Securing SCADA critical network against internal and external threats

Similar documents
Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

DNP Serial SCADA to SCADA Over IP: Standards, Regulations Security and Best Practices

Anomaly Intrusion Detection System in Wireless Sensor Networks: Security Threats and Existing Approaches

Intro to Firewalls. Summary

Security Issues in SCADA Networks

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Industrial Control Systems Vulnerabilities and Security Issues and Future Enhancements

Improving SCADA Control Systems Security with Software Vulnerability Analysis

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

Project 25 Security Services Overview

CS5008: Internet Computing

SCADA Security Measures

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

Chapter 8 Security Pt 2

Holistic View of Industrial Control Cyber Security

Denial of Service in Sensor Networks

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

How To Protect A Web Application From Attack From A Trusted Environment

Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

Thwarting Selective Insider Jamming Attacks in Wireless Network by Delaying Real Time Packet Classification

A Review of Anomaly Detection Techniques in Network Intrusion Detection System

Journal of Internet Banking and Commerce

An Implementation of Secure Wireless Network for Avoiding Black hole Attack

Network Security Administrator

Performance Evaluation of Intrusion Detection Systems

Cloud Database Storage Model by Using Key-as-a-Service (KaaS)

Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified

Second-generation (GenII) honeypots

8. Firewall Design & Implementation

Detection of Distributed Denial of Service Attack with Hadoop on Live Network

A TWO LEVEL ARCHITECTURE USING CONSENSUS METHOD FOR GLOBAL DECISION MAKING AGAINST DDoS ATTACKS

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

Basics of Internet Security

Hypervisor Security - A Major Concern

Secure Networking for Critical Infrastructure Using Service-aware switches for Defense-in-Depth deployment

Protecting Critical Infrastructure

A Resilient Protection Device for SIEM Systems

Innovative Defense Strategies for Securing SCADA & Control Systems

: SENIOR DESIGN PROJECT: DDOS ATTACK, DETECTION AND DEFENSE SIMULATION

OPC & Security Agenda

Firewalls, Tunnels, and Network Intrusion Detection

How To Protect Your Network From Attack From Outside From Inside And Outside

Compter Networks Chapter 9: Network Security

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

Firewalls Overview and Best Practices. White Paper

Lesson 5: Network perimeter security

A NOVEL OVERLAY IDS FOR WIRELESS SENSOR NETWORKS

A Model-based Approach to Self-Protection in SCADA Systems

DDoS Attack Traceback

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Customized Data Exchange Gateway (DEG) for Automated File Exchange across Networks

A Catechistic Method for Traffic Pattern Discovery in MANET

information security and its Describe what drives the need for information security.

Intrusion Detection for Mobile Ad Hoc Networks

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Preventing DDOS attack in Mobile Ad-hoc Network using a Secure Intrusion Detection System

Cisco Advanced Services for Network Security

Cyber Security for SCADA/ICS Networks

CYBER SECURITY: SYSTEM SERVICES FOR THE SAFEGUARD OF DIGITAL SUBSTATION AUTOMATION SYSTEMS. Massimo Petrini (*), Emiliano Casale TERNA S.p.A.

SE 4C03 Winter 2005 Firewall Design Principles. By: Kirk Crane

Symantec Enterprise Firewalls. From the Internet Thomas Jerry Scott

Man, Machine and DDoS Mitigation

COSC 472 Network Security

A Proposed Architecture of Intrusion Detection Systems for Internet Banking

CYBER ATTACKS EXPLAINED: PACKET CRAFTING

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Security for. Industrial. Automation. Considering the PROFINET Security Guideline

Why a Network-based Security Solution is Better than Using Point Solutions Architectures

Guideline on Firewall

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense

Layered Approach of Intrusion Detection System with Efficient Alert Aggregation for Heterogeneous Networks

Taxonomy of Intrusion Detection System

Prediction of DDoS Attack Scheme

Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed)

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

74% 96 Action Items. Compliance

EC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led

Monitoring for network security and management. Cyber Solutions Inc.

