An Open Source SCADA Toolkit



Similar documents
Testing Intelligent Device Communications in a Distributed System

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

nexb- Software Audit for Acquisition Due Diligence

SCADA/Business Network Separation: Securing an Integrated SCADA System

Elluminate Live! Access Guide. Page 1 of 7

Internet-Accessible Power Monitoring & Control Systems

Agenda. Understanding of Firewall s definition and Categorization. Understanding of Firewall s Deployment Architectures

SECURING AN INTEGRATED SCADA SYSTEM. Technical Paper April 2007

Elluminate Live! Access Guide. Page 1 of 7

Avaya G700 Media Gateway Security - Issue 1.0

Avaya TM G700 Media Gateway Security. White Paper

The ntop Project: Open Source Network Monitoring

Oracle Managed File Getting Started - Transfer FTP Server to File Table of Contents

Security Overview Introduction Application Firewall Compatibility

Open Source Backup with Amanda

How To Test Your Web Site On Wapt On A Pc Or Mac Or Mac (Or Mac) On A Mac Or Ipad Or Ipa (Or Ipa) On Pc Or Ipam (Or Pc Or Pc) On An Ip

Chapter 2 Addendum (More on Virtualization)

Content Distribution Management

Frequently Asked Questions

Accessing TP SSL VPN

Exhibit B5b South Dakota. Vendor Questions COTS Software Set

ABB North America. Substation Automation Systems Innovative solutions for reliable and optimized power delivery

This presentation describes the IBM Tivoli Monitoring 6.1 Firewall Implementation: KDE Gateway Component.

Moving a Commercial Forecasting Product to Open Source

Alice. Software as a Service(SaaS) Delivery Platform. innovation is simplicity

Computer Security DD2395

VIDEO intypedia007en LESSON 7: WEB APPLICATION SECURITY - INTRODUCTION TO SQL INJECTION TECHNIQUES. AUTHOR: Chema Alonso

PROJECT BOEING SGS. Interim Technology Performance Report 3. Company Name: The Boeing Company. Contract ID: DE-OE

Secure Networking for Critical Infrastructure Using Service-aware switches for Defense-in-Depth deployment

Network Access Security. Lesson 10

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement... 2

Industrial Network Security and Connectivity. Tunneling Process Data Securely Through Firewalls. A Solution To OPC - DCOM Connectivity

Mobile Testing in a Fast Paced World

Thank for choosing the Dominion KX III, the industry's highest performance enterprise-class, secure, digital KVM (Keyboard, Video, Mouse) switch.

COUNTERSNIPE

ELECTRONIC RECORDS MANAGEMENT SYSTEM COMPLIANCE TEST AND EVALUATION PROCESS AND PROCEDURES

Update On Smart Grid Cyber Security

How To Connect Xbox 360 Game Consoles to the Router by Ethernet cable (RJ45)?

Remote Access for LAPD Users Using Aventail SSL VPN

INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT

Open Source in Network Administration: the ntop Project

Unified Threat Management, Managed Security, and the Cloud Services Model

Essential Curriculum Computer Networking 1. PC Systems Fundamentals 35 hours teaching time

7. Firewall - Concept

Virtualization Technologies (ENCS 691K Chapter 3)

EOP ASSIST: A Software Application for K 12 Schools and School Districts Installation Manual

Palo Alto Networks User-ID Services. Unified Visitor Management

Information Security Assessment and Testing Services RFQ # Questions and Answers September 8, 2014

SNMP Manager User s Manual

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

CS5008: Internet Computing

By David G. Holmberg, Ph.D., Member ASHRAE

White Paper Copyright 2011 Nomadix, Inc. All Rights Reserved. Thursday, January 05, 2012

Citrix XenServer 5.6 OpenSource Xen 2.6 on RHEL 5 OpenSource Xen 3.2 on Debian 5.0(Lenny)

Steelcape Product Overview and Functional Description

Automate PCI Compliance Monitoring, Investigation & Reporting

Small Business Server Part 2

Combating the Next Generation of Advanced Malware

Goals. Understanding security testing

Kodak Remote Support System - RSS VPN

CommandCenter Secure Gateway

Secure web transactions system

USE OF PYTHON AS A SATELLITE OPERATIONS AND TESTING AUTOMATION LANGUAGE

Endian Unified Threat Management

Protecting Your Organisation from Targeted Cyber Intrusion

Workday Mobile Security FAQ

The FOSSology Project Overview and Discussion. » The Open Compliance Program. ... By Bob Gobeille, Hewlett-Packard

MOBILIZING ORACLE APPLICATIONS ERP. An Approach for Building Scalable Mobility Solutions. A RapidValue Solutions Whitepaper

Qlik Sense Enabling the New Enterprise

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

HP A-IMC Firewall Manager

Simple, Secure and Flexible VPN solution for home and business

PCISS-1. Job Description: Key Responsibilities: I. Perform troubleshooting& support:

Crestron Electronics, Inc. AirMedia Deployment Guide

Data Center Virtualization and Cloud QA Expertise

Why this lecture exists ITK Lecture 12: Open Source & Cross Platform Software Development

Interlink Networks Secure.XS and Cisco Wireless Deployment Guide

National Endowment for the Arts Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement Exit Conference...

