SCADA System

Component and Function

Agenda Right Click on & choose Open
Hyperlink

®Evolution of Communication System

® SCADA Overview
® Power System Protocols
® Is the Cyber threat real?
® Recommendations for SCADA
security R&D

PSTI\SDP\AD
 Supervisory Control and Data
Acquisition (SCADA)
General Definition


® Industrial measurement and control system

consisting of:
® central host or master (MTU);
® one or more field data gathering and control units or
remotes (RTU's)
® collection of standard and/or custom software used to
monitor and control remotely located field data
elements.
® Generally cover larger geographic areas
® Predominantly open-loop control characteristics
® (may have some elements of closed-loop control and/or
short distance communications)
® Use variety of communications systems (LAN,
wireless, microwave, bus, point-to-point)
PSTI\SDP\AD
Distributed Control Systems
(DCS)
General Definition


® Similar to SCADA systems, used predominately in

factories, treatment plants etc.
® Similar functions to SCADA, but the field data
gathering or control units are usually located within
a more confined area.
® Communications often via a reliable and high speed
local area network (LAN).
® DCS system usually employs significant amounts of
closed loop control.

PSTI\SDP\AD
Secure SCADA and beyond
v We think that there is a great deal to be done in
terms of operationalizing secure versions of
SCADA (Supervisory Control And Data
Acquisition) and DCS (Digital Control Systems) for
the infrastructures considered, especially power,
natural gas, chemical and process control, etc.
v However, the sense was that this infrastructure was
going to be gradually replaced by networked
embedded devices (possibly wireless) as
computing and communication devices become
more user friendly and prevalent. Thus, the major
research recommendations were for an area that
we named Secure Networked Embedded
Systems (SENSE).

PSTI\SDP\AD
SCADA of the Future
® Current SCADA
® Closed systems, limited coordination, unprotected
cyber-infrastructure
® Local, limited adaptation (parametric), manual control
® Static, centralized structure
® Future requirements
® Decentralized, secure open systems (peer-to-peer,
mutable hierarchies of operation)
® Direct support for coordinated control, authority
restriction
® Trusted, automated reconfiguration
® Isolate drop-outs, limit cascading failure, manage
regions under attack
® Enable re-entry upon recovery to normal
operation
® Coordinate degraded, recovery modes

® Diagnosis, mitigation of combined physical, cyber attack

® Advanced SCADA for productivity, market stability,
manageability
®
PSTI\SDP\AD
Secure Network Embedded Systems
Embedded Software prevalent in all critical infrastructures.


Critical to high confidence embedded software are open

source techniques for
® Automated Design, Verification and Validation
® Verified design in a formal, mathematical sense
® Validated design in an engineering sense
® Certifiable design to allow for regulatory and certification
input
® High Confidence Systems
® Narrow waisted middleware
® Trusted abstractions, limited interfaces
® Algorithms and protocols for secure, distributed
coordination and control
® Security and composable operating systems
® Tamper Proof Software
® Generative Programming
® Intelligent Microsystems: infrastructure of the future with
security co-design with hardware and software.
PSTI\SDP\AD
Layers of Secure Network
Embedded Systems
® Physical Layer
® Attacks: jamming, tampering
® Defenses: spread spectrum, priority messages,
lower duty cycle, region mapping, mode
change, tamper proofing, hiding.
® Link Layer
® Attacks: collision, exhaustion, unfairness
® Defenses: error correcting code, rate limitation,
small frames

PSTI\SDP\AD
Layers of Secure Network Embedded Systems
® Network and Routing Layer
® Attacks: neglect and greed, homing, misdirection, black
holes
® Defenses: redundancy, probing, encryption, egress
filtering, authorization, monitoring, authorization,
monitoring, redundancy
® Transport Layer
® Attacks: flooding, desynchronization
® Defenses: client puzzles, authentication
® Embedded System/Application Layer
® Attacks: insider misuse, unprotected operations,
resource overload attacks, distributed service
disruption
® Defenses: authority management (operator
authentication, role-based control authorization),
secure resource management, secure application
distribution services

PSTI\SDP\AD
 Is the SCADA Cyber threat
real?
 The threat is real and proven:
® A disgruntled ex-employee used a port scan and ping-sweep program to
identify active system ports and network IP addresses belonging to an
oil company. On finding an active connection and an open port, he
initiated communication using various software tools downloaded from
the Internet. He subsequently issued instructions to the remote system
and deleted sensitive system related to process control flow.



