SCADA / Smart Grid Security Who is really in control of our Control Systems?

Transcription

1 SCADA / Smart Grid Security Who is really in control of our Control Systems? Simone Riccetti Certified SCADA Security Architect

2 Agenda Overview of Security landscape SCADA security problem How to protect the infrastructure Conclusions Questions 2

3 2011 Threats landscape 3

4 2011 Vulnerabilities landscape 4

5 Stuxnet Sfrutta 4 vulnerabilità di Windows come punto di inizio dell attacco ai sistemi SCADA (al 12 ottobre 2010 solo tre sono state chiuse, e solo per versioni di Windows supportate) Attacco tipo 0-Day Si propaga attraverso la rete e periferiche USB (per superare l Air Gap tra la rete SCADA e quella di Office Automation) Gli attackers hanno integrato nell attacco 2 certificati digitali trusted (probabilmente rubati) Sfrutta la password hard-coded di un particolare sistema SCADA di Siemens (WinCC e PCS 7) Può modificare il codice dei PLC Le macchine compromesse si connettono tra loro e con un C&C esterno, con le stesse modalità di una rete peer-to-peer E uno degli attacchi più complessi Ha diverse tecniche per mascherarsi, inclusa l auto cancellazione

6 SCADA Security problem 6

7 SCADA HMI Example 7

8 SCADA Architecture Example 8

9 SCADA Security Comparisons A comparison of Security used in U.S. companies vs. Security used in process systems: Topic Corporate IT Process Systems Anti Virus Widely used Used with care Lifetime 3-5 years 5-20 years Outsourcing Widely used Rarely used for operations Patching Frequent Slow (requires vendor approval or extensive testing) Change Frequent Rare Security Skills & Awareness Medium to High Poor IT security, no awareness training Security Testing Widely used Must be used with care Physical Security Usually secure & manned Good controls but often remote & unmanned 99

10 SCADA environment priorities Automation network Office network 10

11 A Smart Grid needs security enforcement at multiple points Utility Communication Link SCADA network systems Advanced metering data management system Substation Remote Monitoring equipment Meter to Cell Relay IP addressability and use of open standard protocols for the control grid necessitates it to be securely protected at multiple points 11

12 Bridging Networks Softest targets appear to be the control centers Greatest use of PC systems Frequent external connectivity Entry-point to critical plant systems Bridging control centers and the plant operational framework Network connectivity for ease of operational control Vulnerable to malware - proxy remote attacks 12

13 A TCP/IP Enabled World Process Control Systems (PCS) migrating to TCP/IP networks SCADA and DCS typically rely upon wrapped protocols Analog control and reporting protocols embedded in digital protocols Encryption and command integrity limitations Poor selection of TCP/IP protocols Problems with patching embedded operating systems Controllers typically running outdated OS s Security patches and updates not applied Difficulty patching the controllers 13

14 ICS-ALERT Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) ha emesso un alert riguardo al motore di ricerca SHODAN, che può essere utilizzato per identificare I sistemi SCADA che sono connessi a Internet. Questo può essere sfruttato da parte di attacker per compromettere questi sistemi. ICS-ALERT descrive una serie di raccomandazioni per ridurre questo rischio.

15 Cronologia di alcuni attacchi SCADA

16 Possible SCADA Threats How can we be open, yet secure? Directed Threats Industrial Sabotage Disgruntled employees Competing vendors Industrial espionage Coordinated Terrorist Threat Physical + Cyber Attack Internal and External Hackers Indirect Threats Operator Error Minor human errors can have disastrous effects Viruses/Worms (ie. Slammer) 16

17 IBM SCADA security approach 17

18 IBM ISS SCADA Security Assessment (Service description) Information Gathering Network Analysis Network Vulnerability Analysis Review environment Types of systems Timing requirements Locations Security requirements Gain understanding of network architecture and systems in place Identify security issues related to the network architecture Identify security issues based on observed network components and network traffic Identify interconnections with other networks - Intranets, wireless, dialup Identify vulnerabilities in devices Identify vulnerabilities in applications System Vulnerability Analysis Identify vulnerabilities in devices Identify system configuration and procedural vulnerabilities such as weak passwords, virus protection, patch management, system logging, etc. Application Vulnerability Analysis Identify vulnerabilities in SCADA application components Vulnerability Identification/Validation Review all data from automated tools and, where possible, check systems to verify identified vulnerabilities 18

19 SCADA Penetration Tests Remote Penetration test Local Penetration test National and International Two SCADA Pentest Examples Nuclear Power Station Remote Assessment Smart Meter Assessment 19

20 Attack Vectors Indirect Internet Attacks (e.g. VPN) Direct Internet Attacks Wireless WiFi Attacks Vulnerable networked services Wireless RF Attacks Control/Office Infrastructure Control Bridge Plant Infrastructure Indirect Malware Infections Malware infected hosts Guessed/stole n credentials Portable Media Attacks Embedded Command Attacks Device Contamination 20

21 SCADA Security: Soluzioni IBM

22 Questions? 22