Intrusion Avoidance for SCADA Security in Industrial Plants

Size: px
Start display at page:

Download "Intrusion Avoidance for SCADA Security in Industrial Plants"

Transcription

1 Intrusion Avoidance for SCADA Security in Industrial Plants Athar Mahboob Department of Electronic and Power Engineering National University of Sciences & Technology Karachi, Pakistan Junaid Zubairi Department of Computer Science State University of New York at Fredonia New York, USA ABSTRACT In this paper we present an overview of security threats to the cyber infrastructure of industrial and power plants and the current state of affairs of industrial and SCADA cyber security. Control systems security is of prime importance especially for energy sector. North American Electric Reliability Council (NERC) has issued mandatory rules which must be complied by 2010 by all registered power operators in order to ensure control systems security for power plants. Cyber security assessment was conducted on ICS (Industrial control systems) of different companies for a period of four years and several vulnerabilities were identified. Main problems included use of weak encryption, standard protocols and information disclosure using unencrypted communication among ICS hosts on the network. Exploiting these vulnerabilities, a hacker could alter the communication between ICS and controlled equipment, resulting in malfunction. Overcoming these vulnerabilities is essential in order to protect the vital power sector in any country of the world. We present important guidelines and standards in cyber security and propose a simple intrusion detection scheme for SCADA networks. which have been Internet and web-enabled. The driving force behind this adoption has been the possibility of huge cost savings and the ease of use and familiarity with these interfaces [1]. One important aspect was overlooked during this wide-spread adoption of Internet Technologies. Industrial control systems hitherto had been operating in isolation with the world outside the industrial plant. This defacto isolation provided a security to these control systems which now stands withdrawn. Now these industrial control systems stand vulnerable to the same threats that the enterprise information systems have faced for decades. However, the consequences of these threats are much more severe in case of industrial and SCADA systems. What exacerbates the situation is that while Information Security has been well studied in Enterprise IT, in the industrial environment the problem has just started to be studied and addressed. At the same time the operations and maintenance staff of these systems is not fully prepared to face the challenges. The road to secure SCADA systems will be a long and arduous one. In this paper we present the current state of affairs and propose a simple technique for intrusion detection. 1.1 What is SCADA? KEYWORDS: SCADA Security, Industrial Cyber Security 1. INTRODUCTION The industrial environment has changed significantly in last two decades. Networked control systems have become ubiquitous. There is increasing use of standard protocols like TCP/IP and Ethernet. Many control and status monitoring systems have Human Machine Interfaces (HMI) SCADA (Supervisory Control and Data Acquisition) is a system to automate industrial control and monitoring. SCADA includes field sensors, Programmable Logic Controllers (PLC) and Remote Telemetering Units (RTU). SCADA use can be found in power generation, manufacturing automation, oil and gas exploration and utilities monitoring and control. A typical SCADA system is shown in figure 1. SCADA can turn ON and OFF equipment automatically under the control of software or remotely through human interface devices. SCADA can be used to monitor pa-

2 that many industrial control systems became insecure without their owners realizing this. Operator HMI Internet MTU RTU RTU To give a proof of concept of the threat to cyber infrastructure of industrial plants in March 2007, the Department of Energys Idaho National Laboratory made a video demonstrating the Aurora vulnerability. A series of on and off commands were sent to a large generator set connected to a TCP/IP network. These commands were timed so that the generator became out of phase and was destroyed. The video was released to the press and made the point that the use of open networking standards such as TCP/IP was creating system-wide vulnerabilities [1]. Sensor Sensor Sensor Figure 1. Typical SCADA System Components rameters such as temperature, pressure, flow rate, ph, etc. SCADA can set off alarms based on collected and observed data. SCADA remote access can be enabled through a web based interface or specialized software on networked machines. 1.2 IT Penetration in Industrial Plants and Cause of Problem Industrial process equipment is generally controlled by devices (PLCs, RTUs and DCS). These devices are monitored and controlled by Human Machine Interfaces (HMI). HMI increasingly use common commercial operating systems and standard PCs. The upside of this is that networking allows sharing of data for maintenance and management thus improving process and industrial productivity. The downside is that PCs can be hacked enabling intruder access to industrial process. An informative study of the problem has been done in [1] which highlights that utility control systems were originally designed for dependability and ease of safe use by operators. In the past they used completely private networks. For this reason their designers gave no attention to authentication or encryption. These networks tend to be organized in star topology, with many sensors and actuators connected to a control center. Use of protocols such as DNP and Modbus on these control networks enables anyone who can communicate with a sensor to read it and for anyone who can send data to an actuator to give it instructions. Private networks are generally expensive, and the prospects of mammoth cost reductions lured engineers to connect control systems to the Internet. The end result is 2. Industrial IT Systems versus Enterprise IT Systems Whereas cyber security has received considerable attention in enterprise information systems and that knowledge definitely needs to be applied to the industrial IT systems. The Industrial environment is inherently very different from enterprise IT environment. Intrusions in Industrial Environment can cause: Environmental damage Poor quality Safety risk Lost production Power outages We highlight some major contrasts between enterprise IT (IT) and industrial control systems (IC) below. For further detailed comparison the reader is referred to [2]. IT can tolerate delays; IC cannot IT malfunction causes loss of data; IC malfunction causes loss of lives and/or equipment IT can reboot to solve problem; IC must continue to function without interruption There are various peculiarities of industrial control systems which make the attaining cyber security objectives for them even more challenging. Industrial control systems have: Lock-in due to very long lifecycles. A typical power plant has an operating life in excess of 30 years. Complex supply chains: Heterogeneous OEM environment and complex vendor relationships.

