slide1
Download
Skip this Video
Download Presentation
SCADA Security

Loading in 2 Seconds...

play fullscreen
1 / 25

SCADA Security - PowerPoint PPT Presentation


  • 272 Views
  • Uploaded on

SCADA Security. Prepared for SECA XVI Conference Brooklyn Park, Minnesota October 9, 2000 Prepared by Jeff Dagle Pacific Northwest National Laboratory Richland, Washington (509) 375-3629 [email protected] Outline. Context: Current Trends in Industry Information Technology

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'SCADA Security' - farren


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1
SCADA Security

Prepared for

SECA XVI Conference

Brooklyn Park, Minnesota

October 9, 2000

Prepared by

Jeff Dagle

Pacific Northwest National Laboratory

Richland, Washington

(509) 375-3629

[email protected]

outline
Outline
  • Context: Current Trends in Industry
    • Information Technology
    • Implications of Restructuring
  • Federal Perspective
    • Critical Infrastructure Protection Initiative
    • DOE Vulnerability Assessment Activity
  • SCADA Security
    • Trends and Implications
    • Vulnerability Demonstration
    • Mitigation Strategies
information technology trends
Risk

Dependency

Information Technology Trends
  • Increasing:
    • enterprise dependence on IT
    • connectivity and standardization
    • access to information assets
    • dependencies on other infrastructures
  • Role of the Internet
    • E-Biz projected increase from $8B (‘97) to $320B (‘02)
    • Utility E-Biz projection: $2B (‘97) to $10B (‘02)
  • Information technologies are becoming inseparable from the core business of businesses
information technology anecdotes
Information Technology Anecdotes

Hacker Trends

  • First computer virus conceived in 1987 -- today there are 30,000 (10 more each day)
  • Hacker software and sophistication increasing exponentially
  • More than 1/2 of the 50 largest banks report significant

network attacks in ‘98

  • Gas/electric utility reports over 100,000 scans per month
  • Distributed denial of service attacks against e-commerce sites

Response

  • FBI computer caseload: 200 cases to 800 cases in last two years -- number of cases now agent limited
  • IT security gaining increased attention in auditing, insurance and underwriting communities
  • $1.6 trillion forecast world wide to deal with cyber challenges. $6.7 billion in first 5 days of response to “I Love You”
information age threat spectrum
Info Warrior

Reduce U.S. Decision Space, Strategic Advantage, Chaos, Target Damage

National

Security

Threats

National

Intelligence

Information for Political, Military, Economic Advantage

Terrorist

Visibility, Publicity, Chaos, Political Change

Shared

Threats

Industrial

Espionage

Competitive Advantage

Intimidation

Organized Crime

Revenge, Retribution, Financial Gain, Institutional Change

Institutional

Hacker

Monetary Gain

Thrill, Challenge, Prestige

Local

Threats

Recreational Hacker

Thrill, Challenge

Information Age Threat Spectrum
energy incidents and anecdotes
Energy Incidents and Anecdotes
  • DOE database reports 20,000 attacks on lines, substations, and power plants from 1987 to 1996 – many attacks continue
  • 1997 San Francisco outage – probably an insider
  • June 1999 Bellingham pipeline explosion accompanied by SCADA failure
  • Belgium & US (Mudge) hackers threaten to shut down electric grid (Fall ‘99)
  • Hacker controls Gazprom natural gas in Russia (Spring 2000)
  • Potential plot to attack nuclear plant during Sydney Olympics
trends restructuring
Trends - Restructuring
  • Industry downsizing
    • 20% or more reductions of staff over last five years
    • Physical and IT security implications – “Doing more with less”
  • Mergers
    • Increased 4x between 1990 and 1997
    • Keeping staff trained and updated
    • New business & players
  • Open access and open architecture systems
    • Mandated by regulation
    • Maintainability and low cost – security implications?
outline8
Outline
  • Context: Current Trends in Industry
    • Information Technology
    • Implications of Restructuring
  • Federal Perspective
    • Critical Infrastructure Protection Initiative
    • DOE Vulnerability Assessment Activity
  • SCADA Security
    • Trends and Implications
    • Vulnerability Demonstration
    • Mitigation Strategies
slide10
July 1996 - President’s Commission on Critical Infrastructure Protection (PCCIP)

October 1997 - PCCIP report (Critical Foundations: Protecting America’s Infrastructures)

“Waiting for disaster is a dangerous strategy. Now is the time to act to protect our future.”

May 1998 - Presidential Decision Directive 63: Policy on Critical Infrastructure Protection

National Action

“Certain national infrastructures are so vital that their incapacitation or destruction would have a debilitating impact on the defense or economic security of the United States”

slide11
National Organizational Structure

Proposed by Critical Infrastructure Protection PDD

Policy & Program Management

Crisis Management

EOP

President

National Security Advisor

National Infrastructure Assurance Council

OSTP

(R&D)

National Coordinator

Critical Infrastructure Assurance Office

DoD/DOC

Special Function Agencies

Critical Infrastructure Coordinating Group

SECTOR

LEAD AGENCY

Financial Services

Dept. of Treasury

DOJ

Law Enforcement

DoD

National Defense

Transportation

Dept. of Transportation

Private Sector

CIA

Intelligence

DOS

Foreign Affairs

Dept. of Energy

Electric, Gas & Oil

Information Sharing and Analysis Center

Information/Comms

Dept. of Commerce

National Infrastructure Protection Center

Law Enforcement

Dept. of Justice

Continuity of Gov’t.

