Security, privacy and the internet security
concerns of SCADA systems
Abstract:
Process control and SCADA systems, with their reliance
on proprietary networks and hardware, have long been considered immune to the
network attacks that have wreaked so much havoc on corporate information
systems. Unfortunately, new research indicates this complacency is misplaced –
the move to open standards such as Ethernet, TCP/IP and web technologies is
letting hackers take advantage of the control industry’s ignorance.
This document provides an overview of the
security weaknesses present in Supervisory Control and Data Acquisition (SCADA)
and other Process Control Systems, the potential impact of those weaknesses and
recommended steps for assessing and securing SCADA systems.
Keywords:
SCADA , Process Control System, Security,
Internet risks,
SCADA
(Supervisory Control And Data Acquisition) systems have been in use more than
30 years, and have become more advanced and complex as computer technology has
advanced. They are today vital for operating critical infrastructures, such as
electric power systems, traffic control and production. The development of SCADA system started before
the wide-spread use of Internet, in a period of time when the need for
IT-security mostly consisted of protecting the physical access to the computers
of the system. During the last ten years, the number of connections to SCADA
systems and the use of internet-based techniques have increased rapidly.
For a long time, good security for SCADA systems
meant limiting and securing the physical access to the network and the consoles
that controlled the systems. Engineers rationalized that if the systems were
suitably isolated from any physical entryways, and if access was limited to
authorized personnel only, the systems were fully secure and unlikely to be
compromised. This is no longer the case.
The increasingly networked and linked
infrastructure of modern SCADA systems has rendered those early security plans
obsolete. As companies have added new applications, remote access points and
links to other control systems, they have introduced serious online risks and
vulnerabilities that cannot be addressed by their physical control policies.
Often, these risks are underestimated due to the complexity of the network
architecture, the lack of formal network security guidelines and assumptions
about the privacy of the network. Organizations are now realizing the security
of these systems means more than physically separating the system and the
components they control and monitor.
SCADA Architectures, can
be seen as structure of many particular systems and
subsystems made up of a wide range of components and several different
communication protocols. SCADA is generally composed of three layers:
- Field Devices like: Remote Terminal Units
(RTU), Programmable Logic Controllers (PLC), Intelligent Electronic
Devices (IED), Programmable Automation Controller (PAC);
- Management systems to monitor and control
field equipment: Human Machine Interface (HMI) and SCADA Controller or
Real Time Processor;
- Communications devices and protocol like:
Ethernet, Wireless, Serial, Modbus, DNP3, ICCP, OCP
SCADA
systems are used to control and monitor physical processes, examples of which
are transmission of electricity, transportation of gas and oil in pipelines,
water distribution, traffic lights, and other systems used as the basis of
modern society. The security of these SCADA systems is important because
compromise or destruction of these systems would impact multiple areas of society
far removed from the original compromise. For example, a blackout caused by a
compromised electrical SCADA system would cause financial losses to all the
customers that received electricity from that source.
SCADA systems are found throughout the public utility
industry. As part of our national critical infrastructure, SCADA systems are
used to monitor, control and manage spatially separated utility sites. SCADA
systems are mirroring the rapid changes occurring in the larger information
technology (IT) and networking industry by becoming more flexible and at the
same time more interconnected.
For
vary long time CEO and security managers thanked that there was no credible
risk to SCADA systems from a network-based attack. For example Scott Berinato
in interview CIO Magazine sad: “Most
public utilities rely on a highly customized SCADA system. No two are the same,
so hacking them requires specific knowledge”.
Historically
most industrial control systems (ICS) and supervisory control and data
acquisition (SCADA) systems were in separated networks not connected to the
Internet or any other network. Unfortunately this security through segregation
approach does not fully protect against cyber attacks.
If
networks are truly segregated, this would mean that there would be no software
updates installed, leaving old vulnerabilities open. With the increasing desire
for connectivity now reaching industrial plants, many operators have started to
connect their SCADA to the Internet. New adapters can bridge to older technology
which was never intended to be controlled over the Internet, allowing it to be
connected easily. This allows for efficient centralized monitoring and, to some
extent, remote control of equipment.
Throughout the years, SCADA developers
realized that they could gain enormous cost savings by utilizing standard
operating systems instead of proprietary devices. Today’s current PCS systems
now use UNIX or Windows as the basis for all the systems in the control
centers. These operating systems are even embedded within certain field devices
today. Additionally, developers realized that organizations could leverage the
bandwidth provided on the larger data networks and, therefore, updated all of
the field bus protocols to be encapsulated over standard TCP/IP protocols. The
organizations then discovered that they could provide greater levels of service
to their customers by integrating the control systems networks with their
corporate networks, as all of the networks and protocols have become
standardized. Standardizing the PCS systems has now opened them to the same IT
security challenges that have plagued other IT systems for years.
Merging
of common IT technologies (internet, www, FTP, email) and industrial controls
technology sac as SCADA open many security vulnerabilities. Without adequate protection sabotage attacks
that damage equipment are definitely possible, as has already been demonstrated
by Stuxnet or Slammer Worm infiltration. Clearly the merging of common
information technologies such as Ethernet, Windows and Web Services into
industrial controls technology has removed the dubious protective barrier of “security
by obscurity”.
As a
consequence, SCADA systems are now being exposed to threats and vulnerabilities
they have never been exposed to before, and to a much greater extent than
earlier. In addition, conventional security solutions are not always applicable
to SCADA systems, since performance and availability requirements differ for
administrative IT systems and SCADA systems.
There
is obviously some security risk faced by industrial control systems and, as
difficult as it is to estimate, we still need to understand it. We can’t ignore
the risk and yet we also can’t afford the infinite cost of perfect security.
Sound business practice requires that we balance off the cost of measures to
mitigate a risk, with the potential cost of an event occurring. To do so we
need to understand the variables at play in defining the cyber security risk
for an industrial facility.
The Internet and the demands of
connectivity and convenience to access the control systems found in critical
infrastructures have ushered newly discovered vulnerabilities that have been
exploited by internal and external threats. These vulnerabilities of control
systems could be exposed by even novice hackers through the use of
non-sophisticated tools found on the Internet. These insecurities have been
perpetuated by technology staff and even educators who are themselves unaware
of the potential risks and consequences.
The nation's critical infrastructure finds
itself increasingly vulnerable to internal and external threats. One of the
most neglected aspects of critical infrastructure is the security of control
systems, leading to very dangerous weaknesses that could be exposed by even
novice cyberterrorists. These insecurities are perpetuated by technology staff
and even educators who are themselves unaware of the potential threats and
their remedies.
Described here are real dangers,
demonstrated by simulating on several international conferences dealing with security of
SCADA systems. one of which is
shown in
CanSecWest Conference detailing how to attack embedded
operating systems in used routers, printers and cell phones. These same
embedded operating systems are used in modern SCADA and controls equipment.
These presentations indicate that the hacking community is beginning to develop
both the interest and the technical expertise to deliberately attack control
systems.