3 2.1 Control Systems Security is Integrity Centric A major difference between IT and IC is that control systems security is fundamentally about integrity and availability rather than confidentiality. This requires cyber security specialist to focus effort on these aspects of cyber security assessment and implementation in industrial control systems. 2.2 Control System Security Needs to be Pro-active In enterprise information systems IT security is a reactive technology. As incidents get reported security patches are produced by vendors and system owners and operators apply these patches, periodically or reactively. Often these patches require a reboot of the system. Industrial cyber security needs to be proactive tainted water supplies, for example, cannot be reversed. Plugging the holes and securing the interfaces is required. In fact, in USA, the government is leading efforts to secure cyber infrastructure of industrial and power plants [3, 4, 2]. 2.3 System Longevity IT platforms like PCs get patched every month (PCs) through vendor released security updates. Mobile phones tend to get replaced frequently. Control systems on the other hand may remain in use for decades. Most of their components were not designed for remote upgrade. There may be a substantial cost to downtime for application of patches as many of these systems may have a requirement of % availability less than 6 minutes downtime per annum. The result may be that control systems may be patched late or not at all. Many organizations believe that vulnerability information should not be published, resorting to security through obscurity. 3. Vulnerabilities Industrial Control and SCADA systems face many vulnerabilities. These include: Organized criminals Saboteurs Disgruntled insiders Novice users Firmware malfunction To emphasize the fact of the above mentioned vulnerabilities we provide results of certain case studies in industrial cyber security. 3.1 Cyber Security Case Study-1 Timeline June 1999 Bellingham, WA, USA Incident Gas pipeline ruptured igniting fires killing 3 people and spilling 1/4 million gallons into the environment Culprit SCADA failure Cause Attempted update on live SCADA caused it to become unresponsive 3.2 Cyber Security Case Study-2 One of the best studied breaches include the Maroochy Water Breach [5, 6]. Australia Timeline Feb to April 2000 Target SCADA radio controlled sewage equipment in Queenslad Person Vitek Boden, ex-employee Method Issued a series of control commands to spill sewage around open areas like parks and playgrounds and disabled alarms at pumping stations 3.3 Cyber Security Case Study-3 Ohio, USA Timeline January 2003 Target Safety Monitoring System Davis-Besse Nuclear Power Plant Culprit Slammer worm Method Entered the business network through unprotected T1 line backdoor then spread to plant control network disabling SPDS (Safety Parameter Display System) 3.4 Cyber Security Case Study-4 23 states in USA

4 Timeline August 2003 Target Culprit signal and dispatch system CSX Railroad Worm infection Method Worm entered the network and infected signal and dispatch system halting passenger and cargo train traffic in 23 states 4. Top SCADA Security Issues Top cyber security issues include [7]: Inadequate security policy of the organization The organization does not define and enforce cyber systems security rules across the board. Even if the security policy is defined, it is not implemented, updated or reviewed regularly. Lack of Layered Defense The organization considers security enforcement at one level to be sufficient. For example, a perimeter firewall that protects from intruders at the entry point does not stop the unauthorized access of SCADA systems from inside. Missing logs of access In general, logs of access must be maintained for critical systems but the system manager may forget to backup the log files before these are periodically overwritten by the server. The system manager may not be familiar with forensic and audit methods and detection tools. The organization may not attach importance to obtaining something beyond the normal requirements. Internet based SCADA Users may like the convenience of accessing SCADA equipment remotely however opening Internet based access is always perilous for such systems. The chances of intrusion increase greatly when there is a link from worldwide network to the SCADA infrastructure. Non-related Software on PCs Games and non-related software may be installed by authorized users on control PC. The use of such software may interfere with the control function of the PC. Beta version software may not be stable and result in system crash. This could result in malfunction of the equipment. Control software not scrutinized Such software is not sold to millions of customers. Therefore, the initial testing and scrutiny that occurs in beta versions of general purpose software is missing. It may not be surprising that some failures and faults are discovered during the actual operation. Moreover, control commands and data not are not authenticated. CSSP (Control Systems Security Program) is a DHS agency that carried out detailed industrial cyber security assessment in 2009 [8, 9]. The results of this assessment were surprising. The top issue identified was the use of weak standard ITC protocols and lack of input validation in industrial control systems. Most of the ICS computers were found to be prone to buffer overflow mishaps as bounds check was not enforced in the software. Another point of concern was unencrypted protocol communication causing SCADA data and user credentials to become open to hacking. Even if encryption was enforced, it was weak as per the standard protocols being used. The third most prevalent issue found was none or weak password enforcement and improper security enforcement. 5. Addressing SCADA Security Concerns There has been substantial progress in addressing SCADA security concerns. Idaho and Sandia National Labs have developed SCADA power grid and wireless Testbed. Sandia Lab has established center for SCADA Security. Risk assessment for water utilities was performed recently by these agencies. US Government has issued guidelines for implementing industrial systems security. North American Electric Reliability Council (NERC) has issued mandatory rules for securing cyber infrastructure of power plants. These rules must be complied by 2010 by all registered power operators in order to ensure control systems security for power plants [4, 3]. Mitigation of SCADA security threats and vulnerabilities can be done by implementing a few rules consistently and across the organization. For example, keeping SCADA computers private can reduce the risk of intrusion considerably. If these computers are made accessible from the Internet, only the absolute minimum number of such machines should be connected. Wireless SCADA communications must be encrypted and authenticated with hardware signatures. If users are allowed to issue and execute commands from the Internet, a command subset should be defined that is much restricted than the original set. One important aspect of SCADA security is multi-layered defense or the defense in depth. Slay and Miller presented multiple layers of defense for SCADA systems in [5]. Their proposed architecture uses a DMZ (Demilitarized Zone) to

