A 360 degree approach to security

Similar documents
SCADA Security: Challenges and Solutions

How Secure is Your SCADA System?

Cyber security and critical national infrastructure

INFORMATION TECHNOLOGY SECURITY STANDARDS

Notes on Network Security - Introduction

Defense in Cyber Space Beating Cyber Threats that Target Mesh Networks

Security Issues with Integrated Smart Buildings

WHITEPAPER. Smart Grid Security Myths vs. Reality

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

OPC & Security Agenda

for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs

IY2760/CS3760: Part 6. IY2760: Part 6

HANDBOOK 8 NETWORK SECURITY Version 1.0

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction

COSC 472 Network Security

Potential Targets - Field Devices

Chap. 1: Introduction

Protecting Organizations from Cyber Attack

Cyber Security for SCADA/ICS Networks

Security in Wireless Local Area Network

What is Really Needed to Secure the Internet of Things?

Keeping SCADA Networks Open and Secure DNP3 Security

What is Cyber Liability

Integrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems. Enzo M. Tieghi

Security Testing in Critical Systems

Network Security 101 Multiple Tactics for Multi-layered Security

Emerson s Smart Wireless and WIB Requirements

AMI security considerations

CS 356 Lecture 29 Wireless Security. Spring 2013

Chapter 6: Fundamental Cloud Security

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Securing Distribution Automation

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

chap18.wireless Network Security

Topics in Network Security

Cyber Security Management for Utility Operations by Dennis K. Holstein (Opus Publishing) and Jose Diaz (Thales esecurity)

Security Awareness. Wireless Network Security

Wireless Security with Cyberoam

Wireless Network Security

External Supplier Control Requirements

Codes of Connection for Devices Connected to Newcastle University ICT Network

DeltaV System Cyber-Security

HIPAA Security Considerations for Broadband Fixed Wireless Access Systems White Paper

1 Purpose Scope Roles and Responsibilities Physical & Environmental Security Access Control to the Network...

Effective OPC Security for Control Systems - Solutions you can bank on

ISACA rudens konference

CNA NetProtect Essential SM. 1. Do you implement virus controls and filtering on all systems? Background:

Advanced Topics in Distributed Systems. Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech

Secure Networking for Critical Infrastructure Using Service-aware switches for Defense-in-Depth deployment

Designing a security policy to protect your automation solution

This is a preview - click here to buy the full publication

Security Threats in Demo Steinkjer

EnergyAxis System: Security for the Smart Grid

future data and infrastructure

Chapter 1: Introduction

NERC CIP Requirements and Lexmark Device Security

Who is Watching You? Video Conferencing Security

Considerations for Hybrid Communications Network Technology for Pipeline Monitoring

ITL BULLETIN FOR AUGUST 2012

GOOD PRACTICE GUIDE PROCESS CONTROL AND SCADA SECURITY GUIDE 1. UNDERSTAND THE BUSINESS RISK

SCADA System Security. ECE 478 Network Security Oregon State University March 7, 2005

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION

Passing PCI Compliance How to Address the Application Security Mandates

Draft ITU-T Recommendation X.805 (Formerly X.css), Security architecture for systems providing end-to-end communications

Information Security Services

Link Layer and Network Layer Security for Wireless Networks

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Protecting Your Organisation from Targeted Cyber Intrusion

Wireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz , ICSG 2014

Basics of Internet Security

Energy Cybersecurity Regulatory Brief

Cyber Security Implications of SIS Integration with Control Networks

GE Intelligent Platforms. Meeting NERC Change Control Requirements for HMI/SCADA and Control Systems

BANKING SECURITY and COMPLIANCE

Building A Secure Microsoft Exchange Continuity Appliance

Recommended Wireless Local Area Network Architecture

State of the State of Control System Cyber Security

Acano solution. Security Considerations. August E

Security for. Industrial. Automation. Considering the PROFINET Security Guideline

CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

GOOD PRACTICE GUIDE PROCESS CONTROL AND SCADA SECURITY

CS5008: Internet Computing

Wireless Encryption Protection

Holistic View of Industrial Control Cyber Security

Secure access to a water treatment plant s SCADA network

Best Practices for DanPac Express Cyber Security

Intelligent. Buildings: Understanding and managing the security risks

Unit 3 Cyber security

Transcription:

June 2012, issue 1-1 SCADA communications A 360 degree approach to security Contents 1. The need for 360 degree security 2 2. Considerations in a 360 degree approach 3 3. Implementing a 360 degree approach 7 4. Aprisa SR security feature summary 9 5. Conclusions 10 6. References 11

