SCADA System Security. ECE 478 Network Security Oregon State University March 7, 2005



Similar documents
The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/

Designing a security policy to protect your automation solution

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

TABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Recommended IP Telephony Architecture

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

Secure Substation Automation for Operations & Maintenance

Windows Remote Access

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Basics of Internet Security

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

Topics in Network Security

Wireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Understanding SCADA System Security Vulnerabilities

Introduction of Intrusion Detection Systems

Network Security Infrastructure Testing

Security Issues with Integrated Smart Buildings

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Virtual Private Networks Solutions for Secure Remote Access. White Paper

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

VOIP THE ULTIMATE GUIDE VERSION /23/2014 onevoiceinc.com

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Process Control and Automation using Modbus Protocol

Wireless VPN White Paper. WIALAN Technologies, Inc.

SCADA SYSTEMS AND SECURITY WHITEPAPER

Recommended Wireless Local Area Network Architecture

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB

Locking down a Hitachi ID Suite server

Executive Summary and Purpose

Security Testing in Critical Systems

Using a VPN with Niagara Systems. v0.3 6, July 2013

7.1. Remote Access Connection

Network Management System (NMS) FAQ

Network Access Security. Lesson 10

8. Firewall Design & Implementation

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Network Security. by David G. Messerschmitt. Secure and Insecure Authentication. Security Flaws in Public Servers. Firewalls and Packet Filtering

Overview. Firewall Security. Perimeter Security Devices. Routers

CMS Operational Policy for Firewall Administration

Roger W. Kuhn, Jr. Advisory Director Education Fellow Cyber Security Forum Initiative

Logical & Physical Security

Benefits of Network Level Security at the RTU Level. By: Kevin Finnan and Philippe Willems

Utility Telecom Forum. Robert Sill, CEO & President Aegis Technologies February 4, 2008

Network Instruments white paper

Voice Over IP (VoIP) Denial of Service (DoS)

The next generation of knowledge and expertise Wireless Security Basics

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Using a VPN with CentraLine AX Systems

HC900 Hybrid Controller When you need more than just discrete control

March

VPN. Date: 4/15/2004 By: Heena Patel

Global Partner Management Notice

GE Measurement & Control. Cyber Security for NEI 08-09

How To Protect Power System From Attack From A Power System (Power System) From A Fault Control System (Generator) From An Attack From An External Power System

Protecting Critical Infrastructure

Emerson s Smart Wireless and WIB Requirements

Link Layer and Network Layer Security for Wireless Networks

Building Secure Network Infrastructure For LANs

Remote Access Security

IT Security Standard: Network Device Configuration and Management

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Security for. Industrial. Automation. Considering the PROFINET Security Guideline

Security in Wireless Local Area Network

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

IPv6 SECURITY. May The Government of the Hong Kong Special Administrative Region

Securing EtherNet/IP Using DPI Firewall Technology

Security vulnerabilities in the Internet and possible solutions

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction

Securing VoIP Networks using graded Protection Levels

Overview. Summary of Key Findings. Tech Note PCI Wireless Guideline

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

HMS Industrial Networks. Putting industrial applications on the cloud

SECURING AN INTEGRATED SCADA SYSTEM. Technical Paper April 2007

United States Trustee Program s Wireless LAN Security Checklist

SCADA/Business Network Separation: Securing an Integrated SCADA System

Site to Site Virtual Private Networks (VPNs):

A Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model

74% 96 Action Items. Compliance

Enterprise A Closer Look at Wireless Intrusion Detection:

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is

Load Balance Router R258V

Protecting Your Organisation from Targeted Cyber Intrusion

Building A Secure Microsoft Exchange Continuity Appliance

Cisco Advanced Services for Network Security

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

Secure Software Programming and Vulnerability Analysis

Transcription:

SCADA System Security ECE 478 Network Security Oregon State University March 7, 2005 David Goeke <goeked@engr.orst.edu> Hai Nguyen <nguyehai@onid.orst.edu>

Abstract Modern public infrastructure systems use Supervisory Control and Data Acquisition (SCADA) systems for daily operation. This includes water treatment systems; electric power transmission, distribution, and generation; petroleum storage and refineries; and other public infrastructure systems. The SCADA system provides monitoring, data analysis, and control of the equipment used to manage most public infrastructure systems. The SCADA network is comprised of various communication devices. Routers, switches, wireless equipment, serial connections, proprietary hardware monitors, and various computers are used. This project will examine common SCADA control network implementations to determine possible weaknesses and solutions.