The ACM/IEEE clearly identifies security as a
major concern among emerging trends in the discipline. Although the model is characterized as
interdisciplinary, it is mostly slanted towards the managerial and public
policy aspects of the systems
SCADA building blocks
Typically
SCADA systems include the following components:
- Instruments in the field or in a facility
that sense conditions such as pH, temperature, pressure, power level and
flow rate.
- Operating equipment such as pumps,
valves, conveyors and substation breakers that can be controlled by
energizing actuators or relays.
- Local processors that communicate with
the site’s instruments and operating equipment. These local processors can
have some or all or the following roles:
- Collecting
instrument data
- Turning on and
off operating equipment based on internal programmed logic or based on
remote commands sent by human operators or computers
- Translating
protocols so different controllers, instruments and equipment can
communicate, and
- Identifying
alarm conditions Local processors go by several different names including
Programmable Logic Controller (PLC), Remote Terminal Unit (RTU),
Intelligent Electronic Device (IED) and Process Automation Controller
(PAC). A single local processor may be responsible for dozens of inputs
from instruments and outputs to operating equipment.
- Short range communications between the
local processors and the instruments and operating equipment. These
relatively short cables or wireless connections carry analog and discrete
signals using electrical characteristics such as voltage and current, or
using other established industrial communications protocols.
- Host computers that act as the central
point of monitoring and control. The host computer is where a human
operator can supervise the process, receive alarms, review data and
exercise control. In some cases the host computer has logic programmed
into it to provide control over the local processors. In other cases it is
just an interface between the human operator and the local processors.
Other roles for the host computer are storing the database and generating
reports. The host computer may be known as the Master Terminal Unit (MTU),
the SCADA Server, or a personal computer (PC) with Human Machine Interface
(HMI) software. The host computer hardware is often but not necessarily a
standard PC.
- Long range communications between the local
processors and host computers. This communication typically covers miles using
methods such as leased phone lines, satellite, microwave, cellular packet data,
and frame relay.
For illustrate the
networked SCADA system we use example of ETSA electric utility company in South
Australia witch covers more than 70,000 square miles of terrain. It
incorporates 25,000 physical I/O points and in excess of 100,000 tags. The system
monitors daily data for current, temperature, power variables, load shedding
systems and fire alarms, reducing the response time for dealing with anomalies
and faults.
Changing threat sources
A study by the FBI and the Computer Security
Institute on Cybercrime, released in 2000 found that 71% of security breaches
were carried out by insiders. Externally
generated incidents account for 70% of all events, in 2003 year, indicating a
surprising and significant change in threat source. (Same year Deloitte & Touche’s annual Global
Security Survey finds that 90% of security breaches originate from outside the
company, rather than from rogue employees.) Today more than 90% of targeted
attacks come from internet. Regardless of the reasons, the threat sources are
moving from internal to external and this needs to be taken into consideration
in the risk assessment process.
Before
global changing threat sources and
merging of common IT technologies with SCADA echnologies the control
system was a target of opportunity rather than a target of choice. Ones some
managers see opportunity (ease access
and low risk) and benefits, industrial espionage jump from real to cyber world.
The
number of targeted cyberattacks in general has risen in the past few years. In
addition to this, the rate of attack exposure has also risen, with more
companies becoming aware of attacks, expecting them and searching for
indications of compromise. It is not a new phenomenon, but its importance has
grown.
Industrial
security analysis
It is
widely accepted in industrial security analysis that the security risk faced by
an organization is a function of the both the Likelihood of Successful Attack (LAS) against an asset and the Consequence (C) of such an attack.
The second variable, Consequence,
while highly site specific, is generally the easiest to get an understanding
of. Often it can be estimated in terms of financial loss, acute health effects
or environmental impacts; concepts well understood from years of safety
analysis of hazardous processes.
Estimating the Likelihood of Successful Attack is
far more difficult. According to the American Institute of Chemical Engineers’
guidelines it is a function of three additional variables:
·
Threat (T): Any indication, circumstance, or
event with the potential to cause the loss of,or damage to an asset.
·
Vulnerabilities (V): Any weakness that can be
exploited by an adversary to gain access to an asset.
·
Target Attractiveness (AT): An estimate of the
value of a target to an adversary.
These terms are more difficult to
estimate, particular with respect to cyber security.
We
need to continuously monitor the risk variables to determine if they are
changing. To be effective from both a technical and cost perspective, our
mitigation response must adapt to changes in Threats, Vulnerabilities or Target
Attractiveness. First two of these variables are changing rapidly and demand attention,
as well as, the consequences of successful attacks are not insignificant and
importance of them rapidly grown.
The threat exposure has increased further by
the common practice of linking SCADA networks to business networks. Intentional
security threats to SCADA systems can be grouped as follows:
- Malware – Like any IT system, SCADA systems
are potentially vulnerable to viruses, worms, trojans and spyware.
- Insider – The disgruntled worker who knows the
system can be one of the largest threats. The insider may be motivated to
damage or disrupt the SCADA system or the utility’s physical system. An insider
may also attempt to illicitly gain higher privileges for convenience sake.
Bored or inquisitive Operators may inadvertently create problems. [SCADA
engineers may make errors that bring down the system.]
- Hacker – Here the individual is an outsider
who may be interested in probing, intruding, or controlling a system because of
the challenge. Another possibility is modifying data related to rate
generation.
- Terrorist – This is the threat that
distinguishes critical infrastructure systems from most IT systems. A terrorist
is likely to want to either disable the SCADA system to disrupt monitoring and
control capability, take control of the SCADA system to feed false values to
the operators or to use the control system to degrade service or possibly
damage the physical critical infrastructure system. Based on evidence collected
in Afghanistan, Al Qaeda had a “high level of interest” in DCS and SCADA
devices. In addition to interest, Al Qaeda presumably has appropriately skilled
members, for example it was also reported that Khalid Sheikh Mohammed, their
arrested operations chief, was an engineering student in North Carolina who
later worked in the water industry in the Middle East.
The first three types of threats can
also be characterized as a commercial threat.
Commercial threat (we like to call them,
because by their nature are intended
acquisition and achievement of benefits that an attacker made a successful attack
on the SCADA system) are the tools of modern
management and industrial espionage, while the last
type of threat refers
to threats to public and national security, and as such is considered a
terrorist threat.
The Backdoor into the Plant control and SCADA system on the site
If the
threats are becoming increasingly external, then this begs the question, “How
are they getting in?” While Internet connections maybe the obvious source, it
isn’t the only one. For example, database records show that the Slammer Worm
had at least four different infiltration paths in the control systems it
impacted:
1.
The
Davis-Besse nuclear power plant process computer and safety parameter display
systems via a contractor’s T1 line;
2.
A
power SCADA system via a VPN;
3.
A
petroleum control system via a laptop;
4.
A
paper machine HMI via a dial-up modem.
To answer this question, the study
team analyzed the “Point of Entry” data for each of the incidents in the database.
The incidents were divided into two groups, namely internal incidents and
external incidents.
