SCADA Security Measures

Transcription

1 Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA SCADA Security Measures CSE 598E Critical Infrastructure Security 1

2 Paper 1: The VIKING Project - Towards more Secure SCADA Systems Written by: Gunnar Björkman Presented by: Diana Koshy 2

3 Type of Paper Expository This paper discusses a future project aimed at analyzing the security of SCADA systems. It also describes how SCADA systems work. 3

4 The Problem: Security on SCADA systems needs to be improved ( or at least exist!) 4

5 The Problem SCADA systems need to be secure since a problem with the system has dire consequences Security is non-trivial since the systems are very complex and must perform under strict conditions 5

6 The Problem Risks come from insiders as well as new access points opened by connecting the SCADA system to corporate networks, engineers, contractors, vendors, etc. These risks have been somewhat mitigated by firewalls and Demilitarized Zones (DMZs) Risks also come from use of standardized protocols, hardware and software Communication protocols are becoming more standardized to allow different hardware to communicate 6

7 The Solution The objective of the VIKING project is to develop, test and evaluate methodologies for the analysis, design and operation of resilient and secure industrial control systems for critical infrastructure. 7

8 Background Structure of a SCADA System Sensors Remote Terminal Units (RTUs) Station Control Systems Central Control System Workstations Front-End Servers SCADA Servers Archive Servers 8

9 The Solution The VIKING project aims to take a holistic approach in analyzing security 9

10 The Solution: VIKING Goals 1. Assess security risk and (financial) consequences of an attack on a SCADA system 2. Create a tool that can quantify security for comparison across different systems 3. Use model-based system as IDS 4. Secure power system communication 5. Be able to identify vulnerable spots in a SCADA system 6. Create a system that can be used to test security solutions and their effects 10

11 The Solution: Method Create 3 models: 1. power system model - used to model the effects of an attack on electricity supply 2. society model - used to gauge economic consequences of an attack 3. SCADA system models (architectural and cyber-physical) - used to see the effect of an attack on SCADA system behavior 11

12 The Assumptions None The paper was just summarizing a proposed project. 12

13 Paper 2: 21 Steps to Improve Cyber Security of SCADA Networks Written by: US Department of Energy Presented by: Diana Koshy 13

14 Type of Paper Best-practices paper This paper proposes 21-steps to take in order to alleviate the security problem inherent in current SCADA systems 14

15 The Problem SCADA systems were not designed with security in mind Organizations using SCADA networks need to improve their security 15

16 The Solution 2 Categories: 1. Actions to Take to Increase Security 2. Management Actions to Establish Effective Security Program 16

17 The Solution: Actions to Take 1. Understand the risk, protection and necessity of every connection to the SCADA network 2. Make the network as isolated as possible and use safe methods for data transfer 3. Analyze and implement a strong security strategy for all remaining connections 4. Remove or disable unused services provided by non-proprietary operating systems 17

18 The Solution: Actions to Take 5. Proprietary (obscure) protocols should not be mistaken for secure protocols 6. Enable and configure all security features already present and/or demand upgrades 7. Secure backdoors and vendor connections 8. Monitor for internal and external intrusions 24- hours-a-day 18

19 The Solution: Actions to Take 9. Conduct audits of the system to find common vulnerabilities 10.Check physical security of all remote sites that communicate with the SCADA system 11.Put together a Red Team to come up with potential attack scenarios 19

20 The Solution: Management 12.Clearly define roles and responsibilities for all organization personnel 13.Document the information security architecture and its components 14.Identify risks and vulnerabilities and create an ongoing risk management process 15.Base protection strategy on defense-in-depth principle 20

21 The Solution: Management 16.Create a clear, structured security program with delineated requirements 17.Establish configuration management processes 18.Conduct routine self-assessments 19.Create system backups and disaster recovery plans 21

22 The Solution: Management 20.Establish an expectation for strong security for all levels of personnel 21.Train personnel to prevent disclosure of sensitive information about the SCADA system 22

