• No results found

SCADA Security Measures

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "SCADA Security Measures"

Copied!
42
0
0

Loading.... (view fulltext now)

Download now ( 42 Page )

Full text

(1)

Systems and Internet Infrastructure Security

Network and Security Research Center

Department of Computer Science and Engineering Pennsylvania State University, University Park PA

SCADA Security Measures

(2)

Paper 1:

The VIKING Project - Towards more

Secure SCADA Systems

Written by: Gunnar Björkman Presented by: Diana Koshy

(3)

Type of Paper

• Expository

• This paper discusses a future project aimed at

analyzing the security of SCADA systems.

(4)

The Problem:

Security on SCADA systems needs to

be improved…

(5)

The Problem

• SCADA systems need to be secure since a

problem with the system has dire consequences

• Security is non-trivial since the systems are very

complex and must perform under strict conditions

(6)

The Problem

• Risks come from insiders as well as new access points

opened by connecting the SCADA system to corporate networks, engineers, contractors, vendors, etc.

These risks have been somewhat mitigated by firewalls and Demilitarized Zones (DMZs)

• Risks also come from use of standardized protocols,

hardware and software

Communication protocols are becoming more standardized to allow different hardware to

(7)

The Solution

“The objective of the VIKING project is to develop, test and evaluate methodologies for the analysis, design and operation of resilient and secure

(8)

Background

Structure of a SCADA System

• Sensors

• Remote Terminal Units (RTUs) • Station Control Systems

• Central Control System

• Workstations

• Front-End Servers • SCADA Servers • Archive Servers

(9)

The Solution

• The VIKING project aims to take a holistic

(10)

The Solution: VIKING Goals

1. Assess security risk and (financial) consequences of an

attack on a SCADA system

2. Create a tool that can quantify security for comparison

across different systems

3. Use model-based system as IDS

4. Secure power system communication

5. Be able to identify vulnerable spots in a SCADA system

6. Create a system that can be used to test security solutions

(11)

The Solution: Method

Create 3 models:

1. power system model

- used to model the effects of an attack on electricity supply

2. society model

- used to gauge economic consequences of an attack

3. SCADA system models

(architectural and cyber-physical)

(12)

The Assumptions

None

The paper was just summarizing a proposed project.

(13)

Paper 2:

21 Steps to Improve Cyber Security of

SCADA Networks

Written by: US Department of Energy Presented by: Diana Koshy

(14)

Type of Paper

• Best-practices paper

• This paper proposes 21-steps to take in order to

alleviate the security problem inherent in current SCADA systems

(15)

The Problem

• SCADA systems were not designed with security

in mind

• Organizations using SCADA networks need to

(16)

The Solution

2 Categories:

1. Actions to Take to Increase Security

2. Management Actions to Establish Effective

(17)

The Solution: Actions to Take

1. Understand the risk, protection and necessity of

every connection to the SCADA network

2. Make the network as isolated as possible and

use safe methods for data transfer

3. Analyze and implement a strong security

strategy for all remaining connections

4. Remove or disable unused services provided by

(18)

The Solution: Actions to Take

5. Proprietary (obscure) protocols should not be

mistaken for secure protocols

6. Enable and configure all security features

already present and/or demand upgrades

7. Secure backdoors and vendor connections

8. Monitor for internal and external intrusions

(19)

The Solution: Actions to Take

9. Conduct audits of the system to find common

vulnerabilities

10.Check physical security of all remote sites that

communicate with the SCADA system

11.Put together a “Red Team” to come up with

(20)

The Solution: Management

12.Clearly define roles and responsibilities for all

organization personnel

13.Document the information security architecture

and its components

14.Identify risks and vulnerabilities and create an

ongoing risk management process

15.Base protection strategy on defense-in-depth

(21)

The Solution: Management

16.Create a clear, structured security program with

delineated requirements

17.Establish configuration management processes 18.Conduct routine self-assessments

19.Create system backups and disaster recovery

(22)

The Solution: Management

20.Establish an expectation for strong security for

all levels of personnel

21.Train personnel to prevent disclosure of

(23)

The Assumptions

None

(24)

Paper 3:

SCADA-specific Intrusion

Detection/Prevention Systems: A

Survey and Taxonomy

Written by: Bonnie Zhu and Shankar Sastry Presented by: Diana Koshy

(25)

Type of Paper

• Survey paper

• This paper discusses past work on

Classification and characteristics of attacks SCADA-specific IDS attempts

(26)

The Problem

• SCADA systems are vulnerable

Standardized protocols, software and hardware De-isolation of SCADA systems

(27)

The Problem

• Specific Vulnerabilities Listed:

HMI controller: Can falsify what operator sees sensor-HMI link: Can spy on what operator sees

actuator-controller link: Can see what actuators are told to do

sensor threshold values and settings: Can modify settings

(28)

The Problem

• Security research on SCADA systems is lacking Unrealistic testing environments

Poorly analyzed threat models

IDS implementations specific to different SCADA environments

Lack of analysis of false positives/false negatives of IDSs

(29)