5 isolate SCADA systems from outside world. The arrangement is shown in figure 2. must be processed by the system administrator. Thresholds can be set by defining for each node N i : U i as utilization of upward transmission link Other connections directly to the SCADA network SCADA Application Server(s) HMI SCADA Control System Field Units (PLCs/RTUs) SCADA Network Gateway including a Firewall, IDS and Antivirus Shared Servers/Resources DMZ Gateway including a Firewall, IDS and Antivirus Corporate Network Figure 2. Firewall Protection for SCADA Network [5] The layers of protection include firewalls, IDS (Intrusion Detection System) and anti-virus software on SCADA PCs. It is recommended not to use default settings of firewalls but to go through all the configuration steps. It must be part of standard operating procedure to update all the software and firmware related to RTU (Remote Telemetry Unit) and PLC (Programmable Logic Controller). Multiple layers of defense should also include zoning where the users accessing the SCADA controllers would be granted command and control access rights as per their location. We suggest to restrict the sets and combinations of commands, that can result in drastic changes to the system parameters, to local zone only. Alternately, users may be asked to enter additional authentication information such as second password or their confidential PIN if they attempt to run the commands to reset the whole system or override alarm conditions. Log of such access must be maintained on permanent basis. One-way secure web servers can be installed for remote monitoring of the system. However, the web pages should not contain an interface to login for system console. An important signature of intrusion is increased level of network traffic between the SCADA machines and outside network. Since the SCADA commands are mostly simple and text format instructions, the network bandwidth utilization remains low. Triggers can be activated when the network bandwidth utilization increases above and beyond a threshold level. Increased traffic between the SCADA machines and the outside world signals something unusual and D i as the utilization of downward transmission link And for all nodes: (U i + D i ) T L (1) i where T L is defined by dividing max acceptable SCADA flow rate by available bandwidth. 6. CONCLUSION The threats to cyber infrastructure of industrial plants have been proven to be an emerging problem requiring the information security experts and industrial control systems designers to collaborate and incorporate information security best practices into the design and operation of new industrial control systems. Inevitably the new industrial control systems will utilize Internet and web based technologies. Proactive protective measures must be built into these systems because the stringent constraints placed on operational availability do not allow for reactive security measures to be practiced. REFERENCES [1] R. Anderson and S. Fuloria, Security Economics and Critical National Infrastructure, in Workshop on the Economics of Information Security 2009, [2] N. C. S. D. Control Systems Security Program, Recommended Practice: Improving Industrial Control Systems Cybersecurity with Defense-In-Depth Strategies, Homeland Security, Tech. Rep., [3] T. Nash, An undirected attack against critical infrastructure - a case study for improving your control system security, Lawrence Livermore National Laboratory, Tech. Rep., [4] K. Stouffer, J. Falco, and K. Kent, Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security, National Institute of Standards and Technology, Tech. Rep., [5] J. Slay and M. Miller, International Federation for Information Processing, Volume 253, Critical Infrastructure Protection. Springer, 2008, ch. LESSONS LEARNED FROM THE MAROOCHY WATER BREACH, pp

6 [6] M. Abrams and J. Weiss, Malicious Control System Cyber Security Attack Case Study Maroochy Water Services, Australia, MITRE Corporation, Tech. Rep., [7] P. Welander, 10 Control System Security Threats, Control Engineering, [Online]. Available: Control System Security Threats.php?q=10+Control+ System+Security+Threats [8] Control Systems Security Program (CSSP). [Online]. Available: systems [9] Strategy for Securing Control Systems, Department of Homeland Security, Tech. Rep., 2009.

Out of Control: SCADA Device Exploitation

Out of Control: SCADA Device Exploitation Out of Control: SCADA Device Exploitation Contents SCADA vs. DCS... 1 Network Architecture... 2 Components... 3 Historian... 4 Human Machine Interface... 4... 4 EWS Engineering Workstation... 4 PLC Programmable

More information

Penetration Testing of control systems, is it a good idea?

Penetration Testing of control systems, is it a good idea? SANS Amsterdam, Netherlands September 8, 2008 Penetration Testing of control systems, is it a good idea? Managing Consultant Roelof.Klein@capgemini.com http://www.linkedin.com/in/roelofklein Definition

More information

INDUSTRIAL CONTROL SYSTEMS

INDUSTRIAL CONTROL SYSTEMS INDUSTRIAL CONTROL SYSTEMS PROTECTING YOUR ASSETS Kay Sallee, CIO, Phillips 66 Keith Hall, Manager, IT Audit, Phillips 66 April 11, 2016 AGENDA Industrial Control Systems Overview Layered Defense Strategy

More information

NIST Briefing: ICS Cybersecurity Guidance NIST SP , Guide to ICS Security

NIST Briefing: ICS Cybersecurity Guidance NIST SP , Guide to ICS Security NIST Briefing: ICS Cybersecurity Guidance NIST SP 800-82, Guide to ICS Security Keith Stouffer Mechanical Engineer Engineering Laboratory August 28, 2013 Industrial Control Systems (ICS) Overview Industrial

More information

Siemens PLC Vulnerabilities

Siemens PLC Vulnerabilities ANALYST BRIEF Siemens PLC Vulnerabilities Author Bob Walder Overview Supervisory Control Automation and Data Acquisition (SCADA) systems are cornerstones of modern industrial society. Via the use of Programmable

More information

Security for. Industrial. Automation. Considering the PROFINET Security Guideline

Security for. Industrial. Automation. Considering the PROFINET Security Guideline Security for Industrial Considering the PROFINET Security Guideline Automation Industrial IT Security 2 Plant Security Physical Security Physical access to facilities and equipment Policies & Procedures

More information

SCADA Supervisory Control And Data Acquisition

SCADA Supervisory Control And Data Acquisition Ramtin Raji Kermani Fall 2005 Computer Sciences & Engineering Department Shiraz University Road Map: What is a Control System? What is SCADA? Where and why SCADA is used? SCADA architecture Components

More information

Maruleng Local Municipality

Maruleng Local Municipality Maruleng Local Municipality. 22 November 2011 1 Version Control Version Date Author(s) Details 1.1 23/03/2012 Masilo Modiba New Policy 2 Contents ICT Firewall Policy 1 Version Control.2 1. Introduction.....4

More information

Abstract. SCADA Security: Why is it so hard? Amol Sarwate Version 1.0 (November 2011)

Abstract. SCADA Security: Why is it so hard? Amol Sarwate  Version 1.0 (November 2011) SCADA Security: Why is it so hard? Amol Sarwate asarwate@qualys.com amol_s@yahoo.com Version 1.0 (November 2011) Abstract Industrial control systems (ICS), distributed control systems (DCS), Supervisory

More information

Security of. SCADA & Energy Management Systems. Jean-Louis COULLON EMS/DMS Operations Director

Security of. SCADA & Energy Management Systems. Jean-Louis COULLON EMS/DMS Operations Director Security of SCADA & Energy Management Systems Jean-Louis COULLON EMS/DMS Operations Director jean-louis.coullon@areva-td.com Overview What is a SCADA/Energy Management System (EMS/DMS) The Security Issues

