Engineering and Cybersecurity Hongyi Wu, PhD Director, Center for Cybersecurity Education and ResearchOld Dominion University Norfolk, VA
Engineering and Cybersecurity After completing this module, students will be able to: • Discuss the impact of cyber technology on engineering systems • Identify common vulnerabilities in engineering cyber systems • Discuss the impact of cyber attacks on engineering systems • Describe fundamental design principles for securing engineering cyber systems
Industrial Cyber Systems Industry 4.0: a rapid transformation of industry the virtual world of information technology, the physical world of machines, and the Internet have become one Benefits • Improved machine intelligence • More automated processes and real-time self-monitoring • Optimized performance and improved flexibility and speed • Enabling more individualized products • Efficient and scalable production
SCADA vs. DCS • Supervisory control and data acquisition (SCADA) System: a system of software and hardware elements that allows industrial organizations to: • Monitor, collect, process and log data in real-time • Control industrial processes at local or remote sites • Interact with sensors and actuators through human-machine interface (HMI) • https://youtu.be/QvdUnFzTcnY • DCS ("Distributed Control Systems”): providing sophisticated analog (e.g. loop) control capability • https://electrical-engineering-portal.com/scada-dcs-plc-rtu-smart-instrument SCADA and DCS started As separate systems but have grown together
Sensors Types of sensors: • Pressure sensors, differential pressure sensors • Water level sensors, depth sensors, flow meters • Temperature sensors • Light sensors • Humidity sensors • Wind speed sensors • Sand sensors • Distance sensors
Actuators Types of actuators: • Valves • Pumps • Motors • Air compressors and blowers; • Mixers • Other machinery • Types of alarms: • Good alarms • Critical failure alarms
RTU RTU – “Remote Terminal Unit” or “Remote Telemetry Units” • A standalone data acquisition and control unit • An electronic device with intelligent microprocessor • Request the field devices (e.g., sensors) for information • Control intelligent electronic device (IEDs) • Data/event logging and alarm handling • Individual RTU expandability: typically up to 200 analog and digital points
PLC PLC – Programmable Logic Controller • Industrial digital computer that replaced traditional relays • Used to implement SCADA RTU • Control manufacturing processes: assembly lines, smart devices Ease of programming and fault diagnosis Communication compatibilities Takes actions based on inputs https://youtu.be/qeBAz_XXUWs https://youtu.be/4EQtCSrKjLs
PLC References Ref: http://www.rtaautomation.com/iec61131-3/ PLC Training Simulator http://www.thelearningpit.com/plc/psim/psim.html i-TRiLOGI http://www.triplc.com/trilogi.htm EasyPLC http://www.nirtec.com/ http://www.dogwoodvalleypress.com/uploads/excerpts/03192005214421.pdf
Communication Communication systems • Switched Telephone Network • Wireless LAN • Cellular Network • Leased lines • Private Network (LAN/RS-485) • Internet • Wireless Communication systems • Radio modems
SCADA server SCADA server • Data logging • Analyzing data • Real-time decision maker • Asks RTU for information Historical/Safety/Redundant Server • Logs the data from the SCADA server and stores it as a backup, in case of a disaster
Vulnerabilities Each device is a potential entry point for a cyber attack While an insecure device may not be the ultimate target, it could provide the pivot point for an attack on a valuable asset elsewhere in the system Various vulnerable IoT devices (ranging from industrial controllers to personal webcams) have been reported by Shodan • The world's first search engine for Internet-connected devices • Shodan’s Industrial Control Systems • https://www.shodan.io/explore/category/industrial-control-systems
Increasing SCADA Attacks AT&T has logged a 458% increase in vulnerability scans of IoT devices in the last two years According to AT&T, just 10% of respondents to its survey are fully confident that their connected devices are secure All signs indicate that the first big IoT breach is just around the corner https://www.yumpu.com/en/document/view/55745950/the-ceos-guide-to-securing-the-internet-of-things
Cyber Attacks Examples in Engineering Systems Discussion on well known cyber attacks (5 minutes)
Cyber Attacks Examples in Engineering Systems Three Cyber Attacks that rocked Industrial Control Systems • https://cyware.com/news/3-cyber-attacks-that-rocked-industrial-control-systems-817fee48 Ukrainian Power Outage: • In December 2015, Prykarpattyaoblenergo, a power company located in western Ukraine suffered from a power outage that impacted large regional area including the regional capital Ivano-Frankivsk. • As per the investigations conducted later, the attack was carried out by hackers using BlackEnergy malware that exploited the macros in Microsoft Excel document. The bug was planted into company’s network using spam emails.