® Australia March 2000, a failure at a pumping station caused up to 264,000

gallons of raw sewage to flow onto the grounds of a local tourist resort
and eventually into a storm sewer. The problems were traced to
disruptions in the community’s new computerized sewage control
system. On 23 April 2000, police intercepted former employee Vitek
Boden, less than an hour after another control system malfunction. A
search of his vehicle found a two-way radio and antennae, a remote
telemetry system, and a laptop computer.


PSTI\SDP\AD
 Is the SCADA Cyber threat
real?
 In August 2003, the Nuclear Regulatory
Commission confirmed that in January
2003, the Microsoft SQL Server worm
known as Slammer—infected a private
computer network at the Davis-Besse
nuclear power plant in Oak Harbor, Ohio,
disabling a safety monitoring system for
nearly 5 hours. – Note: the plant was off-
line at the time.


PSTI\SDP\AD
 The Bad News

Difficulty in
Time & Money

Hacking a
System

Sophistication of Cyber Defenses

It is only a matter of time and money, they will get in!

PSTI\SDP\AD
 Source : http://standeyo.com/News_Files/NBC/Terrorist_cells.html

Terrorist Cells in
the US
Updated September 3, 2003

DEYO NOTE: Terrorists are a very real and growing

threat in America and to American interests around
the world. It should be assumed these are not the only
cell locations within the US and that they are subject
PSTI\SDP\AD to change.
Is the Terrorist Threat Real?
 Yes, the Terrorist threat is real!


The mid-East Terrorist have:



® Means to carry out an attack

® Motivation
® Ability to access our systems
® Access to technical documentation
® Low barriers to success


PSTI\SDP\AD
Cyber Trends
 Overview of Attack Trends


Trend 1 – Automation; speed of attack tools Trend


5 – Increasingly asymmetric threat
Trend 6 – Increasing threat from infrastructure attacks
 A. Scanning for potential victims. Attack 1 – Distributed denial of service
Attack 2 – Worms
 B. Compromising vulnerable systems Attack 3 – Attacks on the Internet Domain Name System
 C. Propagate the attack.. Cache poisoning
Compromised data
 D. Coordinated management of attack Denial of service
tools. Domain hijacking
Trend 2 – Increasing sophistication of
 Attack 4 – Attacks against or using routers
Routers as attack platforms
attack tools Denial of service.
 A. Anti-forensics. Exploitation of trust relationship between routers.
 B. Dynamic behavior.
 C. Modularity of attack tools.
Trend 3 – Faster discovery of
vulnerabilities
Trend 4 – Increasing permeability of

firewalls
 IPP (the Internet Printing Protocol) and
WebDAV (Web-based Distributed
Authoring and Versioning)
 · ActiveX controls, Java, and JavaScript .
SCADA is susceptible to all the IT threats because of enterprise integration
(See


http://www.cert.org/reports/activeX_report.pd
f.)

PSTI\SDP\AD
 Policy vs. Cyber Attacks
® “Sound policy is a core element of the cyber security management
system. Without it, extensive implementations of routers, firewalls
and intrusion detection systems are misguided..”
® 80% of attacks show weakness in internal processes
® Unauthorized modems
® Disgruntled employee
® You hired a terrorist
® Unauthorized access
® In-sufficient attention to security (leave the door open)
® Security assessment is viewed as a one-time-event that lacks a
metric to allow comparison over time nor assess readiness
® Initial vigilance degrades over time
® Doesn’t keep up with changing cyber threats


No amount of technology will make up for lack of sound

policy.
PSTI\SDP\AD
Recommended Long Term
R&D for SCADA
Needed SCADA R&D
Standards and Methodology:


® Issue: Inability to test the security of

infrastructure systems and to describe the
industry’s security readiness in a consistent
manner.
® R&D Focus: Develop SCADA/process control
security standards and methodologies to
enable assessment of security readiness
over time.

PSTI\SDP\AD
 Needed SCADA R&D
Modeling and Analysis:


® Issue: Inability to model the entire infrastructure

and represent the interdependences
® R&D Focus : Develop scalable and extensible
models of the critical infrastructure to enable
planning, simulation, and predictions of
response to changes. Models should enable
analysis of the impacts of:
® economics,
® human interaction,
® organizational structure,
® technology development
® accidental & malicious faults
PSTI\SDP\AD
 Needed SCADA R&D
Next Generation SCADA Platforms:


® Issue: Multiple generation of legacy systems

control the Nation’s infrastructures. Realities
of low industrial investments in both capital
improvements and research and development
(R&D).
® R&D Focus: Develop strategies to drive the
rapid evolution of SCADA/process control
solutions. R&D must provide a robust,
scalable, evolvable and secure solution.

PSTI\SDP\AD
 Thank You
By
SANJAY D. PATIL
Assistant Director
NPTI

PSTI\SDP\AD