More information

IEC Cyber Security Capabilities

IEC Cyber Security Capabilities GE Oil & Gas GEA32435A March 2016 IEC 62443-2-4 Cyber Security Capabilities GEA32435A IEC 62443-2-4 Cyber Security Capabilities Cyber Security for IEC 62443-2-4 Standards Background IEC 62443-2-4 is a

More information

INFORMATION SECURITY ASSESSMENT TOOL For Local Government Success

INFORMATION SECURITY ASSESSMENT TOOL For Local Government Success INFORMATION SECURITY ASSESSMENT TOOL For Local Government Success AUDITOR OF STATE WA S H I N G T O N NOV 11, 1889 ACCESS CONTROL Policies, Procedures, and Account Management NIST AC-1 to AC-6; AC-17 to

More information

Protection profile of an industrial programmable logic controller

Protection profile of an industrial programmable logic controller Protection profile of an industrial programmable logic controller Version 1.1 mid-term GTCSI July 13, 2015 Preface In the whole document, the acronym ToE (Target of Evaluation) designates the component

More information

Advanced Metering Management Data Security

Advanced Metering Management Data Security White Paper AMM Data Security Advanced Metering Management Data Security Introduction 3 Overview of AMM security issues 4 Main Areas of Concern 6 Best Practises Ensuring confidentiality Authentication

More information

Protection profile of an industrial programmable logic controller

Protection profile of an industrial programmable logic controller Protection profile of an industrial programmable logic controller Version 1.1 short-term GTCSI July 13, 2015 Preface In the whole document, the acronym ToE (Target of Evaluation) designates the component

More information

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance GE Oil & Gas Cyber Security for NERC CIP Versions 5 & 6 Compliance Cyber Security for NERC CIP Versions 5 & 6 Compliance 2 Contents Cyber Security for NERC CIP Compliance... 5 Sabotage Reporting... 6 Security

More information

IT Security Threats. Lecture 7: IT Security

IT Security Threats. Lecture 7: IT Security IT Security Threats Lecture 7: IT Security PAD 6710 Security Threats External- Intrusion Threats Network- Technological Threats Internal- Organizational Threats Intrusion threats Hacking: Unauthorized

More information

Training Certificate Define Management Consultancy & Training Certificate of course completion will be issued to all attendees.

Training Certificate Define Management Consultancy & Training Certificate of course completion will be issued to all attendees. Training Title INTRODUCTION TO SCADA SYSTEMS PONSIBILIT Training Duration 05 days Training Venue and Dates Introduction to SCADA Systems 5 days 1-05 June 2014 $3,750 Dubai, UAE In any of the 5 star hotel.

More information

Meeting IED Integration Cyber Security Challenges. Jacques Benoit Manager Cybectec Product and Technology Training Cooper Power Systems

Meeting IED Integration Cyber Security Challenges. Jacques Benoit Manager Cybectec Product and Technology Training Cooper Power Systems Meeting IED Integration Cyber Security Challenges Jacques Benoit Manager Cybectec Product and Technology Training Cooper Power Systems Jacques.Benoit@cybectec.com INTRODUCTION The Nature of the Risk Utilities

More information

How Utilities are Handling (interpreting) NERC CIP Guidelines

How Utilities are Handling (interpreting) NERC CIP Guidelines How Utilities are Handling (interpreting) NERC CIP Guidelines Robert O Reilly Senior Application Engineer Cooper Power Systems / Energy Automation Solutions Presented at South Dakota State University,

More information

NERC CIP in the Real World on a Real Budget Utilizing Cost Saving Ethernet Technologies in Compliant Architectures

NERC CIP in the Real World on a Real Budget Utilizing Cost Saving Ethernet Technologies in Compliant Architectures NERC CIP in the Real World on a Real Budget Utilizing Cost Saving Ethernet Technologies in Compliant Architectures Authors: Eric Stranz, Business Development Manager, Siemens Stefan Nohe, Subject Matter

More information

Information Technology Security Policy for IBTS

Information Technology Security Policy for IBTS Information Technology Security Policy for IBTS Pakistan Stock Exchange Limited Table of contents Information Technology Security Policy for IBTS 1- INTRODUCTION AND SCOPE... 3 2- CHARTER OF THE DOCUMENT...

More information

Authentication Issues between entities during protocol message exchange in SCADA Systems. Manuel Humberto Santander Peláez

Authentication Issues between entities during protocol message exchange in SCADA Systems. Manuel Humberto Santander Peláez Authentication Issues between entities during protocol message exchange in SCADA Systems Manuel Humberto Santander Peláez msantand@isc.sans.org Agenda Introduction SCADA protocols Authentication Risks

More information

DEFENDING INDUSTRIAL CONTROL SYSTEMS WITH TRIPWIRE USING TRIPWIRE TO IMPLEMENT THE DHS SEVEN STEPS TO EFFECTIVELY DEFEND INDUSTRIAL CONTROL SYSTEMS

DEFENDING INDUSTRIAL CONTROL SYSTEMS WITH TRIPWIRE USING TRIPWIRE TO IMPLEMENT THE DHS SEVEN STEPS TO EFFECTIVELY DEFEND INDUSTRIAL CONTROL SYSTEMS CONFIDENCE: SECURED WHITE PAPER DEFENDING INDUSTRIAL CONTROL SYSTEMS WITH TRIPWIRE USING TRIPWIRE TO IMPLEMENT THE DHS SEVEN STEPS TO EFFECTIVELY DEFEND INDUSTRIAL CONTROL SYSTEMS ADVANCED THREAT PROTECTION,

More information

Domain 1: Governance (Policy, Legal & Compliance)

Domain 1: Governance (Policy, Legal & Compliance) CCISO (5 days) What is the CCISO Program? The Certified Chief Information Security Officer program is the first of its kind certification that recognizes an individual s accumulated skills in developing

More information

CT392 - Industrial Demilitarized Zone Design Principles

CT392 - Industrial Demilitarized Zone Design Principles CT392 - Demilitarized Design Principles Rev 5058-CO900E Agenda Fundamentals and Review What is an IDMZ? Methodology Network Segmentation 2 Fundamentals and Review Purdue Reference Model MES - Manufacturing