Cyber Attacks Examples in Engineering Systems New York Dam attack: • On 03/24/2016, an Iranian hacker was publicly accused by the officials of Department of Justice. • The Justice Department claimed Iran had attacked U.S. infrastructure online, by infiltrating the computerized controls of a New York Dam, heralding a new way of war on American soil. • Hackers broke into the command and control system of the dam in 2013, apparently through a cellular modem. • This signals the desire of some foreign nations to infect, and operate, US infrastructure. • Although the attack happened in 2013, it was only in 2016 that the cyber-attack was affirmed and attributed to the hackers in Iran.
Cyber Attacks Examples in Engineering Systems Operation Ghoul: • In August 2016, Kaspersky Labs unearthed a spear phishing campaign that was targeting industrial organizations in the Middle eastern countries. The series of attack under this spear phishing campaign were given the title “Operation Ghoul”. • The attack started with an email that appeared to be coming from a bank in UAE. It was a phishing email that was faking the credentials of the Emirate NBD bank. • The email was loaded with an infected attachment that contained HawkEye; a malware that would collect personal information through keystrokes, clipboard data etc. • As per Kaspersky Labs, at least 130 organizations were impacted by Operation Ghoul. The spread of targeted countries was from India to Spain.
Security vulnerabilities • Weak physical protection • Weak devices with limited computational power • Some devices might be antique • Remote devices are hard to upgrade • Challenge in password and key management • All traffic is on just one port • Few firewall options • Security for engineering cyber system is typically five to ten years behind
Security Vulnerability (I) • Engineering cyber systems are often physically distributed over large areas, making physical security a challenge • Discussion on easy access of various engineering cyber systems • Distributed power supple systems • Water supply systems • Transportation systems • Agriculture systems
Security Vulnerability (II) Industrial cyber devices with embedded controllers tend to have limited computational power • Protocols tend to be simple • Many sensor and control data are still transmitted in plaintext • Extremely limited protection against a variety of attacks such as spoofing, replay, and denial of service
Security Vulnerability (III) • Industrial plants tend to be in long life cycle • Ten to twenty year project lives are common • Much longer than a typical personal computer (including smartphones) and enterprise computing devices (such as servers and workstations) • The industrial instruments may become virtual antiques by the time the facility is finally decommissioned • Difficult to patch or upgrade industrial devices in the way of maintaining our personal or office computers • Leaving opportunities to exploit vulnerabilities over time
Security Vulnerability (IV) Many industrial devices use simple and shared passwords • The simple devices and the need for quick access and control • “Do you know the password to turn off the irrigation system? I forgot mine …” Passwords are often the same for different devices • Large volume of devices • Very difficult to manage different passwords for different devices Passwords for devices are not changed very often (if at all), even when operators have changed Accountability is poor
Security Vulnerability (IV) Discuss poor password • What password are strong • Test the strength of your password kaspersky password check: https://www.kaspersky.com/blog/password-check/
Security Vulnerability (IV) Advanced authentication methods • Simple static passwords • Two-factor authentication • Digital certificates • Biometrics Providing the ability for users to authenticate an device and managing multiple users of a single device Authentication in engineering cyber systems often are machine-to-machine based without any human intervention