For
the internal incident, the business network is the major source. Direct
physical access to the equipment was also significant. For the external event,
the Internet was a major source, but dial-up connections, VPNs, networks,
wireless systems and 3rd party connections were all contributors. The obvious
conclusion is that there are many routes into a system as complex as a modern
SCADA or control system. Focusing on a single intrusion point with a single
solution (such as the Internet firewall) is likely to miss many possible attack
points.
Wide spread
infrastructure is common in modern SCADA systems bat it provide many additional
entry points and possible backdoors witch can not be defended by centralize
firewall solutions. Possibility that someone use additional entry point is
inherent attribute for modern SCADA networks and has to have been taken for
consideration as significant security risk.
Vulnerabilities
of SCADA system
There are many threat vectors to
a modern SCADA system. One is the threat of unauthorized access to the control
software, whether it be human access or changes induced intentionally or
accidentally by virus infections and other software threats residing on the
control host machine.
One of the reasons for the increased of vulnerability SCADA security solutions
is that there are a number of manufacturers, and within the industry itself does not have clear standards and protocols that devices and
systems must meet.
Here we can see that
it is already in third place is
not so well known manufacturer which indicates that a good part of the SCADA device connects
to the Internet via devices whose security features are not available, or are insufficient.
In the field of industrial protocols are
dominant S7 protocol and Modbus. With both
types of protocols used in the operation. the
fact that uses standard TCP
/ IP Protocol
enables use standard hacking tools to attack
the system. On the other hand, can not turn
off or disable the standard
TCP / protocol
because in this case we would not have
the basic functionality of the control (or at least did
not provide central control and
management from a single location).
Another is the threat of packet
access to the network segments hosting SCADA devices. In many cases, the
control protocol lacks any form of cryptographic security, allowing an attacker
to control a SCADA device by sending commands over a network. In many cases
SCADA users have assumed that having a VPN offered sufficient protection,
unaware that security can be trivially bypassed with physical access to SCADA related
network jacks and switches.
Consider
an organization with a public-key infrastructure (PKI) system used to provide X.509
certificates to employees. It will need support staff to maintain the PKI
servers, address user software issues, maintain the network infrastructure, and
develop and implement policy-and-practices documents. Laboratory operational
experience shows that one support staff is required for approximately 1,000
user certificates. Consider a utility with 5.5 million smart meters. If
similar ratios apply to smart-meter certificates, maintaining the PKI
environment would require 500 staff! No utility can support this requirement.
That SCADA is not
only non-resistant to cyber attacks says
the discovery of the functional limits of the system. In April 2008, the Commission to
Assess the Threat to the United States from Electromagnetic Pulse (EMP) Attack
issued a Critical Infrastructures Report which discussed the extreme
vulnerability of SCADA systems to an electromagnetic pulse (EMP) event. After
testing and analysis, the Commission concluded: "SCADA systems are
vulnerable to EMP insult. The large numbers and widespread reliance on such
systems by all of the Nation’s critical infrastructures represent a systemic
threat to their continued operation following an EMP event. Additionally, the
necessity to reboot, repair, or replace large numbers of geographically widely
dispersed systems will considerably impede the Nation’s recovery from such an
assault“. Although it is not a
lack of security this
knowledge opens up many
opportunities to hackers, for so-called
hardware attack, which would ultimately have to
have exactly the same effect on
the security of SCADA systems
Cyber
Security comparison
between IT networks and SCADA system
IT staff takes care
of the security of computer
networks for a long time and is
well-trained for this task.
Also proved through
the results. Therefore, the logical question is why we can not apply the techniques and tools, as well as the knowledge developed in the IT sector?
The answer could lie in the different nature of these two types of networks as well as in their topology.
We can apply standard IT tools and
techniques due to the following major differences of these two types of network environments. Computer networks deal primarily with data protection (when he
allowed any action in order to preserve data
privacy: system reboot, wipe
data, and on and
off the network). On the other
hand the control function performed by SCADA network control site (or plants) and can not be shut down
or restarted because
they are very sensitive as well
as processes to manage. Also vulnerability scanning is not possible to
SCADA systems because
of the nature of control networks
and devices.
Even when we discover vulnerabilities
controllers must be
upgraded one at a
time, it is often necessary to
send them to suppliers for
this. SCADA devices
must often operate for several years without
stopping and upgrading security fixes. Especially because the expected duration
of the SCADA system is
significantly longer than the IT
equipment.
Is an
additional reason why
we can not apply standard IT tools lies in the redistribution of devices and their mutual correlation.
Like redistributed SCADA system
must meet the required level of access to authorized personnel which is only
possible with the appropriate interface to m device and remotely. Due to the specificity of this technical solution software such as antivirus
and firewall developed
for IT sector have
limited or no effect, so it is necessary to move on to specialized solutions specifically
developed for this area.
Hardware attacks
One way to attack that
is now often undermining
the hardware attack
on computers and SCADA devices. What are
the possibilities of this type of attack and how he is likely best
be seen from the lectures (delivered at Infiltrate 2013 and
NoSuchCon 2013) Hardware attacks, advanced ARM Exploitation, and
Android hacking (Stephen A. Ridley #5193)
they want to show the possibilities security protection, monitoring and theft data on any
integrated technology similar to computer (In
principle, this applies to all
have a system which consists of processors, working
memory and of components for their
electronic communications that can be applied (with
modifications) to mobile telephony, home automation,
BMS,
SCADA system and robotic systems open type).
What's lecture (and
experiments that have preceded him) clearly demonstrated that not only the technology
but also the security threats have moved to "Post
PC" world. And
that we are now in the "Post
PC" threat environment.
Based on the presented technique hardware attacks
are based on the fact that many of the electronic components used in the manufacture of computer or "PC
like" systems (which are already integrated on
the board and / or processor is not used)
and that could be
used to set embedded OS to function the
monitoring and spying
operation of the device. The steps that are implemented
hardware attack would
be as follows:
- Find free element on the
board (the part that is not used),
or in cases where it is possible find free
pins and attach
them to your own
piece of hardware so it does not look doubt, but
as it is an integral part of the device. In the latter case, all functions and
interception of communication on this additional
device that is required for
reliable operation and low power consumption))
- Develop emended OS based
on unused components.
Sniffing contents of memory and the CPU performs the
OS (as well as communication,
ie sending data
on HTTP or
FTP location in
native mode so
that the device does not notice.
This is possible because
most processors allows operation in several
working modes (simultaneously
or through time
sharing), which means that it is possible to make your
computer or SCADA
device that acts
as two independent devices
that also work "sharing"
pieces of hardware in a manner similar to that
for virtualization.
- Interpret parts sniff content.
Often, in this
step, there is a need for a reverse-engineered and / or identifying
the content. For this
it uses sown
hardware and / or
software that reads the contents of assembler or machine language and translates
it.
To make the hardware
attack was good it
is recommended to use native
code that already exists, as well
as specially written gadgets that connect to
afford a higher level of code
that is used as inserted embedded OS.
Software attacks (hacking) SCADA
system
Modern civilization
unconditionally depends on information systems. It is paradoxical but true that
ICS/SCADA systems are the most insecure systems in the world. From network to
application, SCADA is full of configuration issues and vulnerabilities.