More information

Case Study Cyber Security

Case Study Cyber Security In 2010 the world discovered the existence of Stuxnet, the first acknowledged piece of malware specifically targeted to industrial controls and real-time systems. Apart from highlighting the fact that

More information

ITS Policy Library Requirements for Securing Information Systems. Information Technologies & Services

ITS Policy Library Requirements for Securing Information Systems. Information Technologies & Services ITS Policy Library 11.11 - Requirements for Securing Information Systems Information Technologies & Services Responsible Executive: Chief Information Officer, WCMC Original Issued: March 19, 2015 Last

More information

Cyber Protection for Building Automation and Energy Management Systems

Cyber Protection for Building Automation and Energy Management Systems Cyber Protection for Building Automation and Energy Management Systems PROTECT YOUR INVESTMENT Gone are the Days of Security through Obscurity Cyber threats and security compromises directed at building

More information

SCADA/ICS. (brought to you by RMRoberts.com) There are several new terms and acronyms listed under Domain 1.7.

SCADA/ICS. (brought to you by RMRoberts.com) There are several new terms and acronyms listed under Domain 1.7. SCADA/ICS Supervisory Control and Data Acquisition (SCADA) Industrial Control System (ICS) (brought to you by RMRoberts.com) In the first article we are providing.is newsletter we are providing an article

More information

Ten Deadly Sins in Wireless Security

Ten Deadly Sins in Wireless Security Ten Deadly Sins in Wireless Security The emergence and popularity of wireless devices and wireless networks has provided a platform for real time communication and collaboration. This emergence has created

More information

Implementing CitectSCADA to meet the NERC requirements of CIP & CIP standards. January 2009

Implementing CitectSCADA to meet the NERC requirements of CIP & CIP standards. January 2009 Implementing CitectSCADA to meet the requirements of CIP-005-1 & CIP-007-1 standards January 2009 Implementation Guidelines The guidelines on how to implement Citect to comply with (North American Electric

More information

TestOut Network Pro English 4.0.x

TestOut Network Pro English 4.0.x x TestOut Network Pro English 4.0.x Videos: 141 (18:44:06) Demonstrations: 81 (10:47:01) Simulations: 92 Fact Sheets: 142 Exams: 101 CONTENTS: 0.0 INTRODUCTION 0.1 Using the Simulator 0.1.1 Using the Simulator

More information

Engineering Defense-in-Depth Cybersecurity for the Modern Substation

Engineering Defense-in-Depth Cybersecurity for the Modern Substation Engineering Defense-in-Depth Cybersecurity for the Modern Substation Chris Ewing Schweitzer Engineering Laboratories, Inc. Presented at the 12th Annual Western Power Delivery Automation Conference Spokane,

More information

AUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN. 1250 Siskiyou Boulevard Ashland OR 97520

AUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN. 1250 Siskiyou Boulevard Ashland OR 97520 AUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN 1250 Siskiyou Boulevard Ashland OR 97520 Revision History Revision Change Date 1.0 Initial Incident Response Plan 8/28/2013 Official copies

More information

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 8 Firewall Configuration and Administration

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 8 Firewall Configuration and Administration FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 8 Firewall Configuration and Administration Learning Objectives Set up firewall rules that reflect an organization s overall

More information

CYBER THREAT TO THE UNITED STATES

CYBER THREAT TO THE UNITED STATES CYBER THREAT TO THE UNITED STATES DHS Office of Intelligence and Analysis Domestic Threat Analysis Division (DTA) Homeland Infrastructure Threat and Risk Analysis Center (HITRAC) Agenda DHS organization:

More information

Security in the smart grid

Security in the smart grid Security in the smart grid Security in the smart grid It s hard to avoid news reports about the smart grid, and one of the media s favorite topics is security, cyber security in particular. It s understandable

More information

Securing the Connected Enterprise

Securing the Connected Enterprise Securing the Connected Enterprise Doug Bellin, Cisco Amadou Diaw, Rockwell Automation 2 The Internet of Things (IoT) Continuing Trend in Industrial Applications More Things are gaining the ability to communicate

More information

CIP Version 5 Supports Unidirectional Security Gateways

CIP Version 5 Supports Unidirectional Security Gateways CIP Version 5 Supports Unidirectional Security Gateways Paul Feldman Independent Director MISO & WECC Lior Frenkel CEO and Co-Founder Waterfall Security Solutions May, 2013 Abstract The NERC CIP Version

More information

Comprehensive Security for SAP

Comprehensive Security for SAP A Trend Micro White Paper November 2015 How Trend Micro Deep Security protects SAP systems SAP SECURITY LANDSCAPE SAP and other Enterprise Resource Planning (ERP) systems contain highly sensitive financial,

More information

CIP R2: Understanding the Security Requirements for Remote Access Management to the Bulk Energy System. Whitepaper

CIP R2: Understanding the Security Requirements for Remote Access Management to the Bulk Energy System. Whitepaper CIP-005-5 R2: Understanding the Security Requirements for Remote Access Management to the Bulk Energy System Whitepaper CIP-005-5 R2: Understanding the Security Requirements for Remote Access Management

More information

SCADA Systems. Dr. Mohammad Salah. Mechatronics Engineering Department Hashemite University

SCADA Systems. Dr. Mohammad Salah. Mechatronics Engineering Department Hashemite University SCADA Systems By Dr. Mohammad Salah Mechatronics Engineering Department Hashemite University ٢ SCADA systems are used to control dispersed assets where centralized data acquisition is as important as control

More information

Overview: Compliance and Security Management Control Compliance Suite - NERC and FERC Regulation

Overview: Compliance and Security Management Control Compliance Suite - NERC and FERC Regulation The North American Electric Reliability Corporation (NERC) is a non-profit organization which oversees eight regional reliability entities and encompasses all of the interconnected power systems of the

More information

SCADA Cyber Attacks and Security Vulnerabilities: Review

SCADA Cyber Attacks and Security Vulnerabilities: Review SCADA Cyber Attacks and Security Vulnerabilities: Review Jinan Fiaidhi, Yvette E. Gelogo Department of Computer Science, Lakehead University, Hannam University, Korea jfiaidhi@lakeheadu.ca, vette_mis@yahoo.com