Page 2 SCADA communications A 360 degree approach to security 1 The need for 360 degree security Would Edison recognise today s electricity distribution grid? With ever increasing automation and communication, more and more devices connected to the now two way network, and the use of IP and open standards, the electricity and information technology worlds are merging. There are now more network entry points and the grid is increasingly vulnerable to attacks, the types and sources of which continue to evolve. The long term approach that utilities take with regard to asset management means that upgradeability is essential, which creates further vulnerabilities. A changing world Security used to mean network resilence and security of electricity supply. With the changing grid, cyber security is dominating the headlines. Pike Research estimates that worldwide smart grid cyber security spending will reach over $1.7 billion in 2013. [1] Data and management interfaces Security fundamentals Standards and recommendations Types and sources of attack Figure 1: Considerations in a 360 approach to security For the communications connecting SCADA systems, simply bolting on security measures as an afterthought is not acceptable. A comprehensive and in depth approach to cyber security is the only way to protect the network, what we at 4RF call 360 degree security. This means taking into account four key factors: Security fundamentals: the key pillars of security best practice Sources and types of attack, whether accidental or malicious Types of interfaces: management and data, for all types of traffic Security standards and recommendations: the best in class

Page 3 SCADA communications A 360 degree approach to security 2 Considerations in a 360 degree approach 2.1 Security fundamentals There are four key pillars to the security of industrial control systems: Integrity: preventing the unauthorised modification of information Availability: preventing the denial of a service Confidentiality: preventing the unauthorised access to information Non-repudiation: preventing the denial of an action For critical infrastructure, reliability is one of the most important properties of such networks, due to the severity of the consequences of its neglect. It is therefore not enough to address just the most commonly addressed issues of confidentiality and non-repudiation, which can be addressed through the use of publicly recognised encryption and authentication standards and algorithms. Reliability is achieved through maintaining integrity and availability and these are the two most important aspects of security to consider for the monitoring and control of critical infrastructure, as documented in the NIST SP 800 82 standard [4]. Today s cyber security issues The Stuxnet worm, delivered as part of an industrial control system, is only one of the more recent cyber attacks to have been widely publicised. By September 2010, there were approximately 100,000 infected hosts. [2] More than half of the malicious software threats that have ever been identified were identified in 2009. [3] 20,547 18,827 New malicious software threats 69,107 113,025 140,690 624,267 1,656,227 2,895,802 2002 2003 2004 2005 2006 2007 2008 2009 With regard to integrity, the communications network must ensure that a control message received by a remote asset is the same message that was originally sent to that asset. Catastrophic consequences could result if the system was compromised and a halt message changed to a run message, for example. With regard to availability, there needs to be an assurance that messages sent to a remote asset actually arrive at their destination. Again, catastrophic consequences could result if an important control message instructing a remote asset to halt never arrives.

Page 4 SCADA communications A 360 degree approach to security 2.2 Sources and types of attack Today, cyber security is rarely out of the headlines. In the past, attacks were typically initiated from inside the communications network, with the disgruntled employee being the classic example. However, more recently, attacks have been initiated primarily from external sources. Even as far back as mid-2006, before the smart grid term was widely adopted, the majority of attacks were external. The source of these attacks varies from script-kiddie hackers through to statesponsored attacks or terrorism. The rise in such external attacks is due in part to the extensive use of standardsbased technology such as IP, WiFi, USB and the Internet, and the fact that critical infrastructure networks are growing in response to drivers for greater control and monitoring. There are numerous types of attack on industrial control systems. Some of the most important types of attack are defined in the table below: Changing sources of cyber attack 7% 26% 52% 15% (A) 5% 31% Type of attack Examples Initial compromise / management Eavesdropping: attacker monitors data travelling over a network for message content such as authentication credentials or passwords Cracking: attacker gains unauthorised access to a network or element of a network (B) 4% 60% Traffic analysis: attacker monitors data travelling over a network for message patterns that enable protocol identification Accidental External Adult / other Internal Availability / denial of service Integrity / man in the middle Flooding: attacker creates illegitimate signals whose presence means legitimate data signals are denied access to a network Jamming: attacker creates a significant illegitimate signal, the presence of which means that legitimate data signals on a network are masked Message modification: attacker intercepts legitimate messages and then alters and transmits these messages, such as to alter the intended operation of a remote asset via a modified control message Message replay: attacker intercepts legitimate messages and then retransmits these messages, for example transmitting legitimate messages to party one in order to attack party two without party two s knowledge Figure 2: Changing sources of cyber attack: (A) 1982-2001 and (B) 2002- June 2006 [5]