Options for attackers during software attacks on SCADA
systems are numerous
and are based mostly on exactly the same protocol
being used and the standard PCs
(ftp, http, www,
NetBIOS, LANtastic, telnet ...) as well as
the weaknesses of
specialized software as Siemens WinCC. The
possibilities of this kind of attack on the aforementioned conference
showed "SCADA Strange Love," a group of enthusiasts.
During the demonstration used the following tools:
Siemens WinCC decryptor, plcscan for S7 and Modbus as THC Hydra. The former
are used for finding and identification of the device while the last is used
in the sense of finding passwords on the target device.
During report, scada
strangelove was demonstrated how to
obtain full access to a plant (or industrial network on site) via: a sniffer
and a packet generator FTP and Telnet Metasploit and oslq a webserver and a
browser. About 20 new vulnerabilities in common SCADA systems including Simatic
WinCC was revealed. Also, modbuspatrol (mbpatrol) free tool
to discover and fingerprint PLC Simatic WinCC security checklist Simatic
WinCC forensic checklist and tools close to real life attack scenario of a
Simatic WinCC based plan.
During the presentation it was shown that the standard
network environment, the time
required for identification
and targeted attack no more than three minutes.
Of course this depends
on the strength brut force
devices that are used in the demonstration. It should be noted that the attack by brute force and today represents
one of the dominant types of attacks on SCADA systems.
One of the things that often gets overlooked when it comes to connecting industrial
and control networks with computer networks and the Internet is that the traffic that they provide and
the moment you connect to the internet and the
internet will connect to you. This means that
the internet has a lot of scans and sniffer
tools to listen to the traffic and check
any new IP address
(where it is located, what type
of transportation used, how the traffic is protected
/ encrypted, which
protocols are used and what kind of gateway and
the Is there a firewall
or not).
Industrial protocols
are usually in use
are Modbus,
DNP3, IEC104, MMS,
S7,
Profinet DCP. Fault
Tolerant Ethernet protocol allows native broadcast
to identify all
components. In particular
attack was used to "map # '(systematic
component of Siemens S7, available for both Linux
and Windows environments,
runs from a computer which we attack).
After that was done scanning the internal segment
of the counter 102 to determine whether
the port is open for traffic and when he
received a positive response with hydra attacker
was able to learn the necessary username and
password. (most of the tools used in the attack was executed in the Pyton
environment, therefore non-existent as a
dedicated program that can be
downloaded from the Internet).
Especially worrying also presented an
opportunity to circumvent the security
barriers and to lower
user account can
circumvent the protection and / or increase their
hierarchical rank or relatively low
ranking to manage system-level
administrator or SuperUser,
which is also presented.
Targeted attacks
and incident information
For a long
time in the professional community can heard rumors and speculation about how
the internet infrastructure and classical hacker skills using for attack on industrial
computers and networks. The aims of these cyber-attacks are quite different
from the "classical“ type of attack, which is related to computers, networks
and databases. The primary goal of these attacks in most cases it is actively
listening to the competition, so stealing of intellectual property in terms of
the parameters of used industrial process, recipes, secret technology and the similarly, and for early detection of new products, and only
rarely preventing production deliberate destruction and / or industrial accident.
Most analysts in the field agree that the long-term benefits of covert
listening are much larger than those that could be achieved by preventing or
delaying one-off production. Of course there are exceptions, mainly when it
comes to high-tech and potentially dangerous technologies and weapons
production. One such exception is that
this issue has brought to face the wider professional community and it is
certainly Stuxnet.
According to Edward Snowden Stuxnet was created by United States and Israeli
agencies to attack Iran's nuclear facilities. Stuxnet initially spreads via
Microsoft Windows, and targets Siemens industrial control systems. While it is
not the first time that hackers have targeted industrial systems, nor the first
publicly known intentional act of cyber warfare to be implemented, it is the
first discovered malware that spies on and subverts industrial systems, and the
first to include a programmable logic controller (PLC) rootkit.
Michael Joseph about Stuxnet wrote that his appearance is act of
“Declaration of Cyber-War” also reputation of Stuxnet on the Vanity Fair, can be descried by
following words: ”One of the great technical blockbusters in malware history.”
On 1 June 2012, an article in The New York Times said that Stuxnet is
part of a U.S. and Israeli intelligence operation called "Operation
Olympic Games", started under President George W. Bush and expanded under
President Barack Obama.
Snowden claims of NSA involvement in industrial espionage
comes after recent revelations that the NSA set up the software to nearly
100,000 computers around the world which enables control over these computers
and digital opens the way for cyber-attacks. Software NSA (known also as the
Quantum) was set up in most cases, as has been achieved access to computer
networks , but the secret NSA uses technology that enables input and computers
that are not connected to the Internet , as the New York Times who has written
about this, citing the leaked NSA, confirmed U.S. officials and computer
experts. In his denial of the allegations made NSA insisted that the NSA
activities focused exclusively on foreign targets and in response to intelligence
requirements. NSA spokesman Wayne Vains on this occasion, the Times said that
"the NSA does not use intelligence capabilities for theft of trade secrets
by foreign companies on behalf of U.S. companies to enhance their
competitiveness in the international market and increase their profits".
Yet the question remains if it does not work and the
NSA or CIA what prevents private companies and investors to criminalize this
technology once it hit the market. Benefits that can be achieved are multiple
and range of distortion of competition and active surveillance to the end range
of industrial espionage and reaching for industrial secrets and procedures. A
particular problem could be the possibility of remote monitoring of development
labs and stealing industrial secrets before they are the parent company of the
protection of the patent right. According to the previous legal practice to be
a potential victim of an attack in a situation that these knowledge cannot be used, and
producer cannot exploiting the technology and products that has developed
itself and produced for next 40
years.
Although it is quite difficult to give precise details about
the attacks on SCADA systems because in
most cases are not publicly available,
we tried to name the most important.
This difficulty is largely because we have little reliable historical or
statistical data to work with.
On this paper we summarizes the incident information
collected in the BCIT Industrial Security Incident Database (ISID) with data
publish in Symantec Security Response
and describes a number of events that directly impacted process control
systems and identifies the lessons that can be learned from these security
events. There are number of well documented cyber-related incidents such as the
Slammer Worm infiltration of an Ohio Nuclear plant and several power utilities
and the wireless attack on a sewage SCADA system in Queensland Australia.
The British Columbia Institute of Technology (BCIT) maintains
an industrial cyber security incident database,
designed to track incidents of a cyber security nature that directly affect
industrial control systems and processes. This includes events such as
accidental cyber-related incidents, as well deliberate events such as external
hacks, Denial of Service (DoS) attacks, and virus/worm infiltrations.