More information

Security? Problems with security:

Security? Problems with security: Protocol: an official set of steps or language for communication Algorithm: a specific set of steps to solve a problem or do some task String: a series of characters. Example if a character can be a-z

More information

Working at a Small-to-Medium Business or ISP Chapter 8

Working at a Small-to-Medium Business or ISP Chapter 8 ISP Responsibilities Working at a Small-to-Medium Business or ISP Chapter 8 Copyleft 2012 Vincenzo Bruno (www.vincenzobruno.it) Released under Creative Commons License 3.0 By-Sa Cisco name, logo and materials

More information

Performance Evaluation of Intrusion Detection Systems

Performance Evaluation of Intrusion Detection Systems Performance Evaluation of Intrusion Detection Systems Waleed Farag & Sanwar Ali Department of Computer Science at Indiana University of Pennsylvania ABIT 2006 Outline Introduction: Intrusion Detection

More information

Standard CIP 007 3a Cyber Security Systems Security Management

Standard CIP 007 3a Cyber Security Systems Security Management A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-3a 3. Purpose: Standard CIP-007-3 requires Responsible Entities to define methods, processes, and procedures for

More information

Protecting productivity. Industrial Security. siemens.com/industrial-security

Protecting productivity. Industrial Security. siemens.com/industrial-security Protecting productivity Industrial Security siemens.com/industrial-security Defense in depth Security threats force you to take action Defense in depth As the level of digitalization increases, so too

More information

Cloud computing for SCADA

Cloud computing for SCADA Cloud computing for SCADA 8 October, 2013 Although cloud computing is becoming more common, it s relatively new for SCADA (supervisory control and data acquisition) applications. Cloud computing provides

More information

New Security Solutions Using Intel vpro Technology. White Paper Intel Information Technology Computer Manufacturing Client Security

New Security Solutions Using Intel vpro Technology. White Paper Intel Information Technology Computer Manufacturing Client Security White Paper Intel Information Technology Computer Manufacturing Client Security New Security Solutions Using Intel vpro Technology Intel IT security specialists have identified significant new enterprise

More information

WHITE PAPER. Cloud Communications. UCaaS Security Architecture

WHITE PAPER. Cloud Communications. UCaaS Security Architecture WHITE PAPER Cloud Communications UCaaS Security Architecture Table of Contents Introduction 3 UCaaS Security Overview 4 Application 4 Network 4 Systems 4 Security Strategies 5 2 MASERGY UCAAS SECURITY

More information

Traditional vs Software Defined Networking

Traditional vs Software Defined Networking Traditional vs Software Defined Networking Why a new perspective on network management is inevitable IT industry has enjoyed innovation such as virtualization in computing and storage. The end is nowhere

More information

IT Security From an Organizational Perspective Ulrika Norman Jeffy Mwakalinga

IT Security From an Organizational Perspective Ulrika Norman Jeffy Mwakalinga Organizational Security 1 IT Security From an Organizational Perspective Ulrika Norman Jeffy Mwakalinga Reference: 1) Enterprise Security. Robert C. Newman. ISBN: 0-13-047458-4 2) Corporate Computer and

More information

Anomaly Detection For Process Control Systems. Ron Derynck Director, Product Strategies, Verano

Anomaly Detection For Process Control Systems. Ron Derynck Director, Product Strategies, Verano Anomaly Detection For Process Systems Ron Derynck Director, Product Strategies, Verano About Verano Industrial software company Headquarters in Mansfield, Mass. Software development in Calgary, Canada

More information

WORKSTATION SECURITY STANDARD

WORKSTATION SECURITY STANDARD WORKSTATION SECURITY STANDARD Security Standards are mandatory security rules applicable to the defined scope with respect to the subject. Overview Scope Standard Improperly configured computer systems

More information

Learning Objectives. attacks. 2. Describe the common security practices of businesses of

Learning Objectives. attacks. 2. Describe the common security practices of businesses of E-Commerce Security Learning Objectives 1. Document the trends in computer and network security attacks. 2. Describe the common security practices of businesses of all sizes. 3. Understand the basic elements

More information

Chapter 4 Firewalls and Proxy servers

Chapter 4 Firewalls and Proxy servers Notes for Internet Security, B.Sc. I.T. Semester V Chapter 4 Firewalls and Proxy servers The word 'firewall' has come from a kind of arrangement in automobiles, to prevent the passengers from engine components.

More information

Cyber security: Why it matters

Cyber security: Why it matters Cyber security: Why it matters July, 2015 Agenda Introduction Understanding the threats Defending against the threats Game plan and best practices Q&A Cyber security in the news The cost of doing nothing

More information

Industrial Security , Mannheim, VDI. Tino Hildebrand Head Marketing & Promotion SIMATIC HMI Industrial Automation Systems Siemens AG

Industrial Security , Mannheim, VDI. Tino Hildebrand Head Marketing & Promotion SIMATIC HMI Industrial Automation Systems Siemens AG Wie sichern Sie Ihre Produktionsanlagen vor Angriffen aus dem Internet Industrial Security to guarantee top performance in production 09.02.2012, Mannheim, VDI Tino Hildebrand Head Marketing & Promotion

More information

SCADA SYSTEMS Class # Ian Metcalfe ClearSCADA Sales Control Microsystems 90 Madison St, #600 Denver, CO 80206

SCADA SYSTEMS Class # Ian Metcalfe ClearSCADA Sales Control Microsystems 90 Madison St, #600 Denver, CO 80206 SCADA SYSTEMS Class # 3070 Ian Metcalfe ClearSCADA Sales Control Microsystems 90 Madison St, #600 Denver, CO 80206 Introduction The definition of SCADA is Supervisory Control and Data Acquisition. The

More information

9 Malicious Software

9 Malicious Software 9 Malicious Software Viruses and Other Malicious Content computer viruses have got a lot of publicity one of a family of malicious software effects usually obvious have figured in news reports, fiction,

