SCADA Cyber Attacks and Security Vulnerabilities: Review



Similar documents
A Proposed Integration of Hierarchical Mobile IP based Networks in SCADA Systems

Data Storage Security in Cloud Computing

Using ISA/IEC Standards to Improve Control System Security

Using Tofino to control the spread of Stuxnet Malware

Are you prepared to be next? Invensys Cyber Security

Design and Implementation of SCADA System Based Power Distribution for Primary Substation ( Monitoring System)

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

a Post-Stuxnet World The Future of Critical Infrastructure Security Eric Byres, P.Eng.

What is Really Needed to Secure the Internet of Things?

Vulnerabilities in SCADA and Critical Infrastructure Systems

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Energy Cybersecurity Regulatory Brief

Scheme to Secure Communication of SCADA Master Station and Remote HMI s through Smart Phones

What is Cyber Liability

A Concise Model to Evaluate Security of SCADA Systems based on Security Standards

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

Effective OPC Security for Control Systems - Solutions you can bank on

What Risk Managers need to know about ICS Cyber Security

Plant Network Security

White Paper. 7 Steps to ICS and SCADA Security. Tofino Security exida Consulting LLC. Contents. Authors. Version 1.0 Published February 16, 2012

Web SCADA Employing Application Program Interface as Data Source

This is a preview - click here to buy the full publication

OPC & Security Agenda

The State of Industrial Control Systems Security and National Critical Infrastructure Protection

Wireless Communications for SCADA Systems Utilizing Mobile Nodes

A Security Mechanism for Remote Monitoring System Security using Smartphone

Security for. Industrial. Automation. Considering the PROFINET Security Guideline

Session 14: Functional Security in a Process Environment

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

CYBER SECURITY. Is your Industrial Control System prepared?

Roger W. Kuhn, Jr. Advisory Director Education Fellow Cyber Security Forum Initiative

ISACA rudens konference

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION

DeltaV System Cyber-Security

SCADA Security: Challenges and Solutions

QUICK REFERENCE GUIDE MOBILE HUMAN MACHINE INTERFACE (HMI): INNOVATION THAT EMPOWERS THE MOBILE OPERATOR

An Introduction to SCADA-ICS System Security. Document Number IG-101 Document Issue 0.1 Issue date 03 February 2015

SCADA City of Raleigh. Martin Petherbridge, CPA, CIA Internal Audit Manager Shirley McFadden, CPA, CIA Senior Internal Auditor

Effective Defense in Depth Strategies

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12

SCADA SYSTEMS AND SECURITY WHITEPAPER

The State-of-the-State of Control System Cyber Security

SOFTWARE-IMPLEMENTED SAFETY LOGIC Angela E. Summers, Ph.D., P.E., President, SIS-TECH Solutions, LP

New York State Energy Planning Board. Cyber Security and the Energy Infrastructure

Security in the smart grid

A 360 degree approach to security

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

future data and infrastructure

Critical Infrastructure & Supervisory Control and Data Acquisition (SCADA) CYBER PROTECTION

High rate and Switched WiFi. WiFi QoS, Security 2G. WiFi a/b/g. PAN LAN Cellular MAN

Cybersecurity Training

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps

Integrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems. Enzo M. Tieghi

Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media

Securing Data Storage in Cloud Computing

AUDITOR GENERAL S REPORT. Protection of Critical Infrastructure Control Systems. Report 5 August 2005

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

10 Hidden IT Risks That Might Threaten Your Law Firm

Redesigning automation network security

Security Threats on National Defense ICT based on IoT

Security Testing in Critical Systems

A New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks. Alex Leemon, Sr. Manager

Dr. György Kálmán

CYBER SECURITY POLICY For Managers of Drinking Water Systems

Data Security Concerns for the Electric Grid

Recommended Practice Case Study: Cross-Site Scripting. February 2007

How To Manage Security On A Networked Computer System

Industrial Control Systems Vulnerabilities and Security Issues and Future Enhancements

Hacking the Industrial SCADA Network II The Latest Threats to Automated Production and Process Management Networks

How Secure is Your SCADA System?