For
this database data is collected through research into publicly known incidents
and from private reporting by member companies that wish to have access to the
database. Each incident is investigated and then rated according to reliability
on a scale of 1 to 4 (1=Confirmed, 2=Likely but Unconfirmed, 3=Unlikely or
Unknown, 4=Hoax/Urban Legend). After primary analysis these, incidents flagged
as hoax/urban legend, are removing from the study data, leaving events of sufficient
quality for statistical analysis. Number of incident reported in database
indicates that number of successful attacks is much bigger than collected data
(typical incident database collects less than one in ten of the actual events)
witch make security issue more significant.
History
of discovered attacks witch we presented
are combined from BCIT Industrial Security Incident Database (ISID), and By Symantec SECURITY
RESPONSE, “Targeted Attacks Against the Energy Sector”, publish January 2014. Discovered
attacks and malicious software respectively are:
- Code Red While Code Red was not the first non-email based worm,
it appears to be the first to have had significant penetration into industrial
systems.
- Maroochy
Shire Council incident The
reliable function of SCADA systems in our modern infrastructure may be crucial
to public health and safety. As such, attacks on these systems may directly or
indirectly threaten public health and safety. Such an attack has already
occurred, carried out on Maroochy Shire Council's sewage control system in
Queensland, Australia. Shortly after a contractor installed a SCADA
system in January
2000, system components began to function erratically. Pumps did not run when
needed and alarms were not reported. The
attack was motivated by revenge on the part of Mr. Boden after he failed to
secure a job with the Maroochy Shire Council. The Maroochy Water Services case
has been cited around the world as an example of the damage that could occur if
SCADA systems are not secured
- Trojan attack to Russian pipeline According to Russian officials, the largest natural
gas extraction company in the country was successfully attacked in 2000. The
attackers used a Trojan to gain access to the control for the gas pipelines.
Through this switchboard, the flow for individual gas pipelines could have been
modified, which would easily have caused widespread disruption.
- Slammer Worm incident Increasing interconnection of critical systems has
created interdependencies we haven’t been aware of in the past. As the Slammer
Worm incident documented by the North American Electric Reliability Council
illustrates, Internet incidents can indirectly impact a system that doesn’t use
the Internet at all. In this case the power utility used frame relay for its
SCADA network, believing it to be secure. Unfortunately the frame relay
provider utilized a common Asynchronous Transfer Mode (ATM) system throughout
its network backbone for a variety of its services, including commercial
Internet traffic and the SCADA frame relay traffic. The ATM bandwidth became overwhelmed
by the worm, blocking SCADA traffic to substations.
- Blackout, power
facilities failure During the August 25,
2003 power outage in North America, more than 100 power plants were shut down,
affecting 50 million people in the U.S. and Canada. Also, it led to the closure of ten major
airports and the New York City subway system. This emphasizes the need to
protect SCADA systems, especially from targeted cyber attacks. Afther 9/11
importance of securing SCADA systems when the terrorist threat level is high. A
major concern is malicious actors gaining remote access to substations at
various points in power grid, and then launching large-scale attacks throughout
the infrastructure.
In 2008, Tom Donahue, a senior Central Intelligence
Agency (CIA) official told a meeting of utility company representatives that
cyberattacks had taken out power equipment in multiple cities outside the
United States. In some cases the attacker tried to extort money from the energy
companies, threatening them with further blackouts.
Operation Night Dragon, which was uncovered in 2010,
is a typical example of global oil companies being targeted, but this time not
with the aim of disruption in mind. The attacks started in late 2009 and were
directed at finding project details and financial information about oil and gas
field exploration and bids.
In August 2012 an extremely destructive
cyber attack hit an estimated 30,000 computers at one of the largest oil producers
of the world in Saudi Arabia. The W32.Disttrack malware
used in this attack, also known as Shamoon, consists of three components: a
dropper, a wiper and a reporter module.
This
malware does not contain any payload against ICS, like Stuxnet does for PLCs,
and is not as
sophisticated.
According to the oil producers company, no computer related with the production
or distribution of oil was affected, since the operational network is separated
and specially protected.
In the second half of 2012, the energy sector was the
second most targeted with 16 percent of all the targeted attacks. This strong
increase was mainly due to a large scale attack against one global oil company.
In the first half of 2013, the energy sector was ranked fifth with 7.6 percent
of all attacks focused on this sector. In general we have observed that
attackers are becoming more efficient and focusing on smaller operations that
attract less attention.
In 2013 part of the Austrian and German power grid
nearly broke down after a control command was accidentally misdirected. It is
believed that a status request command packet, which was broadcast from a German
gas company as a test for their newly installed network branch, found its way
into the systems of the Austrian energy power control and monitoring network.
Once there, the message generated thousands of reply messages, which generated
even more data packages, which in turn flooded the control network. To stop
this self-inflicted DDoS attack, part of the monitoring and control network had
to be isolated and disconnected. Fortunately the situation was resolved without
any power outages.
Attacker’s motivation
and origin
According
by Symantec Security Response there are many different motivations witch drives
attackers. As we see from history documented attacks,
there are many different groups of attackers operating in this field. These
attacks cannot be attributed to only one group or geographical region. We have
seen individuals, competitors, hacktivist (hackers) groups and possible state
sponsored agents carrying out attacks against manufactures companies. Attack
also, can be motivated by revenge of
unhappy employee or people near the site (as answer on pollution or as activity
of some “green movement” organization). Disgruntled employees are also a source of attacks that should not
be underestimated. With their knowhow about internal critical processes and
systems they often know how to inflict serious damage. They may be able to
perform system modifications that could go unnoticed for a long periods.
Some of the attacks have been purely opportunistic, seeking any
valuable information available. Other campaigns look like they were planned
over a lengthy period and carried out methodically with a clear goal in mind. The
attackers tend to go after valuable information, including process information,
recipes energy consumption or pollution). This information can be of great
value to competitors or nations that want to make progress in the same field.
Another motivation for attackers is to profit from the information stolen by
blackmailing the company. The same information can be used to carry out
sabotage attacks designed to stop or cancel productions on site (where SCADA
system operate). A competitor might be interested in generating bad press and
bad customer experience for a rival company, in order to win some new clients.
For
illustration, we will mention that is in January 2013 a group claiming to be
related to Anonymous posted access details for what they said were Israeli
SCADA systems for power plants and other systems. Meanwhile, “Operation Save
the Arctic” targeted multiple oil companies around the globe in protest against
drilling plans in the Arctic.
What can you
learn (spying) monitoring SCADA system?
There are many myths about what can be
achieved attacks on SCADA systems. One
of the myths refers to the possibility that active monitoring SCADA system can
find business and technology secrets such as recipes,
parts of the process as well as the
entire industrial process. Is this possible? To
answer this question, we had to make
a few experiments in the laboratory environment, which showed the following:
- There is no possibility of knowing the technology or trade secrets to
those manufacturers that
produce cars, planes, metal
structures, and even furniture
because the SCADA
system and transmit
such information (this information is on the graphics workstation designers and / or CNC
machines and flexible manufacturing cells). These data can at best be seen as metadata. The most you should find in the
case of a successful attack striker revealed it
would be to use the energy or internal transport system.