More information

A reliable solution for critical applications

A reliable solution for critical applications A reliable solution for critical applications PowerLogic SCADA power monitoring and control software Data Center Waste Water Industrial Make the most of Your Energy SM Control that reduces outages and

More information

OPDS SUPPORTS DHS SEVEN STRATEGIES. DHS Provides Strategies for Thwarting Cyberattacks. Owl Computing Technologies

OPDS SUPPORTS DHS SEVEN STRATEGIES. DHS Provides Strategies for Thwarting Cyberattacks. Owl Computing Technologies a. Incidents mitigated by more than one strategy are listed under the strategy ICS-CET judged as more effective. Owl Computing Technologies OPDS SUPPOTS DHS SEVEN STATEGIES DHS Provides Strategies for

More information

ITU-T Y Overview of the Internet of things

ITU-T Y Overview of the Internet of things International Telecommunication Union ITU-T Y.2060 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (06/2012) SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS

More information

Cyber Security measures in Protection and Control IEDs

Cyber Security measures in Protection and Control IEDs Cyber Security measures in Protection and Control IEDs K. Hagman, L. Frisk, J. Menezes, M.M. Saha ABB AB, Substation Automation Products, Sweden Keywords: security, hardening, authentication, authorization,

More information

Guide to Improving your IT Security:

Guide to Improving your IT Security: Guide to Improving your IT Security: A layered Approach Foration Whitepaper February 2015 foration.com 020 7099 9384 info@foration.com Executive Summary Security Backdrop With the growing range of security

More information

Local Patch Management Update Service

Local Patch Management Update Service Service Data Sheet Local Patch Management Update Service Establishes successful and proactive patch management strategy Tailored patch management service Defined scheduling helps ensure the availability

More information

CG Automation Solutions USA

CG Automation Solutions USA CG Automation Solutions USA (Formerly QEI Inc.) SCADA Remote Gateways & RTUs Substation & Feeder Automation Capacitor Control CG Automation Solutions USA INC CG Automation is a leading SCADA system and

More information

Managing Industrial Networks with Cisco Networking Technologies 1.2 (IMINS)

Managing Industrial Networks with Cisco Networking Technologies 1.2 (IMINS) Managing Industrial Networks with Cisco Networking Technologies 1.2 (IMINS) COURSE OVERVIEW: Managing Industrial Networks with Cisco Networking Technologies (IMINS) is a lab-based course which helps students

More information

HIPAA Assessment. Prepared For: Customer Name Here! Prepared By: YourIT! Company, Inc.

HIPAA Assessment. Prepared For: Customer Name Here! Prepared By: YourIT! Company, Inc. HIPAA Assessment Prepared For: Customer Name Here! Prepared By: YourIT! Company, Inc. Agenda Environment Assessment Overview Risk and Issue Score Issue Review Next Steps Environment NETWORK ASSESSMENT

More information

Cyber Defense Operation Center (CDOC) Ensuring that Experts are allways watching

Cyber Defense Operation Center (CDOC) Ensuring that Experts are allways watching (CDOC) Ensuring that Experts are allways watching Data Sheet Introduction CyberHat CDOC is an intelligent security operation center; which combines cutting edge technologies and innovative processes ensuring

More information

Complete SCADA System Replacement Where do we go from here?

Complete SCADA System Replacement Where do we go from here? Complete SCADA System Replacement Where do we go from here? Conference John Mirabella, Engineering Manager Westin Engineering, Inc. Thomas H. Powers PE, Commissioner City of Chicago Department of Water

More information

Corporate Security Research and Assurance Services

Corporate Security Research and Assurance Services Corporate Security Research and Assurance Services We Keep Your Business In Business Obrela Security Industries mission is to provide Enterprise Information Security Intelligence and Risk Management Services

More information

An IT Perspective of Control Systems Security

An IT Perspective of Control Systems Security An IT Perspective of Control Systems Security Abstract Enterprises with industrial operations typically utilize at least two types of computer networks Information Technology (IT) - a network that supports

More information

Vermont Information Technology Leaders

Vermont Information Technology Leaders Vermont Information Technology Leaders HIPAA COMPLIANCE POLICIES AND PROCEDURES Policy Number: InfoSec 3 Policy Title: Information System Access Control Policy January 26, 2016 IDENT INFOSEC3 Type of Document:

More information

EVOLUTION OF SCADA SYSTEMS

EVOLUTION OF SCADA SYSTEMS Bulletin of the Transilvania University of Braşov Vol. 9 (58) No. 1-2016 Series I: Engineering Sciences EVOLUTION OF SCADA SYSTEMS Alexandru UJVAROSI 1 Abstract: The concept of SCADA is very often used

More information

Retention & Destruction

Retention & Destruction Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of

More information

OWASP Top 10 for IoT - Explained

OWASP Top 10 for IoT - Explained OWASP Top 10 for IoT - Explained Table of Contents Introduction... 1 Insecure Web Interface... 2 Insufficient Authentication/Authorization... 3 Insecure Network Services... 3 Lack of Transport Encryption...

More information

Cyber assessment methods

Cyber assessment methods Page 1 of 8 ISA InTech Home 1 November 2005 Cyber assessment methods Here is the plan for enhancing control system security. By May Robin Permann and Kenneth Rohde The terrorist attacks of 11 September

More information

Local Patch Management Update Service

Local Patch Management Update Service Establish a successful and proactive patch management strategy Tailor a site-specific patch management service Ensure the availability and business continuity of your DeltaV system Service Data Sheet The

More information

Leverage security intelligence for energy and utilities companies

Leverage security intelligence for energy and utilities companies Leverage security intelligence for energy and utilities companies IBM Security QRadar solutions help smooth the way to a secure smart grid Highlights Automate configuration, policy and compliance management

More information

Annex - Cyber Security Self-Assessment Guidance

Annex - Cyber Security Self-Assessment Guidance Annex - Guidance This self-assessment template sets out desirable properties and characteristics of cyber security practices that could be considered by a FRFI when assessing the adequacy of its cyber

More information

Four Top Emagined Security Services

Four Top Emagined Security Services Four Top Emagined Security Services. www.emagined.com Emagined Security offers a variety of Security Services designed to support growing security needs. This brochure highlights four key Emagined Security

More information

Protecting Web Application Delivery with Citrix Application Firewall. Johnson Mok Systems Engineer Citrix Systems, Inc.