The Christian Science Monitor

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Innovative Defense Strategies for Securing SCADA & Control Systems

The integrated HMI-PLC

How To Secure Cloud Computing

Best Practices for DanPac Express Cyber Security

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

SIMPLIFYING THE PATCH MANAGEMENT PROCESS

Security Issues in SCADA Networks

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction

The Internet of Things (IoT) Opportunities and Risks

for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/

CIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System

Siemens and National Instruments Deliver Integrated Automation and Measurement Solutions

Update On Smart Grid Cyber Security

SCADA Protocols and Security

Cyber security and critical national infrastructure

Cyber Security Considerations in the Development of I&C Systems for Nuclear Power Plants

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is

FERPA: Data & Transport Security Best Practices

PIPELINE ENGINEERING - Pipeline System Automation and Control - C. Bruce Warren and Mike S. Yoon PIPELINE SYSTEM AUTOMATION AND CONTROL

Introduction To SCADA and Telemetry

Content Teaching Academy at James Madison University

Cyber Security for SCADA/ICS Networks

Transcription:

SCADA Cyber Attacks and Security Vulnerabilities: Review Jinan Fiaidhi, Yvette E. Gelogo Department of Computer Science, Lakehead University, Hannam University, Korea jfiaidhi@lakeheadu.ca, vette_mis@yahoo.com Abstract: SCADA plays a vital role in critical infrastructures. As the modern IT technology become very advanced, the threat on industrial control system (ICS) and SCADA security become a big concern of every critical infrastructures operator. With the recent cyber-attacks, the urge to secure the critical infrastructure is a big issue especially for those countries that uses critical infrastructures. In this paper, we discuss the recent cyber-attacks that became threat to SCADA systems. Give some updates with the vulnerabilities and security for SCADA system. The ANSI/ISA-99 Standards was also discussed to Improve Control System Security. We also discussed different aspects that need to be considered in securing SCADA systems. Keywords: SCADA, ICS, ANSI/ISA99, Cryptosystem 1. Introduction The term Supervisory Control and Data Acquisition (SCADA) usually refers to centralized systems which monitor and control entire sites, or complexes of systems spread out over large areas. SCADA systems are vital components of most nations critical infrastructures. They control pipelines, water and transportation systems, utilities, refineries, chemical plants, and a wide variety of manufacturing operations. Most control actions are performed automatically by RTUs or by PLCs. Host control functions are usually restricted to basic overriding or supervisory level intervention. For example, a PLC may control the flow of cooling water through part of an industrial process, but the SCADA system may allow operators to change the set points for the flow, and enable alarm conditions, such as loss of flow and high temperature, to be displayed and recorded. The feedback control loop passes through the RTU or PLC, while the SCADA system monitors the overall performance of the loop. Data acquisition begins at the RTU or PLC level and includes meter readings and equipment status reports that are communicated to SCADA as required. Data is then compiled and formatted in such a way that a control room operator using the HMI can make supervisory decisions to adjust or override normal RTU (PLC) controls. Data may also be fed to a Historian, often built on a commodity Database Management System, to allow trending and other analytical auditing. In this paper we discussed the recent cyber-attacks that threatened the industrial control system (ICS) and SCADA system. We also discussed different aspects that need to be considered in securing SCADA systems. 202

2. Background The following are the SCADA System Components: 1. Operator: Human operator who monitors the SCADA system and performs supervisory control functions for the remote plant operations. 2. Human machine interface (HMI): Presents data to the operator and provides for control inputs in a variety of formats, including graphics, schematics, windows, pull down menus, touch-screens, and so on. 3. Master terminal unit (MTU): The MTU presents data to the operator through the HMI, gathers data from the distant site, and transmits control signals to the remote site. The transmission rate of data between the MTU and the remote site is relatively low and the control method is usually open loop because of possible time delays or data flow interruptions. 4. Communications means: Communication method between the MTU and remote controllers. Communication can be through the Internet, wireless or wired networks, or the switched public telephone network. 5. Remote terminal unit (RTU): Functions as a slave in the master/slave architecture. Sends control signals to the device under control, acquires data from these devices, and transmits the data to the MTU. An RTU may be a PLC. The data rate between the RTU and controlled device is relatively high and the control method is usually closed loop. A Remote Terminal Unit (RTU) is a microprocessor-controlled electronic device that interfaces objects in the physical world to a distributed control system or SCADA (supervisory control and data acquisition system) by transmitting telemetry data to the system and/or altering the state of connected objects based on control messages received from the system. Another term that may be used for RTU is Remote Telemetry Unit, the common usage term varies with the application area generally. An RTU monitors the field digital and analog parameters and transmits all the data to the Central Monitoring Station. SCADA systems are primarily control systems. A typical control system consists of one or more remote terminal units (RTU) connected to a variety of sensors and actuators, and relaying information to a master station [8]. For the most part, the brains of a SCADA system are performed by the Remote Terminal Units (sometimes referred to as the RTU). The Remote Terminal Units consists of a programmable logic converter. The RTU are usually set to specific requirements, however, most RTU allow human intervention, for instance, in a factory setting, the RTU might control the setting of a conveyer belt, and the speed can be changed or overridden at any time by human intervention. In addition, any changes or errors are usually automatically logged for and/or displayed. Most often, a SCADA system will monitor and make slight changes to function optimally; SCADA systems are considered closed loop systems and run with relatively little human intervention [8]. SCADA provides management with real-time data on production, operations, implementations more efficient control paradigms, improves plant and personnel safety, and reduces costs of operation. These benefits are made possible by the use of standard hardware and 203