- The processing
and food industry the situation is drastically different (especially if the attack comes from within). All out the necessary data are processed
or SCADA system
(can be found in the form of
XML or text
files, or can be saved
as separate projects, which is not difficult to "read" using identical devices). This certainly opens
the door to industrial espionage,
because it is theoretically possible
to find out the parameters of
an industrial process or
the use of techniques such as
reversible engineering or technology of
rooms restored to the required level and utilitarian. That
is why necessary
to SCADA systems in these industries are protected.
- In the case of power plants only as much as possible to find out the current information
on the operation of the system. These systems are not attacked for listening
to the competition, but mainly
to slow down or shut down the productions, or prior to the case of a
terrorist attack than industrial
espionage.
The Consequences of Industrial Cyber Attack
Assessing
the consequences of industrial cyber attack is not simply a case of assigning a
financial value to an incident. Although there are obvious direct impacts which
may be easily quantifiable financially (e.g. loss of production or damage to
plant), other consequences may be less obvious.
For most companies the impact on reputation is
probably far more significant than merely the cost of a production outage. The
impacts of health, safety or environmental incidents could be highly
detrimental to a company's brand image. Even impacts such as minor regulatory contraventions
may in turn affect a company's reputation, and threaten their licence to
operate. (This is very likely if companies operates in site of interested by Green pace or any other
environment organization and hide some negative impact on site and this
information comes to public by targeted attacks on process control system or
SCADA). Lack of reputation can be fatal for any food producer if hacking SCADA
system be proved that specification or process is not as producer claim (putt
additive, or skip technology requirements as it noted in specification or marketing).
For
most of the incidents the victims are
unable (or unwilling) to provide a financial measure of the impact of the
industrial cyber attack in fact only 30% have been able to provide such an
estimate, but according to security
officers in the field we can estimate to no less than 1M$ per attacks.
More
intriguing question is possibility of steeling intellectual property of company
such as: production technology, new product design or secret recopis witch give
company competitive adventive or visible look.
One
more, potentially, more significant, is the nature of the impacts of the
attack. 41% reported loss of production while 29% reported a loss of ability to
view or control the plant. Fortunately human impacts have been small with only
one unconfirmed (and possibly unreliable) report of loss of life. Overall the
reported incidents clearly show that the most likely consequences of industrial
cyber attack are loss of view of, or ability to control, the process.
The
likely impact of being unable to view or control the process or system is an
increased reliance on emergency and safety systems. Traditionally these systems
have been totally independent of the main control system and generally
considered 'bullet proof'. However, mirroring the trend in the design of the main
control systems, these emergency systems are also becoming based on standard IT
technologies (such as TCP/IP). They are increasingly being connected to or
combined with the main control system, increasing the potential risk of common
mode failure of both the main control system and the safety systems. Consequently,
in the future, the systemic risks of cyber attack need to be considered in the
design of not just the control systems, but also the safety systems.
If
anything the situation is likely to get worse. The hacking community is
becoming increasingly aware of SCADA and process systems and is beginning to
focus their attention on them.
Safety standards and recommendations
One of the consequences of each security incident is certainly the establishment of policies and procedures as it would not be repeated. Whether it's a providing guidance or standards formation, it is necessary to analyze information about the incident and put them in some sort of guidance for end-users. For this reason industrial control vendors suggest approaching SCADA security like Information Security with a „defense in depth strategy“ that leverages common IT practice. Information Security following commonly referenced ISO security standards:
- ISO/IEC 27002:2005 (Code of Practice for Information Security Management);[15]
- ISO/IEC 13335 (IT Security Management), ISO/IEC 13335 was initially a Technical Report (TR) before becoming a full ISO/IEC standard. It consists of a series of guidelines for technical security control measures;
- COBIT, The Control Objectives for Information and related Technology (COBIT) is “a control framework that links IT initiatives to business requirements, organises IT activities into a generally accepted process model, identifies the major IT resources to be leveraged and defines the management control objectives to be considered;
- ITIL (OR ISO/IEC 20000 SERIES), The Information Technology Infrastructure Library (ITIL) is a collection of best practices in IT service management (ITSM), and focuses on the service processes of IT and considers the central role of the user.
Further since the beginning of the new millennium, the need for treating Information Security for EPUs has become more evident among utilities, vendors, consultants, standardization bodies, and regulatory bodies around the globe. For example, this has been stressed within Cigré, where two main working groups on information security have been launched: JWG B3/C2/D2 and WG D2.22. The list of organizations that publish documents on how to secure SCADA systems include: American Gas Association (AGA) , the National Institute of Standards and Technology (NIST), Centre for the Protection of National Infrastructure (CPNI), International Electrotechnical Commission (IEC), the North American Electric Reliability Corporation (NERC) and IEEE.
Some users like North American electric power grid[16] are complex system with vulnerabilities and challenges. Numerous challenges will arise with the integration of cyber and physical systems, along with such factors as human behavior, commercial interests, regulatory policy, and even political elements. Some challenges will be quite similar to those of traditional networks, but involving more complex interactions. They consider four areas in this section.
- Trust;For control systems, we define trust as our confidence that, during some specific interval, the appropriate user is accessing accurate data created by the right device at the expected location at the proper time, communicated using the expected protocol, and the data hasn’t been modified.Many people view the grid’s control systems as operating in an environment of implicit trust, which has influenced design decisions. If some participants aren’t trustworthy, new methods of addressing this beyond existing monitoring approaches might be required.
- Communication and Device Security
- Privacy
- Requirements for Effective Cybersecurity Solutions; Among the traditional cybersecurity properties of confidentiality, integrity, and availability, availability usually gets highest priority when it comes to power. This is largely because the cyber infrastructure manages continuous power flow in the physical infrastructure and must therefore have high availability. Making sure power is available when needed is more important to most users than making sure that information about power flows is confidential. Developers must consider efficiency and scalability;Developers must include adaptability and evolve ability.
US report (autor:Mark Clayton),
on web portal http://www.csmonitor.com,
2011, published article:
„America's power grid too vulnerable to cyberattack“, in which said: “The North American Electric Reliability Corp.
(NERC), the lead grid-reliability organization for the power industry, has had
approved standards in place since January 2008. Power companies were to have
fully implemented those "critical infrastructure protection" (CIP)
cyberstandards a year ago, but the standards still aren't doing an effective
job, the inspector general's audit found.“ This led to another consequence of cyber attacks
on SCADA system was the establishment of special national bodies
/ agencies for
its aim to increase the security of SCADA systems that are already in
use, and faster responses to
threats to their security. One of these is
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) wich works
to reduce risks within and across all critical infrastructure by partnering
with law enforcement agencies and the intelligence community and coordinating
efforts among Federal, state, local, and tribal governments and control systems
owners, operators, and vendors. This body is part of the Department of Homeland Security
USA and collaborates with international and private sector
Computer Emergency Response Teams (CERTs) to share control systems-related
security incidents and mitigation measures. Similar bodies have been established in other technologically advanced countries.