The Problem

• 100% prevention of attacks is impossible Must combine prevention with detection

• Can’t use existing IDSs since SCADA is different It is a hard real-time system, which means

timeliness, freshness of data, and availability are

crucial

Its terminal devices have limited computing and memory resources

(30)

The Solution

• Create SCADA-specific IDS and security metrics • Ideal system should be able to:

detect and block intrusions in real time do so without interrupting performance

do so without extra burdens due to false positives do so despite normal noise

(31)

The Solution

Types of IDS:

• signature detection approach • anomaly detection approach • probabilistic approach

• specification-based approach • behavioral detection approach

(32)

The Solution

All of these can be applied to different parts of SCADA systems

(33)

The Solution: Past Work

Model-Based IDS for SCADA Using Modbus/TCP

• Uses the fact that network traffic on a SCADA

system is relatively constant to find anomalies

(34)

The Solution: Past Work

Anomaly-Based IDS

1. AutoAssociative Kernel Regression and

Statistical Probability Ratio Test

- monitor anomalous non-malicious activity to establish baseline - use baseline database to compare with new activity

2. Multi-Agent IDS Using Ant Clustering Approach

and Unsupervised Feature Extraction

-use multiple intelligent agents to perform IDS duties

-monitor agents capture packets, extract features and perform PCA

-decision agents perform clustering and notify of abnormalities -action agents respond to threats accordingly

(35)

The Solution: Past Work

Configurable Embedded Middleware-Level Detection

• put a detection system in the middle of the

communication channels

kind of like a firewall

• easiest to incorporate since few changes to

(36)

The Solution: Past Work

Intrusion Detection and Event Monitoring in SCADA Networks

• specific to SCADA power-grid and RTUs • automatically produce signatures for

unauthorized access

• store settings and details of each SCADA device

(37)

The Solution: Past Work

Model for Cyber-Physical Interaction

1. Power Plant interfacing Substations through

Probabilistic validation of attack-effect bindings

2. Workflow-based non-intrusive approach for

enhancing the survivability of

(38)

The Solution: Past Work

Model for Cyber-Physical Interaction

1. Power Plant interfacing Substations through

Probabilistic validation of attack-effect bindings

probabilistically build a profile of legitimate data flows and main characteristics of normal information

exchange

(39)

The Solution: Past Work

Model for Cyber-Physical Interaction

2. Workflow-based non-intrusive approach for

enhancing the survivability of

critical infrastructures in Cyber Environment

separate SCADA system into cyber, physical, and workflow layers

each physical component is a node in workflow layer model functionality and attack patterns

(40)

The Solution: Past Work

Modeling Flow Information and other Control Systems Behavior To Detect Anomalies

• analyzes flow on the network (so only good for

network layers)

• combine anomaly-, behavioral-, and

specification-based techniques to detect abnormal behavior

(41)

The Solution: Past Work

SHARP

• uses authentication and privilege escalation

protection to detect and block

(42)

The Assumptions

None

References

Download now ( PDF - 42 Page - 915.85 KB )

Related documents

Affective Neuroscience - The Foundations of Human and Animal Emotions

But even at the low­ est levels, behavioral spontaneity is achieved through the types of flexible neural circuits animals possess, whereby behavioral "master

LLIN Evaluation in Uganda Project (LLINEUP) - Impact of long-lasting insecticidal nets with, and without, piperonyl butoxide on malaria indicators in Uganda: study protocol for a cluster-randomised trial.

We address the following research question: ‘Are com- bination LLINs (with PBO) more effective than conven- tional LLINs (without PBO) for malaria control in Uganda, an area

Tractable diffusion and coalescent processes for weakly correlated loci

In particular, we previously conjectured (Jenkins and Song, 2010) the existence of a process which is both much simpler than the standard models based on the Wright-Fisher diffusion

The diamagnetic angular momentum of an electron

I show that the kinetic orbital angular momentum of the electron can be represented as a sum of three components: the canonical an- gular momentum associated with a vortex, the

VoLTE_Parametros.pptx

I/S-CSCF /BGCF DRA PCRF VoLTE SBC MGCF IBCF SAE GW/ GGSN/PC EF DNS /ENUM eMSC GMSC CallSignature Platform CRBT Platform VoLTEAS /IM-SSF IN SCP MME/ SGSN IP-SM- GW Sh Mw SGi Rx Gx Mx

bikenjutsu

right and cutting down into the enemy’s left shoulder.” Quote from Manaka Unsui.. Mahoutsukai

HEMORRHOID(case study)

Internal hemorrhoids are located inside the rectum or anal canal, and are usually not painful.. This is because the anal canal does not have many

An examination of janitor services sourcing factors in secondary schools in Hong Kong

sourcing decision. It aims to identify the motivation and resistance factors for the.. outsourcing of the schools janitor services. The relative importance and. weighting of each