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

Cyber Security Evaluation of the Wireless Communication for the Mobile Safeguard Systems in uclear Power Plants

WHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems

An Alternative Model Of Virtualization Based Intrusion Detection System In Cloud Computing

CNA 432/532 OSI Layers Security

ΕΠΛ 674: Εργαστήριο 5 Firewalls

Security Policy JUNE 1, SalesNOW. Security Policy v v

Single Sign-On Secure Authentication Password Mechanism

Ashok Kumar Gonela MTech Department of CSE Miracle Educational Group Of Institutions Bhogapuram.

Botnet Detection by Abnormal IRC Traffic Analysis

You Don t Know What You Can t See: Network Security Monitoring in ICS Rob Caldwell

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Missing the Obvious: Network Security Monitoring for ICS

Wireless Network Security

Online Network Traffic Security Inspection Using MMT Tool

SCADA System Security. ECE 478 Network Security Oregon State University March 7, 2005

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

Guidance Regarding Skype and Other P2P VoIP Solutions

POLIWALL: AHEAD OF THE FIREWALL

Transcription:

Securing SCADA critical network against internal and external threats Anas ABOU EL KALAM a, Mounia EL ANBAL a,b, Siham BENHADDOU b, Hicham MEDROMI b and Fouad MOUTAOUAKKIL b a IPI Paris, IGS Group, Paris, France b Systems architectures Team, Hassan II University, ENSEM Casablanca, Morocco

Plan Problematic Related work Our vision Advantages & Perspectives 2 / 15

General problematic Why are these networks targeted by hackers? SCADA networks are least protected networks designed to operate 30 years but their openness to other IP networks had not been considered. physical security has supplanted logical security on these networks [1] Many new ICS and SCADA systems are open to Internet which allows the access and the use of ICS and SCADA infrastructure. This raised a number of new potential threats and vulnerabilities such as malware infection, DoS attacks,...etc. 3 / 15

Related work The SCADA architecture is a cluster architecture, it includes 3 levels: Command level Control level Field level 1 2 3 HMI RTU sensors Servers IED 4 / 15

Related Work Approaches [8] et [5] ModbusSec [8] Abnormal behavior Detection [5] Approach [6] Malicious activities Detection [6] Figure 1: Example of a SCADA network environment 5 / 15

Approach 1 : Log monitoring strategy [5] Data captured the field node Control level devices record data in the Log (RTU) Detection engine Supervision of the Log Data Generate thresholds If the detection is false Command node (HMI) Decision engine The operator SCADA produces an Alert If the decision identifies malicious activity Figure 2 : Log monitoring architecture in SCADA System 6 / 15

Approach 2 : Secure Modbus using SCTP and HMAC [8] No Modbus feasible secure implementation exists. Modbus dependence on TCP as a transport mechanism has many inherent security risks Increased susceptibility to denial of service attacks SCTP Using the SCTP stream transmission control protocol Modbus Sec Ensure the availability, integrity and authenticity of Modbus messages. Modbus/TCP HMAC hash message authentication code 7 / 15

Approach 3 : Modbus/TCP Packet monitoring [5] Command table Controller table Figure 5 : Modbus/TCP packet monitoring 8 / 15

Analysis 1 2 3 4 No protection against Internal threats No protection against External threats No multi level protection No recovery measure 9 / 15

Our Vision Intelligent FW Modbus/TCP Packet monitoring and ModbusSec Detecting malicious activities 10 / 15

The proposed Intelligent firewall 11 / 15

The proposed Architecture 12 / 15

Advantages & Perspectives Defense in depth Self-Healing Recovery Intrusion Tolerance Masking technique Secure Communication Protocol Modbus Sec Multi Layers protection 13 / 15

Attack Caused by Solution Zone Any attacks Internet Intelligent firewall Internet command level Message spoofing Lack Device authentication ModbusSec : HMAC Replay attacks Denial of service Man-in-the-middle Doorknob-rattling attack Access control The occurrence of at least six failed logins in the log within 30 seconds and Command and control level Selective Forwarding and Black Hole attack Compromised nodes The mechanism uses acknowledgement (ACK) Sybil attack Malicious sensors Our Log records the location with their Ids when a node sends data to its destination. If two identities are recorded from the same Location, Log infers that it is a malicious node. Control and field level Jamming attack Jammer nodes If the traffic from the same Node Identity repeats for above or equal to a threshold value it may be from adversaries to cause jamming in the network 14 / 15