Methods for assessing vulnerability
and risk
Expensive solution and specialized personnel in the area of security to protect SCADA
systems can be replaced
by outsourcing from these areas. One such economically
cost-effective solution is one which provides organization
SCADAStrangeLove.org that allows the use of their industrial security
scanner (available online) and test your working
environment. With this end-user
of SCADA system receives adequate security assessment of risks, and the
maximum level of security at an
affordable price. Given the magnitude of the current economic crisis as well as problems with
providing finance for new investments, this type of solution represents
the optimum business efforts for all small manufacturing organizations are not able to invest heavily
in new production and control equipment.Due to the high costs of
small and medium-sized manufacturing organizations that use of SCADA systems could
in the future move to a service model (based
on web services)
management of security risks, especially when it
comes to of SCADA systems.
Security
Strategies that Work On the Plant Floor
As we have already seen perimeter defence strategy will not protect against problems
that occure inside plant network. Defence in depth is security strategy that
works. ISA 99
Zones and Conduits standard make it simple to implement defence in depth in
control networks.
One of the proven
strategies to protect SCADA systems (certainly
the most widely used) is a defense
in depth. This strategy is based on the application of ISA 99 standards that
define zones and devices
that belong to them as well as
connections between them (type of devices and type of traffic to be exchanged, as well as data). When using this
standard we establish zones
whom devices belong,
as well as where and
for what purpose they can be accessed
it, is possible to use specialized tools for protection
(such as “Tofino Secure
Asset Management LSM“) that will
enable the improvement of protection against LAN hacker attacks and internet attacks.
Although the mentioned
protection systems are still quite expensive their use
is necessary in most business
organizations that manufacture (and its control) based
on the SCADA system.
The possibility to unauthorized personnel or competition and even terrorists to
come into a position to know the
parameters of the manufacturing process
and even run it,
leads to a potentially much larger problem.
That is why all the major manufacturers who now in
control of the process use
SCADA systems are
purchased and installed new
equipment and software to ensure safe and efficient
operation of the SCADA system.
However, since the cost of these solutions is still high, and as
such is inaccessible to most
manufacturers, all of the above disadvantages and vulnerabilities of SCADA technologies are still available to everyone, and someone (hackers) will surely use (to abuse)
Shaping IP Rights in
SCADA Systems to end user or owner of on site equipment
In
sense of security and safety operations on site facility by end user of SCADA
systems we need to mention one incising problem with intellectual property of
SCADA software. Today SCADA software undergo to intellectual properties rights
witch can become huge source of dispute and business problems. Problem can be
illustrated by necessary to shaping IP rights
to wind turbine owners after warranty period expires.
As the
sales of wind turbines increase, it is likely that the disputes between
suppliers and purchasers will also increase. Wind turbines encompass a variety
of tangible and intangible components, including the software necessary for
operations and maintenance. One contractual issue that turbine suppliers and
purchasers may dispute is what the supplier believes is proprietary
information, but the purchaser and now owner, believes is necessary to the
turbine operation and maintenance and to protect its investment after the
warranty period expires.
After the sale of a wind turbine,
but during the warranty period, the supplier is responsible for ensuring the
turbine is operating successfully and the purchaser of a wind turbine is often
provided access to the wind turbine data necessary for maintenance and
monitoring of systems.
This includes the software
licenses utilized by the supplier for remote monitoring, which is typically
referred to SCADA system. Consequently, when the warranty period expires, and
the supplier withholds the SCADA information, the purchaser is left in a bind.
Following
the expiration of a wind turbine’s warranty period, the purchaser of the
turbine should be granted unrestricted and full access to the SCADA system,
software, and access codes for automated control capabilities in order to
effectively and efficiently perform on-going maintenance and monitoring, to
resolve and restore turbine operations following fault conditions to ensure
wind turbines meet investment objectives, and comply with permits and grid
control requirements. However, some vendors was unwilling to provide you, or
another (operation and maintenance) company,
the information necessary to access the wind turbine software system.
And, without the access codes to the software, you were unable to use the wind
turbine.
In
these cases, the wind turbine purchaser is comparable to the vehicle owner. During
the warranty period, the purchaser is (1) granted a limited right to use the
software supplied; (2) provided access to the turbine data necessary for
maintaining and monitoring systems; and (3) provided access to the codes and
software licenses utilized by the supplier for performing services such as
remote monitoring and reports. If the turbine is not operating, or not
operating efficiently, the purchaser needs access to the SCADA system to
restore the turbine to peak operating conditions, and to ensure it’s meeting
the regulatory requirements for operating the turbine or the owner will lose
money on its investment.
This
situation, in which the purchaser of a wind turbine was merely granted a
non-exclusive license to use copyrighted SCADA software, is comparable doctrine
of patent exhaustion applies to the authorized sale of a components that
“substantially embody” a method patent and reaffirmed that “the right to vend
is exhausted by a single, unconditional sale, to end users.
The
sales of wind turbines as tangible products that incorporated method patents,
such as the SCADA software, should exhaust the wind turbine supplier’s patent
rights (or copyright) because the purchaser cannot practice the wind turbine,
nor does it function at all, until the wind turbines are combined with a
computer system. Thus, the wind turbines substantially embodied the SCADA
system software because they had no reasonable noninfringing use and included
all of the inventive aspects of the patented methods. Also, the SCADA license
should be comparable to the license of a method patent and patent exhaustion
should apply, even if the software is copyrighted. Here, the SCADA system
software is comparable to a method patent, and patent holders could avoid
exhaustion by using copyrights, when they should use patents to protect the
SCADA software.
Thus,
the patent exhaustion doctrine should apply, and the sale of the software in
the presumably patented wind turbine should exhaust the rights to the software,
even if it is protected under copyright law. The wind turbine supplier
certainly has the right to protect proprietary information, but it is the
purchaser who has the most to lose. The purchaser has a substantial investment
in the tangible wind turbine itself, and needs the ability to continue
operating and maintaining the turbine after the warranty period expires.
Without access to the necessary information, the purchaser might be unjustly
forced to continue its contract with the supplier.
The
patent exhaustion doctrine should be used for SCADA software purchased in
conjunction with a wind turbine, which will necessarily change the type of
enforcement of intellectual property rights available to companies for licenses
of SCADA software sold in conjunction with wind turbines.
This
situation with shaping IP rights and granted unrestricted and full access to
the SCADA system, software, and access codes for automated control capabilities
can also be security vulnerability witch put in risk
not only on site equipment but also all similar equipment of this vendor or
manufactures, because now owner or new maintenance operator have all necessary
data for unrestricted access to similar devices (same manufactures) on other
site. This is potentially huge and incising problem with no obvious solution,
and claim contribution on some national and international level in form of some
regulatory bodies.
Observations and Recommendations for users and suppliers
of SCADA system
The current situation can
be characterized as difficult situation with high stakes. Most
SCADA systems have all the vulnerabilities of IT systems plus a plethora of
their own software and hardware weaknesses. The transition to secure SCADA
systems will require two transformations. SCADA vendors will need to replace
their existing products with ones that are secure. SCADA system owners will
need to undergo a culture change that places security priorities on par with
operational priorities. The following support is needed in order to promote and
accelerate the successful transformation of vendors:
- SCADA system owners need to become vocal
in demanding secure products.
