SCADA System Component and Function
Dec 06, 2015
SCADA SystemComponent and Function
PSTI\SDP\AD
Agenda
SCADA Overview Power System Protocols Is the Cyber threat real? Recommendations for SCADA
security R&D
Evolution of Communication System
PSTI\SDP\AD
Supervisory Control and Data Acquisition (SCADA)
General Definition Industrial measurement and control system
consisting of: central host or master (MTU); one or more field data gathering and control units or remotes
(RTU's) collection of standard and/or custom software used to
monitor and control remotely located field data elements. Generally cover larger geographic areas Predominantly open-loop control characteristics
(may have some elements of closed-loop control and/or short distance communications)
Use variety of communications systems (LAN, wireless, microwave, bus, point-to-point)
PSTI\SDP\AD
Distributed Control Systems (DCS)General Definition Similar to SCADA systems, used predominately in
factories, treatment plants etc. Similar functions to SCADA, but the field data
gathering or control units are usually located within a more confined area.
Communications often via a reliable and high speed local area network (LAN).
DCS system usually employs significant amounts of closed loop control.
PSTI\SDP\AD
Secure SCADA and beyond We think that there is a great deal to be done in
terms of operationalizing secure versions of SCADA (Supervisory Control And Data Acquisition) and DCS (Digital Control Systems) for the infrastructures considered, especially power, natural gas, chemical and process control, etc.
However, the sense was that this infrastructure was going to be gradually replaced by networked embedded devices (possibly wireless) as computing and communication devices become more user friendly and prevalent. Thus, the major research recommendations were for an area that we named Secure Networked Embedded Systems (SENSE).
PSTI\SDP\AD
SCADA of the Future Current SCADA
Closed systems, limited coordination, unprotected cyber-infrastructure
Local, limited adaptation (parametric), manual control Static, centralized structure
Future requirements Decentralized, secure open systems (peer-to-peer, mutable
hierarchies of operation) Direct support for coordinated control, authority restriction Trusted, automated reconfiguration
Isolate drop-outs, limit cascading failure, manage regions under attack
Enable re-entry upon recovery to normal operation Coordinate degraded, recovery modes
Diagnosis, mitigation of combined physical, cyber attack Advanced SCADA for productivity, market stability,
manageability
PSTI\SDP\AD
Embedded Software prevalent in all critical infrastructures. Critical to high confidence embedded software are open source techniques for
Automated Design, Verification and Validation Verified design in a formal, mathematical sense Validated design in an engineering sense Certifiable design to allow for regulatory and certification input
High Confidence Systems Narrow waisted middleware
Trusted abstractions, limited interfaces Algorithms and protocols for secure, distributed coordination and
control Security and composable operating systems Tamper Proof Software
Generative Programming Intelligent Microsystems: infrastructure of the future with
security co-design with hardware and software.
Secure Network Embedded Systems
PSTI\SDP\AD
Layers of Secure Network Embedded Systems
Physical Layer Attacks: jamming, tampering Defenses: spread spectrum, priority messages,
lower duty cycle, region mapping, mode change, tamper proofing, hiding.
Link Layer Attacks: collision, exhaustion, unfairness Defenses: error correcting code, rate limitation,
small frames
PSTI\SDP\AD
Layers of Secure Network Embedded Systems Network and Routing Layer
Attacks: neglect and greed, homing, misdirection, black holes
Defenses: redundancy, probing, encryption, egress filtering, authorization, monitoring, authorization, monitoring, redundancy
Transport Layer Attacks: flooding, desynchronization Defenses: client puzzles, authentication
Embedded System/Application Layer Attacks: insider misuse, unprotected operations, resource
overload attacks, distributed service disruption Defenses: authority management (operator authentication,
role-based control authorization), secure resource management, secure application distribution services
PSTI\SDP\AD
Is the SCADA Cyber threat real?
The threat is real and proven: A disgruntled ex-employee used a port scan and ping-sweep program to
identify active system ports and network IP addresses belonging to an oil company. On finding an active connection and an open port, he initiated communication using various software tools downloaded from the Internet. He subsequently issued instructions to the remote system and deleted sensitive system related to process control flow.
Australia March 2000, a failure at a pumping station caused up to 264,000 gallons of raw sewage to flow onto the grounds of a local tourist resort and eventually into a storm sewer. The problems were traced to disruptions in the community’s new computerized sewage control system. On 23 April 2000, police intercepted former employee Vitek Boden, less than an hour after another control system malfunction. A search of his vehicle found a two-way radio and antennae, a remote telemetry system, and a laptop computer.
PSTI\SDP\AD
Is the SCADA Cyber threat real?
In August 2003, the Nuclear Regulatory Commission confirmed that in January 2003, the Microsoft SQL Server worm known as Slammer—infected a private computer network at the Davis-Besse nuclear power plant in Oak Harbor, Ohio, disabling a safety monitoring system for nearly 5 hours. – Note: the plant was off-line at the time.
PSTI\SDP\AD
The Bad News
Tim
e &
Mon
ey
Sophistication of Cyber Defenses
It is only a matter of time and money, they will get in!
Difficulty in Hacking a System
PSTI\SDP\AD
Source : http://standeyo.com/News_Files/NBC/Terrorist_cells.html
Terrorist Cells in the US
Updated September 3, 2003
DEYO NOTE: Terrorists are a very real and growing threat in America and to American interests around the world. It should be assumed these are not the only cell locations within the US and that they are subject to change.
PSTI\SDP\AD
Is the Terrorist Threat Real?
Yes, the Terrorist threat is real!
The mid-East Terrorist have: Means to carry out an attack Motivation Ability to access our systems Access to technical documentation Low barriers to success
Cyber Trends
PSTI\SDP\AD
Policy vs. Cyber Attacks “Sound policy is a core element of the cyber security management
system. Without it, extensive implementations of routers, firewalls and intrusion detection systems are misguided..”
80% of attacks show weakness in internal processes Unauthorized modems Disgruntled employee You hired a terrorist Unauthorized access In-sufficient attention to security (leave the door open)
Security assessment is viewed as a one-time-event that lacks a metric to allow comparison over time nor assess readiness Initial vigilance degrades over time Doesn’t keep up with changing cyber threats
No amount of technology will make up for lack of sound policy.
Recommended Long Term R&D for SCADA
PSTI\SDP\AD
Needed SCADA R&D
Standards and Methodology: Issue: Inability to test the security of
infrastructure systems and to describe the industry’s security readiness in a consistent manner.
R&D Focus: Develop SCADA/process control security standards and methodologies to enable assessment of security readiness over time.
PSTI\SDP\AD
Needed SCADA R&DModeling and Analysis: Issue: Inability to model the entire infrastructure
and represent the interdependences R&D Focus : Develop scalable and extensible
models of the critical infrastructure to enable planning, simulation, and predictions of response to changes. Models should enable analysis of the impacts of: economics, human interaction, organizational structure, technology development accidental & malicious faults
PSTI\SDP\AD
Needed SCADA R&DNext Generation SCADA Platforms: Issue: Multiple generation of legacy systems
control the Nation’s infrastructures. Realities of low industrial investments in both capital improvements and research and development (R&D).
R&D Focus: Develop strategies to drive the rapid evolution of SCADA/process control solutions. R&D must provide a robust, scalable, evolvable and secure solution.
PSTI\SDP\AD
Thank You
BySANJAY D. PATILAssistant DirectorNPTI