Manufacturing Control Systems {SCADA} Vulnerability and RFID Technologies

Similar documents
RFID Design Principles

CHAPTER 1 Introduction 1

Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, Developed by: Smart Card Alliance Identity Council

HIPAA Security Considerations for Broadband Fixed Wireless Access Systems White Paper

University of Illinois at Chicago Health Sciences Colleges Information Technology Group Security Policies Summary

RFID Design Principles

DatacenterTrak RFID-BASED ASSET MANAGEMENT & ASSET TRACKING. Committed to Data Your trusted partner in data management and protection

Electronic Access Control Solutions

RFID Tags. Prasanna Kulkarni Motorola. ILT Workshop Smart Labels USA February 21, 2008

NACCU Migrating to Contactless:

SCADA System Security. ECE 478 Network Security Oregon State University March 7, 2005

Cloud RFID UHF Gen 2

Growth through partnerships and licensing technologies

Product Guide. Product Guide 2014 EMKA, Inc. Page 1 of 12

SCADA SYSTEMS AND SECURITY WHITEPAPER

Enabling the secure use of RFID

How To Understand The Power Of An Freddi Tag (Rfid) System

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

Top Ten Security and Privacy Challenges for Big Data and Smartgrids. Arnab Roy Fujitsu Laboratories of America

Industrial IOT Gateway Family Datasheet

Portable Wireless Mesh Networks: Competitive Differentiation

Beyond Retail: The Imperative for Ubiquitous Security in Wireless Printers

Remote Services. Managing Open Systems with Remote Services

Solutions and IT services for Oil-Gas & Energy markets

Introduction Chapter 1. Uses of Computer Networks

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES

Cisco Advanced Services for Network Security

SECURING AN INTEGRATED SCADA SYSTEM. Technical Paper April 2007

Retail Solutions. Why Tyco Security Products for Retail?

RFID BASED VEHICLE TRACKING SYSTEM

Cisco Physical Access Manager

Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG

Can RFID Tags Work Inside Metal?

THE BLUENOSE SECURITY FRAMEWORK

SCADA/Business Network Separation: Securing an Integrated SCADA System

The data can be transmitted through a variety of different communications platforms such as:

BlackRidge Technology Transport Access Control: Overview

ACE3600 HIGH PERFORMANCE MONITORING & CONTROL REMOTE TERMINAL UNIT

PCI Data Security and Classification Standards Summary

W H I T E P A P E R. Security & Defense Solutions Intelligent Convergence with EdgeFrontier

Wireless Network Standard and Guidelines

POLICY ON WIRELESS SYSTEMS

IS-TG501MS IS-TG100MS L-TG700 XS-PLINTH01

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards

Enterprise level security, the Huddle way.

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems

Chapter 2 Configuring Your Wireless Network and Security Settings

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant

Security and the Mitel Teleworker Solution

Compulink Advantage Online TM

Cloud Security Trust Cisco to Protect Your Data

HIPAA Security Alert

White Paper. BD Assurity Linc Software Security. Overview

HIPAA Security. assistance with implementation of the. security standards. This series aims to

IBM Internet Security Systems. The IBM Internet Security Systems approach for Health Insurance Portability and Accountability Act compliance overview

HIPAA Security Series

Useful Tips for Reducing the Risk of Unauthorized Access for Network Cameras Important

Smart Card Deployment in the Data Center: Best Practices for Integrating Smart Card Authentication in a Secure KVM Environment

ISACA rudens konference

Introduction. Industry Changes

Privacy + Security + Integrity

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No MERCHANT DEBIT AND CREDIT CARD RECEIPTS

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75

The RFID Revolution: Your voice on the Challenges, Opportunities and Threats. Online Public Consultation Preliminary Overview of the Results

Certified Information Systems Auditor (CISA)

Marko Hännikäinen Tampere University of Technology IoT week CLOUD-BASED SERVICE PLATFORM FOR WIRELESS SENSOR NETWORKS

CHIS, Inc. Privacy General Guidelines

Cisco Wireless Control System (WCS)

October Field Area Communication Networks for Digital Oil and Gas Fields

RFID Security. April 10, Martin Dam Pedersen Department of Mathematics and Computer Science University Of Southern Denmark

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

FINAL May Guideline on Security Systems for Safeguarding Customer Information

How Cisco Tracks RFID with Active RFID and Wireless LANs

A. Background. In this Communication we can read:

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

CYBER SECURITY POLICY For Managers of Drinking Water Systems

Connect and Protect: The Importance Of Security And Identity Access Management For Connected Devices

Cloud Contact Center. Security White Paper

BIOMETRIC SOLUTIONS 2013 ISSUE

OPC & Security Agenda

Time & Access System An RFID based technology

CISCO WIRELESS CONTROL SYSTEM (WCS)

Security Whitepaper: ivvy Products

Information Systems and Electronic Communications in Logistics Management

SCADA Protocols and Security

International Journal of Engineering Research & Management Technology

Cisco to work with JDA to make Jaipur a smart city- Economic Times-21 May

This is a preview - click here to buy the full publication

Next Generation. Surveillance Solutions. Cware. The Advanced Video Management & NVR Platform