Table of Contents 1. SCADA Overview...... 4 2. Security Overview..... 5 2.1. RTU Security..... 6 2.2. Server Security.... 6 2.3. Network Security.... 6 2.3.1. Network Access.... 7 2.3.2. Network Segmentation.. 7 2.3.3. External Access... 8 2.3.4. RF Security..... 9 2.4. The MODBUS Protocol... 10 2.4.1. Securing MODBUS... 10 3. Conclusion....... 11 4. Glossary of Terms..... 12 5. Bibliography...... 14

1. SCADA Overview SCADA systems are used in industrial and civil engineering applications to control and monitor distributed systems from a central location. SCADA solutions are implemented in a wide variety of industries including Electric power generation, transmission, and distribution, Environmental Control Systems, Traffic Signals, Water management systems, and Manufacturing systems. Hardware solutions utilize switches, pumps, and other devices that are controlled by Remote Telemetry Units (RTU). Sever units then monitor the hardware and collect values, as well as provide control features that allow the operator remotely manage the physical equipment. The server unit runs a management package that typically runs on top of a Unix variant, although many vendors are beginning to provide Microsoft Windows support. A Human-machine interface allows the operator to view the state of the plant equipment. Dumb terminals or PC s usually host this interface. Alarms are used to alert the operator that intervention is required to keep things running smoothly. A wide variety of networking equipment is then used to connect all of these components together. Wireless technology is popular for its ability to span long distances with minimal equipment. Fiber gives greater reliability but incurs far more expense. Serial technologies utilize dedicated copper wiring or Telco POTS lines. Common protocols include Modbus and DNP3. Although originally designed to run on low-bandwidth proprietary networks, many protocols have included extensions to operate over TCP/IP. Figure 1 shows a simple SCADA network implementation. The system involves a Server unit that controls a serial based traffic signal system, as well as a water treatment plant and several stream flow monitors connected using wireless technology in the 2.4 GHz range. Two monitoring stations provide user control of the system.

2. Security overview Due to the nature of what they control, SCADA networks are part of our nation s critical infrastructure and require protection from a variety of threats. When initially designed, SCADA equipment was designed for maximal functionality. As a result many security risks were exposed to maximize the communication efficiency. This makes many SCADA networks potentially vulnerable to attack. These attacks could result in disruption of service, manipulation of data, or unauthorized control of the connected equipment. The United States Department of Energy states that: Action is required by all organizations, government or commercial, to secure their SCADA networks as part of the effort to adequately protect the nation s critical infrastructure. (U.S. Dept. of Energy, 2002) This paper will address several potential vulnerabilities of SCADA systems and possible solutions. The report will be broken down into 5 parts: RTU s, Server security, Protocol Analysis, Network infrastructure security, as well as miscellaneous topics.

2.1 RTU Security The RTU, or Remote Telemetry Unit is a device which interfaces objects in the physical world to a SCADA system. An example of this is attaching an RTU to a water pump to allow monitoring and control of the pump. Serial and Ethernet interfaces are common on these units, as well as null-modem management interfaces. Physical security must first be evaluated. Secure facilities must be acquired which limits access to authorized personnel only. Secondly, the RTU configuration must be analyzed. Management interfaces should be disabled or utilize the strongest authentication. Firmware should be upgraded to the latest stable release. All unused features should be disabled. 2.2 Server Security The Server unit is vulnerable to several types of attack. Unauthorized access may be obtained using a network or modem based attack, or by visiting the physical location. Another risk is an attack that damages the server and makes it inoperable. Security must first be obtained through restricting access to authorized users only. Physically locate the server in a safe location that restricts access to authorized users only. Proper access controls should be implemented to verify the identity of the user. If passwords are used they should be changed frequently. Biometric devices are also helpful. The operating system must also be hardened. Any unnecessary software and services should be removed. Apply all stable patches to the system. Communication protocols must be configured for maximal security. Protocol security is covered in greater depth in the section labeled Protocol Security. 2.3 Network Security The network infrastructure is the most visible piece of the SCADA system, which makes it an obvious location for attack. As security provider Riptech points out, there is a common misconception that SCADA networks use strong access controls. In reality most SCADA systems utilize hardware from many different manufactures which require the integration of different communication standards. (Riptech

