmr.ac.in Contents INTRODUCTION... 2 SCADA PROTOCOL AND SECURITY... 3 SCADA PROTOCAL... 3 DISTRIBUTED NETWORK PROTOCAL (DNP)...

More information

Fieldbus Protocol For Secured Wireless Sensor Network Communication in Process Automation

Fieldbus Protocol For Secured Wireless Sensor Network Communication in Process Automation Fieldbus Protocol For Secured Wireless Sensor Network Communication in Process Automation 92 Dr.S.Udayakumar* and S.Ananthi** *National Institute of Technical Teacher s Training and Research (NITTT&R),

More information

Security Issues with Integrated Smart Buildings

Security Issues with Integrated Smart Buildings Security Issues with Integrated Smart Buildings Jim Sinopoli, Managing Principal Smart Buildings, LLC The building automation industry is now at a point where we have legitimate and reasonable concern

More information

How to Choose the Right Industrial Firewall: The Top 7 Considerations. Li Peng Product Manager

How to Choose the Right Industrial Firewall: The Top 7 Considerations. Li Peng Product Manager How to Choose the Right Industrial Firewall: The Top 7 Considerations Li Peng Product Manager The right industrial firewall can strengthen the safety and reliability of control systems Central to industrial

More information

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Module 8. Network Security. Version 2 CSE IIT, Kharagpur Module 8 Network Security Lesson 3 Firewalls Specific Instructional Objectives On completion of this lesson, the students will be able to answer: What a firewall is? What are the design goals of Firewalls

More information

BlackRidge Technology Transport Access Control: Overview

BlackRidge Technology Transport Access Control: Overview 2011 BlackRidge Technology Transport Access Control: Overview 1 Introduction Enterprises and government agencies are under repeated cyber attack. Attacks range in scope from distributed denial of service

More information

A Noble Integrated Management System based on Mobile and Cloud service for preventing various hazards

A Noble Integrated Management System based on Mobile and Cloud service for preventing various hazards , pp.166-171 http://dx.doi.org/10.14257/astl.205.98.42 A Noble Integrated Management System based on Mobile and Cloud service for preventing various hazards Yeo ChangSub 1, Ryu HyunKi 1 and Lee HaengSuk

More information

SEMANTIC SECURITY ANALYSIS OF SCADA NETWORKS TO DETECT MALICIOUS CONTROL COMMANDS IN POWER GRID

SEMANTIC SECURITY ANALYSIS OF SCADA NETWORKS TO DETECT MALICIOUS CONTROL COMMANDS IN POWER GRID SEMANTIC SECURITY ANALYSIS OF SCADA NETWORKS TO DETECT MALICIOUS CONTROL COMMANDS IN POWER GRID ZBIGNIEW KALBARCZYK EMAIL: KALBARCZ@ILLINOIS.EDU UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN JANUARY 2014

More information

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards SCADA Compliance Tools For NERC-CIP The Right Tools for Bringing Your Organization in Line with the Latest Standards OVERVIEW Electrical utilities are responsible for defining critical cyber assets which

More information

A Security Mechanism for Remote Monitoring System Security using Smartphone

A Security Mechanism for Remote Monitoring System Security using Smartphone A Security Mechanism for Remote Monitoring System Security using Smartphone Sungjae Yu Chau Ngoc Tu Souhwan Jung School of Electronic Engineering Soongsil University SEOUL, KOREA {ysj77777, chaungoctu,

More information

Data Storage Security in Cloud Computing

Data Storage Security in Cloud Computing Data Storage Security in Cloud Computing Prashant M. Patil Asst. Professor. ASM s, Institute of Management & Computer Studies (IMCOST), Thane (w), India E_mail: prashantpatil11@rediffmail.com ABSTRACT

More information

LAB FORWARD. WITH PROService RMS TECHNOLOGY, ARCHITECTURE AND SECURITY INFORMATION FOR IT PROFESSIONALS

LAB FORWARD. WITH PROService RMS TECHNOLOGY, ARCHITECTURE AND SECURITY INFORMATION FOR IT PROFESSIONALS LAB FORWARD WITH PROService RMS TECHNOLOGY, ARCHITECTURE AND SECURITY INFORMATION FOR IT PROFESSIONALS Medical diagnostics are a vital part of the modern healthcare system, and instrument uptime is critical

More information

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder ) Application Note Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder ) This document describes how to configure McAfee Firewall Enterprise to provide

More information

Network Security Infrastructure Testing

Network Security Infrastructure Testing Network Security Infrastructure Testing Version 1.2 October 12, 2005 Prepared by: Sandia National Laboratories Center for SCADA Security Project Lead Ray Parks Technical Lead Jason Hills Technical Support