Ethernet Ethernet USB Serial Wireless Wireless Page 5 SCADA communications A 360 degree approach to security 2.3 Types of interfaces When developing a secure communications product, another of the key considerations for a 360 degree approach to security is the interfaces between the product and the outside world. There are two main types of interface to the system: Data path, representing all the interfaces used for the transport of external data over the network Management path, representing all interfaces used to maintain the communications network itself Considering the specifics of a radio communications network, the primary data interfaces are the wireless interface and the various wired interfaces, which may include serial and Ethernet connections. Management interfaces include the wireless interface for remote management as well as wired interfaces such as Ethernet and USB for local element management. Management Data Figure 3: Multiple management and data interfaces All interfaces in such a product need to be considered as any of them could be used to compromise the product and hence the network as a whole. Management interfaces are as important as data interfaces and identifying and protecting all of the interfaces is key to a 360 degree approach to security.

Page 6 SCADA communications A 360 degree approach to security 2.4 Security standards and recommendations While continuing to evolve, security standards and recommendations are many and varied, including reference designs for industrial control systems, publicly available cyber security standards and advice and guidelines from government groups for critical infrastructure protection. Mandatory standards will become the norm, with standards becoming more stringent. With a 360 degree approach to security, two key issues must be considered: Such standards, recommendations and guidelines must be taken into account at the time of system design, to ensure they are embodied throughout the product, rather than added in later Security measures within the product need to be able to be upgraded as cyber security threats evolve and best practice and standards evolve, both for new production and for products already in the field Some relevant standards and recommendations are listed below: Hacking and disruption incidents [6] The Stuxnet worm is only one of the recent widely reported incidents. February 2009: highly evasive Conficker/Downadup worm inlects 12 million computers, stealing information (BBC) June 2008: "Security Hole Exposes Utilities to Internet Attack" (Associated Press) May 2008: SCADA vulnerability control software used by onethird of industrial plants (SC Magazine) IEC / TR 62443 (TC65) NIST SP 800-82 Industrial Communications Networks Network and System Security Guide to Industrial Control Systems (ICS) Security March 2008: emergency 2-day shutdown of Hatch nuclear plant from software update on one business computer FIPS PUB 197 NIST FP 800-38C CPNI Advanced Encryption Standard Recommendation for Block Cipher Modes of Operation. The CCM Mode for Authentication and Confidentiality Centre for the Protection of National Infrastructure Feruary 2008: retail Chinese digital picture frame virus steals passwords and financial info (SF Chronicle) General guidelines for industrial security are provided in the IEC/TR 62443 [7] and NIST SP 800-82 [8] documents, with the NIST guidelines introducing integrity and availability as the two most important security pillars out of the four fundamentals that also include confidentiality and non-repudiation. January 2008: hackers turn out the lights in multiple cities and demand extortion payments (Associated Press) Public domain cyber security standards are provided in FIPS-197 [9] and NIST SP 800-38C [10], focusing on encryption and authentication. These address the security fundamental of confidentiality, which, while not a main design criteria for critical infrastructure communications design, is a necessary component of many authentication schemes required for network integrity. The use of public standards is crucial, since algorithmic flaws in closed systems are quickly revealed with public domain scrutiny. The AES and CCM algorithms have withstood such scrutiny and are the recommended algorithms for securing the types of data present in industrial communications networks. In addition to these standards and recommendations, government groups that provide advice specifically for critical infrastructure protection, such as the CPNI in the UK, which regularly publishes information that is particularly relevant when designing communications equipment and networks.

Page 7 SCADA communications A 360 degree approach to security 3 Implementing a 360 degree approach A 360 degree approach to security can be implemented through incorporating the four key considerations outlined in Section 1 and described in more detail in Section 2, taken into account from the outset. The Aprisa SR point-to-multipoint SCADA radio embodies a vast range of security features that combine to do just this: AES encryption, configurable as 128, 192 or 256 bit encryption, applied to all management and user data carried across the network CCM authentication to ensure that all data is from an authorised source Proprietary modulation / coding: based on the IEEE 802.15.4 standard Licensed frequency bands, which offers protection from RF interference from unauthorised users Direct conversion receiver architecture: the use of a high performance synthesiser and direct conversion architecture greatly improves interference performance Multiple user authorisation levels: applying authorisation levels and privileges limits the radio parameters that can be accessed by end-users Limiting the number of personnel who can change functional settings reduces the potential of inadvertent change or malicious tampering: view-only, technician, engineer and admin, with differing privileges Basic authentication with user name and password, ensuring that the end user must be approved by the system administrator before gaining access to the radio Session cookie over HTTPS on web interface, providing a secure connection to the SuperVisor web browser management application The use of session cookies, which expire when the end-user s browser is closed, provides increased user authentication Automatic logout: in the event of a user failing to end their management session, SuperVisor will automatically terminate the session, after a predetermined time, and prevent unauthorised access to the radio No displayed output during boot sequence: limiting output data, and closing ports, during system start-up prevents the ability to interrupt the start-up sequence and compromise the operation of the radio No user access to terminal s file system: the core operating system of the radio is not accessible to, or programmable by, the end-user thus ensuring the core functionality of the radio cannot be compromised Telnet port block: restricting Telnet access prevents unauthorised access to the management functions of the radio