Journal of Chemical and Pharmaceutical Research, 2014, 6(5): Research Article

Transcription:

Manufacturing Control Systems {SCADA} Vulnerability and RFID Technologies DR. O. GEOFFREY EGEKWU and JIM RIDINGS Institute for Infrastructure and Information Assurance (IIIA) James Madison University

Functions of SCADA Systems Part of computer system that control production and distribution in critical infrastructure industries DATA ACQUISITION & HANDLING POLLING CONTROLLERS CHECKING ALARMS PERFORMING CALCULATIONS LOGGING & ARCHVING PROCESS DATA

JMU CIM Lab runs SCADA System Installed full commercial version SCADA system Physical security system implemented Cisco Security Agent both network and node protection being implemented Our experience similar to Cisco s experience in oil gas SCADA project

Critical Infrastructure Industries that use SCADA systems include: Electric power Oil and gas Water Chemicals Pharmaceuticals Metals and mining Pulp and paper Durable goods manufacturing

Issues around SCADA Systems Security for Manufacturing Sector Need to protect against outside and internal threats Assets in private hands difficult to regulate Corporations control confidential and/or proprietary information hence resistance to information sharing Small-to-medium businesses are essentially not part of the security equation yet security costs can be prohibitive Accessibility, a prime requisite for employee utilization of systems, becomes a major liability due to long value chains System failures still occur from incidents for which known technical solutions exist System assets (hardware and software) vary within sector

Enterprise Security Solution for Manufacturing Sector Security infrastructure must consist of redundant security layers Access control must comprise of physical solutions as well as authentication, authorization, and accounting solutions Possess encryption capabilities that prevent unauthorized access to company data even after it leaves the corporate secure network Possess a robust security POLICY that includes comprehensive employee training

Current Research Emphases Evaluate COTS and new security agents that reside in SCADA devices and/or network nodes Cisco Systems CSA 4.0 Integrate physical and software-based solutions into a single policy-based security system MC Dean/CIM Associates Develop framework for sector-wide security asset study that would lead to reliable vulnerability assessment process Cisco CIAG Integrate RFID technology into SCADA security system Defense Systems, Inc.

Expected Results Play a role in mandatory sector-wide risk assessment movement (pending bill on compulsory rail security assessment) Duty of Care & Duty to Warn legislation in the UK is an interesting model Improve confidence of self assessment tools, security solutions Identify Security Best Practices and guiding principles for sector Understand full impact of RFID technology on SCADA systems

RFID as an ENABLER Item Authentication, Track, and Trace are important application benefits Possesses more functionality: Read/Write memory On-tag sensors possible [MEMS] Active communication

RFID as an ENABLER RFID seen as silent technology and part of CI Knowledge-enabled logistics and control possible Application in multiple critical infrastructure sectors Tag read generates: receipt, acceptance, closeout, payment, inventory adjustment, update asset visibility system, Real-time asset locator system for SCADA security systems

An efficient, integrated approach to data collection and business intelligence [Adapted from Acsis ]

Camera (Pan Tilt Zoom) Security Server Monitoring station Digital IP Addressable Camera Local Network Local Lab Network Readers Controller Biometric Gateway Secure Internet Fingerprint Reader External Monitoring Station Card Reader Proximity Readers

Overview OF RFID VIDEO

< 140kHz 13.56MHz 869.4-869.65MHz 2.446-2.454GHz Standard.Standard. Standard! < 140kHz 13.56MHz 902-928MHz 2.4-2.4835GHz < 140kHz 13.56MHz TBD UHF 2.427-2.47GHz

Unified Protocol Performance Comparison Parameter Class 0 Class 1 Gen 2 Read Rate US: 800 tags/sec EU: 200 tags/sec US: 200 tags/sec EU: 50 tags/sec US: 1700 tags/sec EU: 600 tags/sec Rewriteability Read Only Write Once Fully Rewritable Privacy 24-bit Password 8-bit Password Security Regulatory Compliance Multi-Reader Environment -- Reader broadcasts OID, or -- Anonymous modes with reduced throughput Reader broadcasts partial OID -- 32-bit Password -- Concealed Mode -- Reader does not transmit OID -- Has authentication and encryption North America Worldwide Worldwide -- Reader transmissions are spectrally separated from tag backscatter -- Reader transmissions interfere with tag backscatter -- Reader transmissions are spectrally separated from tag backscatter -- Guardbands prevent reader-on-tag collisions

Only the Unified Protocol Meets All User Requirements User Requirements Class 0 Class 1 6A/6B Unified Worldwide Compliance X? Multi Source Availability Rewriteable Nonvolatile Memory X X? X > 500 tags / second Dense-Reader Operation Industry Endorsement X X X X X X X X Security X X Availability Q3/04

Supply Chain Management Warehouse [Phillips]

MWVIS Products And Services Reader Unit Legacy Corporate Systems Reader Unit Application Server Reader Unit Reader Unit

http://www.isat.jmu.edu/egekwu.htm egekwuog@jmu.edu