FEMA

Fire

FEMA

Emerg. Health Svcs.

HHS

Legend

Water

EPA

New Organization

slide12
The Department of Energy’s Infrastructure Assurance Outreach Program (IAOP)

Energy Infrastructures

  • Utilize DOE expertise to assist in enhancing energy infrastructure security.
    • Awareness - vulnerabilities & risks
    • Assistance - assessment to identify and correct vulnerabilities
    • Partnership- teaming with industry to collectively advance critical infrastructure protection
  • Voluntary participation conducted under strict terms of confidentiality

Electric power

Oil

Natural Gas

iaop scope
IAOP Scope
  • IAOP Assessments:
    • Electric power infrastructure (started in FY 1998)
      • Primarily cyber, includes physical security and risk management
      • Approximately 10 electric utilities received voluntary assessments
    • Natural gas (started in FY 2000)
      • Physical and cyber
    • Expertise from multiple national laboratories and other Federal agencies
    • Assessment, not audit
  • IAOP Outreach
    • Conferences, meetings, information sharing
    • Support industry groups (NERC, NPC, EPRI, …)
    • Engagement with other Federal agencies (FBI, NSA, NRC ...)
project outline
Project Outline
  • Task I - Project Planning & Pre-Assessment
      • Project Planning and Scoping
      • Pre-Assessment -- Critical asset definition
  • Task II - Assessment
      • Threat Environment
      • Network Architecture
      • Network Penetration
      • Physical Security, Operations Security
      • Administrative Policies, Procedures
      • Energy System Influence
      • Risk Analysis
  • Optional Task III - Methodology & Prudent Practices
      • Methodology Handbook
      • Prudent Practices
      • Awareness (Closed forums and workshops)
risk management spectrum of action
Armored

Resilient

Manage Crisis

Deterence

Prevention

Restoration

Mitigation

Risk ManagementSpectrum of Action
outline16
Outline
  • Context: Current Trends in Industry
    • Information Technology
    • Implications of Restructuring
  • Federal Perspective
    • Critical Infrastructure Protection Initiative
    • DOE Vulnerability Assessment Activity
  • SCADA Security
    • Trends and Implications
    • Vulnerability Demonstration
    • Mitigation Strategies
scada trends
SCADA Trends
  • Open protocols
    • Open industry standard protocols are replacing vendor-specific proprietary communication protocols
  • Interconnected to other systems
    • Connections to business and administrative networks to obtain productivity improvements and mandated open access information sharing
  • Reliance on public information systems
    • Increasing use of public telecommunication systems and the internet for portions of the control system
scada concerns
SCADA Concerns
  • Integrity
    • Assuring valid data and control functions
    • Most important due to impact
  • Availability
    • Continuity of operations
    • Historically addressed with redundancy
  • Confidentiality
    • Protection from unauthorized access
    • Important for market value, not reliability
scada vulnerability demonstration
Operator

Interface

RTU Test Set

(Intruder)

SCADA Vulnerability Demonstration

Field Device

(RTU, IED or PLC)

operator interface
Operator Interface
  • Simulated display of electrical substation
  • Circuit breaker status information read from field device
scada message strings
SCADA Message Strings

Repeating easily

decipherable format

Captured by

RTU test set

attack scenarios
Attack Scenarios
  • Denial of service
    • Block operator’s ability to observe and/or respond to changing system conditions
  • Operator spoofing
    • Trick operator into taking imprudent action based on spurious or false signals
  • Direct manipulation of field devices
    • Send unauthorized control actions to field device(s)
  • Combinations of above
mitigation strategies
Mitigation Strategies
  • Security through obscurity
    • Poor defense against “structured adversary”
  • Isolated network
  • Communication encryption
    • Concerns over latency, reliability, interoperability
    • Vendors waiting for customer demand
  • Signal authentication
    • May provide good defense without the concerns associated with full signal encryption
value proposition
Expectations

The government and industry will collaboratively develop technologies consistent with shared infrastructure assurance objectives

Public sector funding necessary to initiate development of new technologies

Value Proposition
  • Industry
    • Proactive in protecting customers stockholder interests
    • Insights into vulnerability and risk assessment techniques
    • Due diligence
  • Government
    • Proactive in protecting public interests and national security
    • Insights into industry risk management perspectives
    • Facilitate long-term research and development, best practices
conclusions
Conclusions
  • SCADA is becoming more vulnerable
    • Standard, open protocols
    • Interconnected to other systems and networks
    • Industry in transition
  • Focus countermeasures to protect –
    • Integrity
    • Availability
    • Confidentiality
ad