Page 8 SCADA communications A 360 degree approach to security ICMP block: blocking ICMP data protects the network should it become subject to a denial of service attack FTP block: limiting access to file transfer functionality prevents unauthorised users transferring and uploading malicious files over the communications network Encrypted USB data for software upgrades: all software upgrades are encrypted and are checked for authenticity before the upgrade process commences so if an unauthorised USB is inserted into the radio it is ignored Integrity check on software upgrades: during the software upgrade process the new software is checked for authentication and integrity before it becomes active on the radio. If invalid files are discovered during the upgrade process, the process is terminated Secure over the air updates of the radio network s encryption key: changing the encryption key at regular intervals greatly improves network security. Key Encryption Key (KEK) functionality is used to securely transfer the encryption key over the air and is managed using the secure connection to SuperVisor

Ethernet management Ethernet data USB management Serial data Wireless management Wireless data Message replay Message modification Jamming Flooding Traffic analysis Cracking Eavesdropping Integrity Availability Page 9 SCADA communications A 360 degree approach to security 4 Aprisa SR security feature summary The features described above combine to create a powerful platform that not only takes into account security fundamentals, attack sources and types, interface types and security recommendations and guidelines, but is also upgradeable over the air as standards change. The following table summarises how each security feature contributes to the security fundamentals, attack types and interface types: Feature Fund. Attack type Interface type AES encryption CCM authentication Prop modulation/coding Licensed freq. Direction conversion User levels Basic authentication Cookie over HTTPS Automatic logout No boot output display Term. file sys no access Telnet port block ICMP block FTP block S/W upgrade USB enc. S/W upgrade integrity

Page 10 SCADA communications A 360 degree approach to security 5 Conclusions As monitoring, control and automation become more widespread in electricity networks, their communications networks become more open and are more vulnerable, to both accidental disruption and malicious threats or cyber terrorism. A 360 degree approach to security takes into account security fundamentals, types and sources of attack, the data and management interfaces of the system and the best in class security recommendations. It also extends to system upgradeability to take into account the increasingly stringent requirements that governments and regulatory bodies will impose over the life of assets in the field. Ethernet data Data and management interfaces Wireless management Serial data Security IEC Ethernet management Wireless data fundamentals Integrity NIST FIPS USB management Traffic analysis Cracking Flooding Availability Non-repudiation Confidentiality CPNI Standards and recommendations Message modification Eavesdropping Jamming Message replay Types and sources of attack Figure 4: Summary of a 360 degree approach to security When it comes to your critical infrastructure, a 360 degree approach to security is not just smart, it is essential.

Page 11 SCADA communications A 360 degree approach to security 6 References 1. Pike Research: Smart Grid: Ten Trends to watch in 2011 and Beyond, www.pikeresearch.com About 4RF 2. Symantec Security Response: W32.Stuxnet Dossier, Version 1.1 (October 2010), www.symantec.com 3. HM Government: Securing Britain in an Age of Uncertainty: The Strategic Defence and Security Review, October 2010, www.direct.gov.uk/sdsr 4. NIST SP 800 82: Guide to Industrial Control Systems (ICS) Security; Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC) 5. The Industrial Ethernet Book: Security incidents and trends in SCADA and process industries, May 2007 6. Pipeline & Gas Journal: Hacking the Industrial SCADA Network, Frank Dickman, November 2009 7. IEC/TR 62443 Industrial communication networks Network and system security Part 3 1: Security technologies for industrial automation and control systems 8. Federal Information Processing Standards (FIPS) Publication 197: Announcing the Advanced Encryption Standard 9. NIST SP 800-38C: Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality Operating in more than 130 countries, 4RF solutions are deployed by utilities, oil and gas companies, international aid organisations, public safety, military and security organisations, transport companies, broadcasters, enterprises and telecommunications operators. The Aprisa SR is a smart, secure, pointto-multipoint radio for SCADA and monitoring and control communications. 26 Glover Street Ngauranga Wellington 6035 NEW ZEALAND Telephone +64 4 499 6000 Facsimile +64 4 473 4447 Email sales@4rf.com www.4rf.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information