Web Intrusion Detection with ModSecurity. Ivan Ristic

Information Technology Career Cluster Introduction to Cybersecurity Course Number:

Industrial Security for Process Automation

Lessons from Building Asterisk GUIs. Presented by Gaston Draque

Training on Linux System Administration, LPI Certification Level 1

IEC A New Perspective in Substation Automation

Installing IBM Websphere Application Server 7 and 8 on OS4 Enterprise Linux

IQware's Approach to Software and IT security Issues

Networking Basics for Automation Engineers

Securing WebFOCUS A Primer. Bob Hoffman Information Builders

Nixu SNS Security White Paper May 2007 Version 1.2

Advanced Persistent Threats

The Security Framework 4.1 Programming and Design

The Key to Secure Online Financial Transactions

DeltaV System Health Monitoring Networking and Security

Security Design.

CASSIDIAN CYBERSECURITY SECURITY OPERATIONS CENTRE SERVICES

Transcription:

An Open Source SCADA Toolkit Stanley A. Klein Open Secure Energy Control Systems, LLC (301) 565 4025 sklein@cpcug.org This work was supported by the United States Department of Homeland Security

Agenda Project focus and approach Relevant features of IEC 61850 Toolkit overview (architecture, applications, security features, and development sequence) Issues in open source development and use Lessons learned Sources of further information 2

Project Focus and Approach Exploit opportunity for electric utility cost, operational, and security improvements provided by new IEC 61850 standard for substation automation/scada Develop 61850 toolkit for secure SCADA infrastructure Address electric power industry specific security issues Leverage leading edge open source technologies 3

Relevant features of IEC 61850 Object model layered over standard communications Named objects replace numbered points Standard LAN infrastructure replaces point to point wiring Substation Configuration Language (SCL) Substation components represented by standardized objects Plug and play component discovery Standard encryption technology support (WG draft) 4

Toolkit Architecture Concepts Build around web services SOAP engine as core Expand on existing 61850 use of XML technology Extend easily to external interfaces (e.g., CIM) Support role based access control Instantiate object model based on SCL configuration Translate to MMS and other protocols Support usual SCADA functionality 5

Examples of Open Source Leverage Screen GUI tools and SVG diagram tools SOAP engine and related tools Programming languages GNU C/C++ and Python Security tools (Security Enhanced Linux, encryption applications and network protocols, firewall, IDS) PSAT Numerous other miscellaneous tools and libraries 6

OSECS Toolkit Technical Contributions Software for naming substation objects User GUI for form and one line diagram status display/control of substation equipment SCADA master server Web Services engine Server substation model and proxies Open Source implementation of MMS protocol Configuration and integration of numerous other tools 7

Toolkit Intended Applications Management tool for 61850 Substation Config Language Workstation for equipment maintenance or substation HMI Starter or enhanced SCADA for small utilities Control system for distributed generation facilities Substation and control center security appliances (application firewalls and access control gateways) Power System Attack Warning System workstation 8

Toolkit Security Function Examples Secure OS restricts data flows and contains intrusions Role based access control of SCADA objects Network encryption and network firewalls External data can be "pushed" Programmed verification of static settings (e.g., relays) Shift change GUI allows user login without disruption Security violation data collection (intrusion detection) Power System Attack Warning System (PSAWS) 9

Toolkit Development Sequence SCL Management Tool Statically instantiate all objects; support name generation Tree Browser Tree display only; Dynamic; Communication with devices SCADA/Control Center Basic: Dynamic diagrams/forms display selected objects Enhanced: Persistent storage; Pre defined procedures PSAWS Collect and analyze security violation reports against preanalyzed conditions 10

Issues in Open Source Development Need to assess scope and activity of user/maintainer community to avoid dead end software License types and impacts Academic (BSD, MIT) Can be incorporated into proprietary software. No impact on business model or architecture. Reciprocal non GPL (LGPL, MPL, Artistic, others) Business model must focus on support and ancillary services Reciprocal GPL Must integrate as independent works (via files, pipes, messages, etc.) or entire project becomes GPL. 11

Open Source Packaging Distribution methods Source (e.g., script files, repository access) Binary and source Tar files (with possible build issues) Binary and source RPM and Deb packages Yum and Apt get installs Dependency issues Availability Version compatibility System management compatibility 12

Lessons Learned 61850 is less mature than originally anticipated (IEC vs IETF) Naming convention definition (especially standardized naming) is an issue for electric utilities Security policies are difficult for utilities to express 13

For More Information On the toolkit: http://www.osecs.com On open source licensing: http://www.opensource.org or http://www.fsf.org On available open source components and tools: http://freshmeat.net http://cheeseshop.python.org/ (Python repository) http://www.pythonware.com/daily/ (Python project news links) Sourceforge.net (not easy to search) General search engines (e.g., Google) 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information