23 The Assumptions None The paper was a list of suggested best-practices. 23

24 Paper 3: SCADA-specific Intrusion Detection/Prevention Systems: A Survey and Taxonomy Written by: Bonnie Zhu and Shankar Sastry Presented by: Diana Koshy 24

25 Type of Paper Survey paper This paper discusses past work on Classification and characteristics of attacks SCADA-specific IDS attempts 25

26 The Problem SCADA systems are vulnerable Standardized protocols, software and hardware De-isolation of SCADA systems Legacy components not designed for security 26

27 The Problem Specific Vulnerabilities Listed: HMI controller: Can falsify what operator sees sensor-hmi link: Can spy on what operator sees actuator-controller link: Can see what actuators are told to do sensor threshold values and settings: Can modify settings actuator settings: Can modify settings 27

28 The Problem Security research on SCADA systems is lacking Unrealistic testing environments Poorly analyzed threat models IDS implementations specific to different SCADA environments Lack of analysis of false positives/false negatives of IDSs 28

29 The Problem 100% prevention of attacks is impossible Must combine prevention with detection Can t use existing IDSs since SCADA is different It is a hard real-time system, which means timeliness, freshness of data, and availability are crucial Its terminal devices have limited computing and memory resources Safety is a primary concern 29

30 The Solution Create SCADA-specific IDS and security metrics Ideal system should be able to: detect and block intrusions in real time do so without interrupting performance do so without extra burdens due to false positives do so despite normal noise 30

31 The Solution Types of IDS: signature detection approach anomaly detection approach probabilistic approach specification-based approach behavioral detection approach 31

32 The Solution All of these can be applied to different parts of SCADA systems 32

33 The Solution: Past Work Model-Based IDS for SCADA Using Modbus/TCP Uses the fact that network traffic on a SCADA system is relatively constant to find anomalies Most SCADA-specific of the implementations 33

34 The Solution: Past Work Anomaly-Based IDS 1. AutoAssociative Kernel Regression and Statistical Probability Ratio Test - monitor anomalous non-malicious activity to establish baseline - use baseline database to compare with new activity 2. Multi-Agent IDS Using Ant Clustering Approach and Unsupervised Feature Extraction -use multiple intelligent agents to perform IDS duties -monitor agents capture packets, extract features and perform PCA -decision agents perform clustering and notify of abnormalities -action agents respond to threats accordingly 34

35 The Solution: Past Work Configurable Embedded Middleware-Level Detection put a detection system in the middle of the communication channels kind of like a firewall easiest to incorporate since few changes to existing system would need to be made 35

36 The Solution: Past Work Intrusion Detection and Event Monitoring in SCADA Networks specific to SCADA power-grid and RTUs automatically produce signatures for unauthorized access store settings and details of each SCADA device and compare over time 36

37 The Solution: Past Work Model for Cyber-Physical Interaction 1. Power Plant interfacing Substations through Probabilistic validation of attack-effect bindings 2. Workflow-based non-intrusive approach for enhancing the survivability of critical infrastructures in Cyber Environment 37

38 The Solution: Past Work Model for Cyber-Physical Interaction 1. Power Plant interfacing Substations through Probabilistic validation of attack-effect bindings probabilistically build a profile of legitimate data flows and main characteristics of normal information exchange only works for known attacks 38

39 The Solution: Past Work Model for Cyber-Physical Interaction 2. Workflow-based non-intrusive approach for enhancing the survivability of critical infrastructures in Cyber Environment separate SCADA system into cyber, physical, and workflow layers each physical component is a node in workflow layer model functionality and attack patterns only works on known attacks 39

40 The Solution: Past Work Modeling Flow Information and other Control Systems Behavior To Detect Anomalies analyzes flow on the network (so only good for network layers) combine anomaly-, behavioral-, and specification-based techniques to detect abnormal behavior 40

41 The Solution: Past Work SHARP uses authentication and privilege escalation protection to detect and block unauthorized physical and network access 41

42 The Assumptions None The paper was a survey. 42