Protecting Web Application Delivery with Citrix Application Firewall. Johnson Mok Systems Engineer Citrix Systems, Inc. Protecting Web Application Delivery with Citrix Application Firewall Johnson Mok Systems Engineer Citrix Systems, Inc. Six Keys to Successful App Delivery Optimizing Web Application Delivery Citrix NetScaler

More information

"Cooperative Security" Breaks the Limits of Traditional Security Measures

Cooperative Security Breaks the Limits of Traditional Security Measures "Cooperative Security" Breaks the Limits of Traditional Security Measures NORIFUSA Masaya, GOTO Jun, MORINO Junichi, YANOO Kazuo, SAKAKI Hiroshi, TERASAKI Hiroshi Abstract Just as broadband networking,

More information

ISO : 2013 COMPLIANCE CHECKLIST

ISO : 2013 COMPLIANCE CHECKLIST REFERENCE COMPLIANCE ASSESSMENT AREA RESULT STANDARDS SECTION INITIAL ASSESSMENT POINTS FINDINGS STATUS A.5 INFORMATION SECURITY POLICIES A.5.1 A.5.1.2 MANAGEMENT DIRECTION FOR INFORMATION SECURITY Policies

More information

A Strategic Approach to SCADA Cyber Security Water and Wastewater Network Architecture and Segmentation

A Strategic Approach to SCADA Cyber Security Water and Wastewater Network Architecture and Segmentation A Strategic Approach to SCADA Cyber Security Water and Wastewater Network Architecture and Segmentation Standards Certification Education & Training Publishing Conferences & Exhibits Speakers: Bill Phillips

More information

The Power Logic Controller. Océ TDS400 Océ TDS600 Océ TDS800

The Power Logic Controller. Océ TDS400 Océ TDS600 Océ TDS800 The Power Logic Controller Océ TDS400 Océ TDS600 Océ TDS800 Discussion On Security August 2004 The Power Logic Controller on Océ TDS Machines 1 INTRODUCTION...3 2 POWER LOGIC CONTROLLERS...4 2.1 THE PLC

More information

IT-SECURITY FOR INDUSTRIE 4.0. Claudia Eckert Fraunhofer-Institute for Applied and Integrated Security (AISEC) TU Munich, Chair for IT Security

IT-SECURITY FOR INDUSTRIE 4.0. Claudia Eckert Fraunhofer-Institute for Applied and Integrated Security (AISEC) TU Munich, Chair for IT Security IT-SECURITY FOR INDUSTRIE 4.0 Claudia Eckert Fraunhofer-Institute for Applied and Integrated Security (AISEC) TU Munich, Chair for IT Security Industrie 4.0: Connected Eco-System Connected: from Sensors

More information

CYBER SECURITY OF SCADA SYSTEMS TESTBED

CYBER SECURITY OF SCADA SYSTEMS TESTBED 10/12/2010 SDMAY11/11 CYBER SECURITY OF SCADA SYSTEMS TESTBED Project Plan Tony Gedwillo, James Parrott, David Ryan TABLE OF CONTENTS Problem statement... 4 System overview... 4 System Description... 4

More information

AutoLog GRUNDFOS Pumput Oy pump control system

AutoLog GRUNDFOS Pumput Oy pump control system GRUNDFOS Pumput Oy pump control system AutoLog FF- Oy quality products since 1976 FF- Oy is a Finnish company and it has over 35 years expertise in designing and manufacturing cost-effective automation

More information

Importance of Intrusion Detection System (IDS)

Importance of Intrusion Detection System (IDS) Importance of Intrusion Detection System (IDS) Asmaa Shaker Ashoor (Department computer science, Pune University) Prof. Sharad Gore (Head department statistic, Pune University) Abstract: Intruders computers,

More information

NERC CIP MAPPING RKNEAL, INC. VERVE SECURITY CENTER. See how the Verve Security Center addresses the requirements of NERC CIP version 5

NERC CIP MAPPING RKNEAL, INC. VERVE SECURITY CENTER. See how the Verve Security Center addresses the requirements of NERC CIP version 5 VERVE SECURITY CENTER NERC CIP MAPPING See how the addresses the requirements of NERC CIP version 5 3 NERC CIP VERSION 5 Defense In Depth Protection For ICS Systems ADOPTS NEW CYBER SECURITY CONTROLS AND

More information

SCADA: issues, vulnerabilities, and future directions

SCADA: issues, vulnerabilities, and future directions Tim Yardley SCADA: issues, vulnerabilities, and future directions Tim Yardley is a Technical Program Manager in the Information Trust Institute (ITI) at the University of Illinois at Urbana-Champaign.

More information

Cyber Security Procurement Language for Control Systems

Cyber Security Procurement Language for Control Systems Cyber Security Procurement Language for Control Systems Rita Wells Idaho National Laboratory Program Sponsor: National Cyber Security Division Control Systems Security Program Cyber Security Procurement

More information

Intrusion Detection and Threat Vectors Michael Arent EDS-Global Information Security

Intrusion Detection and Threat Vectors Michael Arent EDS-Global Information Security Insert photo here Intrusion Detection and Threat Vectors Michael Arent EDS-Global Information Security 1 / 07 May 2008 / EDS The direction is changing.... 2 / 07 May 2008 / EDS Intrusion costs are rising

More information

Data Security at Smart Assessor

Data Security at Smart Assessor Data Security at Smart Assessor Page 1 Contents Data Security... 3 Hardware... 3 Software... 4 Data Backups... 4 Personnel... 5 Web Application Security... 5 Encryption of web application traffic... 5

More information

Firewalls Network Security: Firewalls, VPNs, and Honeypots CS 239 Computer Security March 7, 2005

Firewalls Network Security: Firewalls, VPNs, and Honeypots CS 239 Computer Security March 7, 2005 Firewalls Network Security: Firewalls, VPNs, and Honeypots CS 239 Computer Security March 7, 2005 A system or combination of systems that enforces a boundary between two or more networks - NCSA Firewall

More information