More information

Roger W. Kuhn, Jr. Advisory Director Education Fellow Cyber Security Forum Initiative

Roger W. Kuhn, Jr. Advisory Director Education Fellow Cyber Security Forum Initiative Roger W. Kuhn, Jr. Advisory Director Education Fellow Cyber Security Forum Initiative November 2014 Disclaimer Current SCADA Vulnerability Factors Industrial Control Systems 101 Proposed Countermeasures

More information

Directory and File Transfer Services. Chapter 7

Directory and File Transfer Services. Chapter 7 Directory and File Transfer Services Chapter 7 Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP over traditional authentication systems Identify major

More information

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s

More information

Secure SCADA Network Technology and Methods

Secure SCADA Network Technology and Methods Secure SCADA Network Technology and Methods FARKHOD ALSIHEROV, TAIHOON KIM Dept. Multimedia Engineering Hannam University Daejeon, South Korea sntdvl@yahoo.com, taihoonn@paran.com Abstract: The overall

More information

THE FUTURE OF SMART GRID COMMUNICATIONS

THE FUTURE OF SMART GRID COMMUNICATIONS THE FUTURE OF SMART GRID COMMUNICATIONS KENNETH C. BUDKA CTO STRATEGIC INDUSTRIES MAY 2014 THE GRID OF THE FUTURE WIDE-SCALE DEPLOYMENT OF RENEWABLES INCREASED ENERGY EFFICIENCY PEAK POWER REDUCTION, DEMAND

More information

Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All

More information

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc. Considerations In Developing Firewall Selection Criteria Adeptech Systems, Inc. Table of Contents Introduction... 1 Firewall s Function...1 Firewall Selection Considerations... 1 Firewall Types... 2 Packet

More information

A Study of Key management Protocol for Secure Communication in Personal Cloud Environment

A Study of Key management Protocol for Secure Communication in Personal Cloud Environment , pp.51-58 http://dx.doi.org/10.14257/ijsia.2014.8.4.05 A Study of Key management Protocol for Secure Communication in Personal Cloud Environment ByungWook Jin 1 and Keun-Wang Lee 2,* 1 Dept. of Computer

More information

WISE-4000 Series. WISE IoT Wireless I/O Modules

WISE-4000 Series. WISE IoT Wireless I/O Modules WISE-4000 Series WISE IoT Wireless I/O Modules Bring Everything into World of the IoT WISE IoT Ethernet I/O Architecture Public Cloud App Big Data New WISE DNA Data Center Smart Configure File-based Cloud

More information

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or

More information

Section 1 CREDIT UNION Member Information Security Due Diligence Questionnaire

Section 1 CREDIT UNION Member Information Security Due Diligence Questionnaire SAMPLE CREDIT UNION INFORMATION SECURITY DUE DILIGENCE QUESTIONNAIRE FOR POTENTIAL VENDORS Section 1 CREDIT UNION Member Information Security Due Diligence Questionnaire 1. Physical security o Where is

More information

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0 Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust

More information

Cisco Connected Grid Security for Field Area Network

Cisco Connected Grid Security for Field Area Network White Paper Cisco Connected Grid Security for Field Area Network Introduction Utilities all over the world are undergoing significant transition in their grid from transmission to consumption. Regulatory

More information

Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN)

Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN) Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN) Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4185 10-1 Virtual LANs Description: Group of devices

More information

Information Security Basic Concepts

Information Security Basic Concepts Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,

More information

Cyber Security Controls Assessment : A Critical Discipline of Systems Engineering

Cyber Security Controls Assessment : A Critical Discipline of Systems Engineering Cyber Controls : A Critical Discipline of Systems 14 th Annual NDIA Systems San Diego, CA October 24-28, 2011 Bharat Shah Lockheed Martin IS&GS bharat.shah@lmco.com Purpose Provide an overview on integrating

More information

A Research Using Private Cloud with IP Camera and Smartphone Video Retrieval

A Research Using Private Cloud with IP Camera and Smartphone Video Retrieval , pp.175-186 http://dx.doi.org/10.14257/ijsh.2014.8.1.19 A Research Using Private Cloud with IP Camera and Smartphone Video Retrieval Kil-sung Park and Sun-Hyung Kim Department of Information & Communication

More information

A Systems Approach to HVAC Contractor Security

A Systems Approach to HVAC Contractor Security LLNL-JRNL-653695 A Systems Approach to HVAC Contractor Security K. M. Masica April 24, 2014 A Systems Approach to HVAC Contractor Security Disclaimer This document was prepared as an account of work sponsored

More information

Update On Smart Grid Cyber Security

Update On Smart Grid Cyber Security Update On Smart Grid Cyber Security Kshamit Dixit Manager IT Security, Toronto Hydro, Ontario, Canada 1 Agenda Cyber Security Overview Security Framework Securing Smart Grid 2 Smart Grid Attack Threats