Inc, 2001) The result is often usually a very functional system, but due to the increased complexity security concerns are often ignored. A second misconception is the belief that the SCADA system resides on a separate standalone network. Most SCADA systems were originally built on separate standalone networks, but were eventually bridged as a result of changes in information management practices. The need for real-time data became desirable on the corporate network. Corporate decision makers wanted the critical data from their operations systems. Many of these connections are implemented without a full understanding of the security risks. In addition to these misconceptions certain network mediums present their own set of security risks. Sniffing, Denial of Service (DOS) and spoofing attacks are all serious threats. There are several steps that can be taken to minimize the threat and impact of such vulnerabilities and attacks. 2.3.1 Network Access All network connection points must be identified. This includes Ethernet ports, Wireless Links, and Serial connections. All unused and unnecessary ports need to be disabled. The network architecture should be segmented in such a way to provide access control between different segments. Data warehousing and server network segments should be especially well secured. 2.3.2 Network Segmentation In spite of the best security practices there still exists a possibility that an attacker may gain unauthorized access. Network IDS systems provide an additional layer of monitoring to alert you to the presence of unauthorized access. An IDS system is basically a network vacuum that contains advanced data analysis tools to examine network traffic and identify likely attacks. Network IDS systems should be established on both the internal network, as well as the connecting external networks to monitor for incidents.

2.3.3 External Access In certain instances external access to the SCADA network may be necessary. Vendors may need access, or connections to the corporate network may be necessary. Every one of these connections presents a serious threat. It is extremely important that all external access points be identified. Determine what specific access is needed. Identify the methods used to connect. All access points should implement proper security measures. Firewalls and IDS monitors should be used. Firewall rules should be as specific as possible, allowing only the bare minimum access to the SCADA network. Make sure to implement outbound filtering as well to prevent internal SCADA hosts from accessing hosts on the external networks. Any communication that is happening between the SCADA network and other networks should utilize secure protocols. Plaintext protocols present the greatest threat and should be secured. One technique of securing plaintext communication is to wrap the communication inside a VPN tunnel. A VPN creates a virtual route between two networks where all data that is transmitted is encrypted. Desirable VPN products utilize IPSEC and SSL encryption. Avoid products using PPTP as it has been shown defective. Access controls should also be implemented to restrict access to specific IP address ranges to minimize the likelihood that a potential attacker would even discover the service as is shown in figure 2.

2.3.4 RF Security Wireless communications devices are popular for SCADA networks due to the long distances between monitoring stations. A typical architecture involves point-to-point links operating at either 900 MHz or 2.4 GHz. Newer systems are adopting the 802.11 standards while legacy utilize proprietary data link level protocols. The security of 802.11 is an entire subject to itself and this paper will not attempt to cover it. The focus of this section is to identify the common wireless threats to the RF transmission. Wireless communication presents a huge security and stability problem. The broadcast nature of the data allows it to be recorded and analyzed at a later date. At this point 128 bit encryption provides adequate protection from this attack. The control features of SCADA networks require that adequate bandwidth be available to transmit data to the RTU. This is hard to guarantee when using wireless technologies. Each frequency has a limited amount of bandwidth so competing devices may take bandwidth. A hostile attack is also possible using an RF generation device. By transmitting random RF noise it is possible to flood the available frequency space and block the SCADA control traffic. This attack is easily tracked with the proper directional antennas, but the temporary loss of control could prevent corrective action at the RTU and cause an accident. Several actions can be taken to reduce the risk of this attack, but it is physically impossible to prevent it when using the public airspace for transmission. Highly directional antennas will reduce the amount of interfering RF signal. Acquiring licenses for limited use commercial frequencies will reduce interference, but the potential for signal jamming still exists. Wireless does not provide the service guarantee needed for mission critical control systems. It is however a good method for monitoring and control of non-essential RTU s where the loss of communication is unlikely to cause an incident.