Security Vulnerability (V) ‘MISCONCEPTION: “The industrial cyber system resides on a physically separate, standalone network.” -- Understanding SCADA System Security Vulnerabilities‘Most SCADA systems were originally built before and often separate from other corporate networks. As a result, IT managers typically operate on the assumption that these systems cannot be accessed through corporate networks or from remote access points. Unfortunately, this belief is usually fallacious.’ “Because SCADA devices with embedded controllers tend to have limited computational power, and were historically connected via low speed serial lines, SCADA protocols tend to be quite simple, with little or no protection against spoofing, replay attacks, or a variety of denial of service attacks”
Security Vulnerability (VI) Ransomware: • Common Ransomware – Accidentally downloaded to an engineering workstation and spreads to rest of system • Targeted Ransomware – Spear-phishing seeds a Remote Access Trojan (RAT) on an IT network, which is used to deliberately spread ransomware through an industrial system • Zero-Day Ransomware – Ransomware incorporating a zero-day Windows exploit spreads through IT/OT firewalls
Security Vulnerability (VII) Network security in engineering cyber system is challenging due to a wider range of protocols, standards, and device capabilities • Wifi — IEEE 802.11, IEEE 802.11 ah • Zigbee and Bluetooth Low Energy • WirelessHART • Z-Wave • RFID • LTE-A • LoRaWAN
Security Vulnerability (VIII) • Few firewall options SCADA-protocol aware firewall choices are very limited • Critical control traffic may be impacted by accidental congestion and malicious attacks in a best effort network Discuss example “Slammer worm crashed Ohio nuke plant network”
Security and Privacy • The good news is the underlying cybersecurity principles are well established • Much of what’s being faced in the engineering cyber world has already been well understood in the enterprise IT world • The fundamental challenge lies in how to implement them cost-effectively on resource-constrained and weakly protected IoT devices and make them scalable to a large number of IoT endpoints
Exercise 1 • Read the article entitled “Electric Grid Security and Resilience: Establishing a Baseline for Adversarial Threats”, https://www.energy.gov/sites/prod/files/2017/01/f34/Electric%20Grid%20Security%20and%20Resilience--Establishing%20a%20Baseline%20for%20Adversarial%20Threats.pdf • Questions:What are the major treats and risks in electrical grid systems?
Information Security Fascination with keeping information secure Need for protecting data is more pronounced than ever in the information era Techniques for data protection • Cryptography: process of designing systems to do this • Cryptanalysis: deals with breaking such systems • Cryptology: all-inclusive term for the study of communication over nonsecure channels, and related problems
Secure Communication Basic communication scenario Alice and Bob: both parties who want to communicate Eve: potential eavesdropper
Secure Communication • Alice wants to send a message, called the plaintext, to Bob • She encrypts it using a method prearranged with Bob • Usually, the encryption method is assumed to be known to Eve; what keeps the message secret is a key • Bob receives the encrypted message, called the ciphertcxt • He changes it back to the plaintext using a decryption key
Secure Communication Eve could have one of the following goals: • Read the message. • Find the key and thus read all messages encrypted with that key. • Corrupt Alice’s message into another message in such a way that Bob will think Alice sent the altered message. • Masquerade as Alice, and thus communicate with Bob even though Bob believes he is communicating with Alice. Passive attack: (1) and (2) — Oscar Active attack: (3) and (4) — Mallory We'll generally use only Eve, and assume she is as bad as the situation allows.
Possible Attacks Four main types of attacks: differ by the amounts of information Eve has available to her when trying to determine the key. • Ciphertext only: Eve has only a copy of the ciphertext. • Known plaintext: Eve has a copy of a ciphertext and the correspond ing plaintext. • Chosen plaintext: Eve gains temporary access to the encryption machine. She cannot open it to find the key; however, she can encrypt a large number of suitably chosen plaintexts and try to use the resulting ciphertexts to deduce the key. • Chosen ciphertext: Eve obtains temporary access to the decryption machine, uses it to “decrypt” several strings of symbols, and tries to use the results to deduce the key.