software in SCADA systems combined with improved communication protocols and increased connectivity to outside networks, including the Internet. [10]. Modern SCADA architectures rely heavily on standard protocols and digital data transmission. 3. Units Recently, there listed cyber-attacks that have been an issue to SCADA systems. The discovery of the Flame malware focused the cyber security world on the sophisticated strikes targeting energy companies in the Middle East. Although Flame s goal was espionage rather than damaging operations as Stuxnet did, it has been seen as one more indication that the industrial world is now in the bull s eye of clever attackers [11]. 3.1 Stuxnet The Stuxnet malware worm has been called an incident that marks a new age of cyber warfare. Stuxnet Central provides a hub for the information that Byres Security has created regarding Stuxnet, along with links to key industry material [1]. Stuxnet is an advanced malware worm that was discovered in July 2010 and that has attacked Siemens PCS7, S7 PLC and WinCC systems around the world. It has infected at least 22 manufacturing sites, and it appears to have impacted its possible target - Iran s nuclear enrichment program [2]. Using human vectors, local area network communications or infected project files, Stuxnet reached its PLC targets. The business practices of today, which involve using remote contractors and support staff, links between the enterprise network and the control networks, and removable media for updates or support, all provide multiple pathways for infection. Even a simple PDF file could be a pathway into your control system [2]. A key to protecting your ICS from a potential Son-of-Stuxnet is to examine all possible infection pathways, not just a single pathway such as a USB key. Develop strategies for discovering, documenting and mitigating ALL transfer of electronic information, regardless of the technology or form of the transfer [2]. 2.2 Flame Flame appears to be a carefully crafted attack toolkit for industrial or political espionage [5]. Flame shares many characteristics with notorious cyber weapons Duqu and Stuxnet: while its features are different, the geography and careful targeting of attacks coupled with the usage of specific software vulnerabilities seems to put it alongside those familiar super-weapons currently deployed in the Middle East by unknown perpetrators. Flame can easily be described as one of the most complex threats ever discovered. It s big and incredibly sophisticated. It pretty much redefines the notion of cyberwar and cyberespionage [6]. Currently there are three known classes of players who develop malware and spyware: hacktivists, cybercriminals and nation states. Flame is not designed to steal money from bank accounts. It is also different from rather simple hack tools and malware used by the hacktivists. So by excluding cybercriminals and hacktivists, we 204

come to conclusion that it most likely belongs to the third group. In addition, the geography of the targets (certain states are in the Middle East) and also the complexity of the threat leaves no doubt about it being a nation state that sponsored the research that went into it [6]. From the initial analysis, it looks like the creators of Flame are simply looking for any kind of intelligence - e-mails, documents, messages, discussions inside sensitive locations, pretty much everything. We have not seen any specific signs indicating a particular target such as the energy industry - making us believe it s a complete attack toolkit designed for general cyber-espionage purposes [5][6]. Of course, like we have seen in the past, such highly flexible malware can be used to deploy specific attack modules, which can target SCADA devices, ICS, critical infrastructure and so on [5][6]. Fig.1. Flame Infection Methods. Source:Securelist.com, Tofino.com As illustrates in Figure 1, like Stuxnet, it has multiple propagation vectors USB keys, printer sharing, and domain controller rights to name a few. An analysis of the data from 1982 to 2010 found that the type of incidents affecting control systems breaks down as follows [2]: 50% of incidents were accidental in nature 30% of incidents were due to malware 11% of incidents were due to external attackers 9% of incidents were due to internal attackers 4. Using ANSI/ISA-99 Standards to Improve Control System Security 205