2.4 The MODBUS Protocol The MODBUS protocol is currently one of the most popular protocols for use with SCADA systems. It is an application layer messaging protocol that provides client/server '()*+,-$# communication between devices connected through different types of busses or networks. It has been an industry standard for device automation using serial communication since 1979. Today the protocol has been adapted to function over TCP/IP, where it uses TCP port 502. Figure 3 shows the basic protocol structure for both serial and TCP/IP communication. MODBUS is a request/reply protocol. The packet is broken down into an application data unit (ADU) which contains a simple protocol data unit (PDU). The PDU contains a one byte function code and the data field. The data field contains additional information that the server uses to take the defined action. 2.4.1 Securing MODBUS!" #$#%&% When MODBUS was developed in the 70 s it provided adequate security for the current threats being faced. Most communication was taking place on isolated serial networks using private lines. Attacks required a very specific knowledge of which lines were being use, and generally required physical access. With the TCP implementation the security rules have changed. Interconnected networks span the globe allowing creative attackers to potentially exploit the system from anywhere around the globe. The clear-text nature of the protocol makes it especially vulnerable. Monitoring data can be gathered with ease, and passwords may be gleaned from the transmission. In order to protect this protocol we must wrap it inside an encryption medium. An IPSEC VPN connection should be used to encapsulate the traffic whenever it is traveling across a vulnerable medium. Some examples of vulnerable mediums include non-scada and wireless networks.

Conclusion SCADA networks are diverse systems. The integration of legacy hardware with new technologies leads to a vast array of technologies and protocols being used. The integration of these technologies is typically oriented towards functionality with little thought for security. On the other hand SCADA networks are used to monitor and control many mission-critical systems used for power generation, water management, transportation system control, and other industrial applications. A security breach of these mission-critical services could have devastating effects. In some instances lives could be lost and financial losses could be immense. The security of these systems is critical for the operation of our society. Security of these services should have high priority. The security of the system is dependent on the individual security of each component. Breaches can happen on all levels. RTU units most be properly configured to limit exposure and physical plant security must be implemented to limit access. Server security consists of hardening the underlying operating system and eliminating all unnecessary services. Network security is a diverse topic. Disconnect all unnecessary connections. Segment the network into logical groupings and use Access Controls to restrict unwanted traffic. Monitor your network and be aware of what is enter and leaving. Intrusion Detection packages should be used to automate this monitoring. Eliminate all plain-text communication traversing the corporate network but wrapping it inside an encryption layer with VPN technology. To summarize, implement proper physically security, properly configure all devices to permit only necessary communication, and use monitoring tools to verify security policy is being followed and warn of attacks.

2.4 Glossary of Terms IDS: An intrusion detection system (IDS) inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system. IPSEC: Short for IP Security, a set of protocols developed by the IETF to support secure exchange of packets at the IP layer. IPsec has been deployed widely to implement Virtual Private Networks (VPN). SSL: Short for Secure Sockets Layer, a protocol developed by Netscape for transmitting private documents via the Internet. SSL works by using a private key to encrypt data that's transferred over the SSL connection. PPTP: Short for Point-to-Point Tunneling Protocol, a new technology for creating Virtual Private Networks (VPN), developed jointly by Microsoft Corporation, U.S. Robotics, and several remote access vendor companies, known collectively as the PPTP Forum. VPN: Short for Virtual Private Network, a network that is constructed by using public wires to connect nodes. DOS: Short for Denial-Of-Service attack, a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic. Modbus: An open, serial communications protocol based on the master/slave architecture. Modbus is a protocol that provides the internal standard that Modicon controllers use for parsing messages. Commonly used for SCADA communication. DNP3: A protocol for transmission of data from point A to point B using serial communications. SCADA: Acronym for Supervisory Control and Data Acquisition, a computer system for gathering and analyzing real time data. RTU: Short for remote Telemetry Unit. In SCADA systems, an RTU is a device installed at a remote location that

collects data, codes the data into a format that is transmittable and transmits the data back to a central station, or master. POTS: Short for Plain Old Telephone Service, which refers to the standard telephone service that most homes use.

2.5 Bibliography Office of Energy Assurance, U.S. Department of Energy. (2002). 21 Steps to Improve Cyber Security of SCADA Networks. Retrieved March 1, 2005 from the World Wide Web: http://www.ea.doe.gov/pdfs/21stepsbooklet.pdf Riptech Inc. (Jan, 2001). Understanding SCADA System Security Vulnerabilities. Retrieved March 1, 2005 from the World Wide Web: http://www.iwar.org.uk/cip/resources/utilities/scadawhitepaperfinal1.pdf

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information