Possible Attacks Kerckhoffs’s principle: • One of the most important assumptions in modern cryptography • In assessing the security of a cryptosystem, one should always assume the enemy knows the method being used. • The enemy can obtain this information in many ways. For example, encryption/decryption machines can be captured and analyzed. Or people can defect or be captured. • The security of the system should therefore be based on the key and not on the obscurity of the algorithm used. • Consequently, we always assume that Eve has knowledge of the algorithm that is used to perform encryption.
Encryption Algorithms Symmetric key algorithms: • Encryption/decryption keys known to both Alice and Bob, and are often the same • All of the classical (pre-1970) cryptosystems are symmetric, as are the more recent Data Encryption Standard (DES) and Advanced Encryption Standard (AES).
Symmetric key communication • Two types of ciphers within symmetric key cryptography: stream ciphers and block ciphers • Stream ciphers: the data are fed into the algorithm in small pieces (bits or characters), and the output is produced in corresponding small pieces • Block ciphers: a block of input bits/bytes is accumulated and fed into the algorithm all at once, and the output is a block of bits/bytes. • Most modern ciphers are block ciphers — DES and AES, which was selected in the year 2000 by the National Institute for Standards and Technology as the replacement for DES
Encryption Algorithms Public key algorithms: • Introduced in the 1970s and revolutionized cryptography • Suppose Alice and Bob are hundreds of miles apart and have not agreed on a key to use • Cannot send key over open channels, and then encrypted with this key • Seems almost impossible — the amazing fact is that it has a solution • Encryption key is made public, but it is computationally infeasible to find the decryption key without information known only to Bob • The most popular implementation is RSA, which is based on the difficulty of factoring large integers. Other public key algorithms are ElGamal (based on the discrete log problem), NTRU (lattice based) and McEliece (based on error correcting codes).
public key communication A nonmathematical way to do public key communication • Bob sends Alice a box and an unlocked padlock. • Alice puts her message in the box, locks Bob’s lock on it, and sends the box back to Bob. • Of course, only Bob can open the box and read the message.
public key communication Rule of thumb: public key methods should not be used for encrypting large quantities of data
security of cryptographic algorithms Security of cryptographic algorithms is a difficult property to measure • Most algorithms employ keys, and the security of the algorithm can be measuredby how difficult it is to determine the key Brute force attack: try every possible key and see which ones yield meaningful decryptions • The length of the key directly determines how long it will take to search the entire key space. • If a key is 16 bits long, then there are 216 = 65536 possible keys • DES has a 56-bit key and thus has 256~ 7.2 x 10l6 possible keys • 100-bit key — need to try 1030 possibilities: suppose a computer try 109 keys/sec, it would take more than 3 x 1013 years
security of cryptographic algorithms The algorithm itself also plays a critical role: • Some algorithms might be attacked by means other than brute force • Some algorithms just don’t make efficient use of their keys’ bits. • One of the easily breakable cryptosystems is the substitution cipher It has 26! ≈ 4 x 1026 keys. In contrast, DES has only 256 ≈ 7.2 x 1016 keys. A brute force attack is the last resort • Cryptanalysts always try to find an attack that is faster
Unbreakable cryptosystems Human ingenuity has led to creative attacks on cryptosystems • DES, after withstanding 20 years as a standard cryptosystem, ultimately cracked by a well-designed parallel computer • Quantum computing is underway, which could fundamentally alter the terrain of future cryptographic algorithms Is there any unbreakable cryptosystems? • Yes; there is a system, known as the one-time pad • But the expense of using a one-time pad is enormous • Requires exchanging a key that is as long as the plaintext • The key can only be used once
Cryptographic Applications C-I-A triad or the security triad (James P. Anderson’s essay on computer security) • Confidentiality: the ability of a system to ensure that an asset is viewed only by authorized parties • Integrity: the ability of a system to ensure that an asset is modified only by authorized parties • Availability: the ability of a system to ensure that an asset can be used by any authorized parties ISO 7498-2 adds to them two more properties • Authentication: the ability of a system to confirm the identity of a sender • Nonrepudiation or accountability: the ability of a system to confirm that a sender cannot convincingly deny having sent something