Security experts generally agree that the most effective way to prevent the rapid spreading is to make use of zone based defenses as described in the ANSI/ISA- 99.02.01 and IEC-62443 standards. The concept is to break up the network into security zones. Between the zones, industrial firewalls are installed with rules that block the protocols that Stuxnet uses for infection and communications. This way, if a Stuxnet infection does accidentally occur, it is limited to a small number of machines in a single zone [12]. ANSI/ISA-99 is a complete security life-cycle program for industrial automation and control systems. It consists of 11 standards and technical reports on the subject, a number of which have been publicly released as American National Standards Institute (ANSI) documents. Work products from the ISA99 committee are also submitted to International Electrotechnical Commission (IEC) as standards and specifications in the IEC 62443 series [3]. ANSI/ISA-99 introduces the concepts of zones and conduits as a way to segment and isolate the various sub-systems in a control system. A zone is defined as a grouping of logical or physical assets that share common security requirements based on factors such as criticality and consequence. Equipment in a zone has a security level capability. If that capability level is not equal to or higher than the requirement level, then extra security measures, such as implementing additional technology or policies, must be taken [3]. 5. Choosing the Right Security Approach There have been a lot of proposed security approaches for SCADA system. Every security provider uses different kinds of security strategies. The question now is how to choose the right security mechanism? In order to improve the SCADA system security, the following aspect must be considered: Authentication: Authentication is the process of verifying a user or other entity s identity. This is typically done to permit someone or something to perform a task. There is variety of authentication system, some are stronger than others. A strong authentication system ensures that the authenticators and messages of the actual authentication protocol are not exchanged in a manner that makes them vulnerable to being hijacked by an intermediate malicious node or person. That is, the information used to generate a proof of identity should not be exposed to anyone other than the person or machine it is intended for. Authorization: Authorization is when the system decides whether or not a certain entity be allowed to perform a requested task. This decision is made after authenticating the identity in question. When considering an authentication system for a particular application, it is crucial to understand the type of identifier required to provide a certain level of authorization. Confidentiality: Confidentiality is needed when the message sent contains sensitive material that should not be read by others and therefore must not be sent in a comprehensible format. A loss of confidentiality is the unauthorized disclosure of information. 206

Confidentiality, as it relates to security and encryption techniques can be obtained by encrypting messages such that only intended recipient are able to read them. Integrity: Integrity is ensuring that the data presented are true and valid master source of the data and includes guarding against improper information modification or destruction to ensure information non-repudiation and authenticity. A loss of integrity is the unauthorized modification, insertion, or destruction of information. One way of ensuring of data integrity is by using simple checksums which prevent an attacker from forging or replaying messages. Checksum is usually implemented when the channel between communication parties is not secure and ensure that the data has reached its destination with all bits intact, if bits have been modified, that the modification will not go unobserved. Non-Repudiation: Non-repudiation is ensuring that a traceable legal record is kept and has not been changed by a malicious entity. A loss on non-repudiation would result in the questioning of the transaction that has occurred. A simple example of non-repudiation is signing o contract. The signer cannot claim they did not agree a contract because there is an evidence that they did agree. The difference is that a signature can be forger but good encryption cannot. By considering the above aspects, we can now easily figure out the things that we need to consider. 6.Conclusion and Future Works Cyber-attacks are now becoming a big threat in internet world. Being connected to internet, SCADA systems are vulnerable for cyber-attacks. The recent cyber-attacks urge to deploy more secure critical infrastructures. Using ANSI/ISA-99 standard to improved control system security is now being pursued by many security providers. We also discussed different aspects that we need to consider in designing a more secure SCADA system. Our future works is to study different an appropriate security mechanism for every zones and conduits described in ANSI/ISA-99 standards. Study an appropriate cryptosystems and other physical protection for network system. References 1 http://www.tofinosecurity.com/stuxnet-central 207

2 Eric Byres, Summing up Stuxnet in 4 Easy Sections - (plus Handy Presentation), Tofino Security, March 2011, http://www.tofinosecurity.com/blog/summing-stuxnet-4-easysections-plus-handy-presentation 3 Eric Byres, P. Eng., ISA Fellow, Using ANSI/ISA-99 Standards to Improve Control System Security, White Paper, Tofino Security, Version 1.1, Published May 2012. 4 Eric Byres, P. Eng., ISA Fellow, 7 Steps to ICS and SCADA Security, White Paper, Tofino Security, Version 1.1, Published May 2012, February 16, 2012 5 Eric Byres, Flame Malware and SCADA Security: What are the Impacts? Blog, Tofino Security, May 2012, http://www.tofinosecurity.com/blog/flame-malware-and-scadasecurity-what-are-impacts 6 Alexander Gostev, The Flame: Questions and Answers, Securelist Blog, Kaspersky, May 2012 https://www.securelist.com/en/blog/208193522/the_flame_questions_and_answers 7 Study of Security Attributes of Smart Grid Systems Current Cyber Security Issues, http://www.inl.gov/scada/publications/d/securing_the_smart_grid_current_issues.pdf 8 Ronald L. Krutz, "Securing SCADA Systems" Wiley Publishing, Inc. 9 6DEPLOY IPv6 Training, Athens, 22/06/201, http://www.6deploy.eu/workshops/20100621_athens/8%20ipv6%20and%20sensor%20ne tworks.pdf 10 Tai-hoon Kim, Securing Communication of SCADA Components in Smart Grid Environment International Journal of Systems Applications, Engineering & Development, Issue 2, Volume 5, 2011. 11 Eric Byres, Stuxnet Warfare The Gloves are Off, http://www.tofinosecurity.com/blog/stuxnet-warfare-%e2% 80%93-gloves-are 12 MTL,http://www.mtl-inst.com/images/uploads/datasheets/ App_Notes/AN-BYRES119.pdf 208

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information