Bibliography 1. Gao, J., Liu, J., Rajan, B., Nori, R., Fu, B., Xiao, & Philip Chen, C. L. (2014). SCADA communication and security issues. Security and Communication Networks, 7(1), 175-194. 2. Psaier, H., Dustdar, and S.: A survey on self-healing systems: approaches and systems. Computing 91(1), 43 73 (2011) 3. Shahzad, A., Musa, S., Aborujilah, A., & Irfan, M. (2013, December). Se-cure Cryptography Testbed Implementation for SCADA Protocols Security. In Advanced Computer Science Applications and Technologies (ACSAT), 2013 International Conference on (pp. 315-320). IEEE. 4. Shahzad, A., Xiong, N., Irfan, M., Lee, M., Hussain, S., & Khaltar, B. (2015, July). A SCADA intermediate simulation platform to enhance the system security. In Advanced Communication Technology (ICACT), 2015 17th Inter-national Conference on (pp. 368-373). IEEE. 5. Kim, B. K., Kang, D. H., Na, J. C., & Chung, T. M. (2015). Detecting Ab-normal Behavior in SCADA Networks Using Normal Traffic Pattern Learning. InComputer Science and its Applications (pp. 121-126). Springer Berlin Hei-delberg. 6. Pramod, T. C., & Sunitha, N. R. (2013, July). An approach to detect malicious activities in SCADA systems. In Computing, Communications and Networking Technologies (ICCCNT), 2013 Fourth International Conference on (pp. 1-7). IEEE. 7. Sousa, P., Bessani, A. N., Dantas, W. S., Souto, F., Correia, M., & Neves, N. F. (2009, June). Intrusion-tolerant self-healing devices for critical infrastructure protection. In Dependable Systems & Networks, 2009. DSN'09. IEEE/IFIP International Conference on (pp. 217-222). IEEE. 8. Hayes, G., & El-Khatib, K. (2013, June). Securing modbus transactions using hash-based message authentication codes and stream transmission control protocol. In Communications and Information Technology (ICCIT), 2013 Third International Conference on (pp. 179-184). IEEE. 9. Chen, Q., & Abdelwahed, S. (2014, April). Towards realizing self-protecting SCADA systems. In Proceedings of the 9th Annual Cyber and Information Security Research Conference (pp. 105-108). ACM. 10. 10. Blangenois, J., Guemkam, G., Feltus, C., & Khadraoui, D. (2013, Sep-tember). Organiza-tional Security Architecture for Critical Infrastructure. In Availability, Reliability and Securi-ty (ARES), 2013 Eighth International Con-ference on (pp. 316-323). IEEE. 11. 11. Ghosh D, Sharman R, Raghav Rao H, Upadhyaya S (2007) Self-healing systems survey and synthesis. Decis Support Syst 42(4):2164 2185 12. 12. Panja, B., Oros, J., Britton, J., Meharia, P., & Pati, S. (2015, June). Intelligent gate-way for SCADA system security: A multi-layer attack prevention approach. In Computational Intel-ligence and Virtual Environments for Measurement Systems and Applications (CIVEMSA), 2015 IEEE International Conference on (pp. 1-6). IEEE. 13. 13. A. Ameziane, A. Abou El Kalam, B. Bouhoula, R. Abbassi, A., Ait Ouahman, "Integrity-OrBAC: A new model to preserve Critical Infrastruc-tures Integrity". International Journal of Information Security, Springer, 2014, DOI 10.1007/s10207-014-0254-9 15 / 15

Slide title Slide content Please do not alter the format of this template and do not exceed 15 slides Important: Each paper has a 20-minute slot: 15 min for presentation & 5 min for questions and discussion Speakers are kindly required to respect the time limit 16 / 15

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information