More information

Remote Services. Managing Open Systems with Remote Services

Remote Services. Managing Open Systems with Remote Services Remote Services Managing Open Systems with Remote Services Reduce costs and mitigate risk with secure remote services As control systems move from proprietary technology to open systems, there is greater

More information

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such

More information

A Resilient Device Monitoring System in Collaboration Environments

A Resilient Device Monitoring System in Collaboration Environments , pp.103-114 http://dx.doi.org/10.14257/ijsh.2014.8.5.10 A Resilient Device Monitoring System in Collaboration Environments KeeHyun Park 1 and JongHwi Lee 1 Department of Computer Engineering, Keimyung

More information

SCADA SYSTEMS AND SECURITY WHITEPAPER

SCADA SYSTEMS AND SECURITY WHITEPAPER SCADA SYSTEMS AND SECURITY WHITEPAPER Abstract: This paper discusses some of the options available to companies concerned with the threat of cyber attack on their critical infrastructure, who as part of

More information

Cyber Security Management for Utility Operations by Dennis K. Holstein (Opus Publishing) and Jose Diaz (Thales esecurity)

Cyber Security Management for Utility Operations by Dennis K. Holstein (Opus Publishing) and Jose Diaz (Thales esecurity) Cyber Security Management for Utility Operations by Dennis K. Holstein (Opus Publishing) and Jose Diaz (Thales esecurity) Abstract Strong identity management enforced with digital authentication mechanisms

More information

PLCs and SCADA Systems

PLCs and SCADA Systems Hands-On Programmable Logic Controllers and Supervisory Control / Data Acquisition Course Description This extensive course covers the essentials of SCADA and PLC systems, which are often used in close

More information

Cyber Security of the Power Grid

Cyber Security of the Power Grid Cyber Security of the Power Grid Chen-Ching Ching Liu Professor of Power Systems University College Dublin Research for Ireland s Future Ireland -Country of natural beauty -Quality of life ranked among

More information

RAYSAFE S1 SECURITY WHITEPAPER VERSION B. RaySafe S1 SECURITY WHITEPAPER

RAYSAFE S1 SECURITY WHITEPAPER VERSION B. RaySafe S1 SECURITY WHITEPAPER RaySafe S1 SECURITY WHITEPAPER Contents 1. INTRODUCTION 2 ARCHITECTURE OVERVIEW 2.1 Structure 3 SECURITY ASPECTS 3.1 Security Aspects for RaySafe S1 Data Collector 3.2 Security Aspects for RaySafe S1 cloud-based

More information

Critical Infrastructure & Supervisory Control and Data Acquisition (SCADA) CYBER PROTECTION

Critical Infrastructure & Supervisory Control and Data Acquisition (SCADA) CYBER PROTECTION Critical Infrastructure & Supervisory Control and Data Acquisition (SCADA) CYBER PROTECTION ALBERTO AL HERNANDEZ, ARMY RESERVE OFFICER, SOFTWARE ENGINEER PH.D. CANDIDATE, SYSTEMS ENGINEERING PRESENTATION

More information

Secure Networking for Critical Infrastructure Using Service-aware switches for Defense-in-Depth deployment

Secure Networking for Critical Infrastructure Using Service-aware switches for Defense-in-Depth deployment Secure Networking for Critical Infrastructure Using Service-aware switches for Defense-in-Depth deployment Introduction 1 Distributed SCADA security 2 Radiflow Defense-in-Depth tool-set 4 Network Access

More information

Wireless LANs and Healthcare: Understanding Security to Ensure Compliance with HIPAA

Wireless LANs and Healthcare: Understanding Security to Ensure Compliance with HIPAA : Understanding Security to Ensure Compliance with HIPAA Healthcare is a natural environment for wireless LAN solutions. With a large mobile population of doctors, nurses, physician s assistants and other

More information

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7 20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic

More information

Draft ITU-T Recommendation X.805 (Formerly X.css), Security architecture for systems providing end-to-end communications

Draft ITU-T Recommendation X.805 (Formerly X.css), Security architecture for systems providing end-to-end communications Draft ITU-T Recommendation X.805 (Formerly X.css), architecture for systems providing end-to-end communications Summary This Recommendation defines the general security-related architectural elements that

More information

A Survey on Security Threats and Security Technology Analysis for Secured Cloud Services

A Survey on Security Threats and Security Technology Analysis for Secured Cloud Services , pp.21-30 http://dx.doi.org/10.14257/ijsia.2013.7.6.03 A Survey on Security Threats and Security Technology Analysis for Secured Cloud Services Changsoo Lee 1, Daewon Jung 2 and Keunwang Lee 3 1 Dept.

More information