- Vendors must understand that security may
be a make-or-break factor for their enterprise. They should pursue both
product replacement and interim product retrofits.
- Government organizations need to continue
to fund SCADA security research.
- Protection Profiles such as those planned
by the PCSRF need to be developed.
- Once products are prototyped, access to
the National SCADA Test Bed provides a valuable proving ground and
potential credentials for marketing.
Some Conclusions for Industrial Cyber Security
Cyber espionage campaigns and sabotage attacks are
becoming increasingly common, with countless threat actors attempting to gain a
foothold in some of the best protected organizations. At this stage, roughly five
targeted attacks per day are being mounted on firms in the energy sector. These
attacks have become increasingly sophisticated, although the capabilities and
tactics used by these threat actors vary considerably.
Cybersecurity
and cyberwarefare are among two of the most important buzzwords that are
currently prevalent in the media. The national government recognizes the need
to address these critical issues. After all, in this modern age our very
lifestyles and well-being are dependent upon the preservation and sustenance of
cyberspace. One of the most effective ways to meet the challenges presented by
these issues is through education and training.
This
paper presented a review of SCADA system vulnerability
and risk
and some learning toolkits and described cost-effective way of equipping and /
or preparing for targeted attacks
and incident by presenting information necessary to understend cyber security risk in
SCADA system (or any other „PC like“ control sistem sach as BMS or smart
house).
There
is a clear shift in the source of cyber attacks on industrial control systems
(the Threats). Threats originating from outside an organization are likely to
have very different attack characteristics to internal threats. Thus companies may
need to reassess their security risk model and its assumptions. In addition,
the variation in the infiltration paths indicates a wide variety of
vulnerabilities available to the attacker. Considering the difficulty of
closing off all of these avenues, it would be wise to assume there will be
boundary breaches and harden the equipment and systems on the plant floor to
withstand possible attack. In effect, companies need to deploy a “defense in
depth” strategy, where there are multiple layers of protection, down to and
including the control device. Achieving a defense in depth solution for
industrial systems will require at least four steps.
On the
system design side, it is recommended that more internal zone defenses and more
intrusion detection be deployed. Companies may also need to re-evaluate boundary
security in terms of all possible intrusion points and not just focus on the
obvious connections such as the business-process link. A single firewall between
the business network and control system network is likely to miss many
intrusions and will offer little security once the attacker is inside the
control system network.
From
the control system manufacturers’ side, SCADA and automation devices need to
undergo security robustness design and testing prior to deployment in the field.
SCADA & control protocols should also be improved to include security
features. Currently most devices appear to be highly vulnerable to even minor attacks
and have no authentication/authorization mechanisms to prevent rogue control.
In the
new era many educatrs provide Trainer Kit and E-Learning Online SCADA Training
package advertises that the user can use the supplied SCADA software to create
screens and objects and then test the design through varios security scenario
and simulation. This can be use for training and education for preparing
personal for posible cyber attacks.
Today more and more insistence
that company networks move to cloud solutions
could further complicate things if vendors
are not willing to offer the services that offer protected by
default, as well as all supporting
communication between SCADA devices, HMI
and PC. This
could be done in a similar
way in which today offers its services Google +. (Google https
connections are based on the idea that provider to offer an important and distinctive value-added).
The next big thing in the field of SCADA security
will certainly be related to the smart home and /
or management of energy networks. As these
devices are specific to the protocol being used and the HMI applied techniques of security of SCADA systems will have to be further adjusted. Reason among others lies in
the increasing use of the Android
OS for smart devices. Also complicated and expensive protection systems simply cannot be applied to objects for living -
buildings, houses, or individual units.
Participation of national security agencies
and the emergence of increasingly
frequent arrests of industrial
spies in high-income countries support the fact that the area of espionage very much present
and is present in the modern world.
Protection of intellectual property is
becoming increasingly difficult and
she was out the necessary systemic approach if we
want to keep our secret recipes, processes and manufacturing
secrets. The high cost of this type of protection
is often an aggravating factor for its implementation. Companies with low budgets, these
types of security measures seem unattainable, and
even unnecessary, but that it
allows for the continuation of production. Also it prevents all
kinds of unpleasant of surprises
that might come from competition from anywhere in the world, instantly and completely
unexpected. Therefore, what is necessary to do everything to protect our technological
process and industrial control networks. In Serbia, tight
budgets and staffing characterize most companies. It may be worth considering
government grant programs to help with the transition to the next generation of
protection of SCADA systems. In doing so it
is necessary to avoid all known historical errors
that the system had in its development and do it in an economically
and technically the cheapest most effective way.
Explanations, in the order appearing
Today it is common to all
systems for data acquisition,
telemetry, and remote
management of industrial and energy facilities, viewed
as part of the SCADA system, or rather as
a form of SCADA system.
This paradigm can also be applied to Distributed Control Systems (DCS), Industrial
Control Systems (ICS) and Process Control Systems (PCS) as subsystem of SCADA. (Programmable
Logic Controllers (PLCs) are a very popular and powerful controller. They are
used in many of today’s industries, hospitals, shopping centers, and amusement
parks. They not only perform control functions for an automated system but can
also exchange information with other controllers or PCs. Similar to PLCs,
remote terminal units (RTUs) can also perform control functions and exchange
information. SCADA system is used to monitor and supervise an overall process
being implemented by individual automated systems.)
Smart-Grid Security Issues by John Steven,
Gunnar Peterson, Deborah A. Frincke, 2010
Modbus is a serial communications protocol originally
published by Modicon
(now Schneider Electric) in 1979 for use with its programmable logic controllers
(PLCs). Simple and robust, it has since become a de facto standard
communication protocol, and it is now a commonly available means of connecting
industrial electronic devices
Siemens
S7, also known as SIMATIC S7 are the global benchmark for modular PLC controllers.
SIMATIC S7 automation platform covers
automation need: programmable logic controllers covering a wide range of
performance, complete units, in which the operator panel is already included,
PC-based control, external control and monitoring solutions and communication
networks.
Stuxnet is a
computer worm that was discovered in June 2010. It was designed to attack
industrial Programmable Logic Controllers or PLCs. PLCs allow the automation of
electromechanical processes such as those used to control machinery on factory
assembly lines, amusement rides, or (most infamously) centrifuges for
separating nuclear material. Exploiting four zero-day flaws, Stuxnet functions
by targeting machines using the Microsoft Windows operating system and
networks, then seeking out Siemens Step7 software. Stuxnet reportedly
compromised Iranian PLCs, collecting information on industrial systems and
causing the fast-spinning centrifuges to tear themselves apart. Stuxnet’s
design and architecture are not domain-specific and it could be tailored as a
platform for attacking modern SCADA and PLC systems (e.g. in the automobile or
power plants), the majority of which rely in Europe, Japan and the US.
The data collected includes: Incident Title, Date of
Incident, Reliability of Report, Type of Incident (e.g. Accident, Virus, etc.),
Industry (e.g. Petroleum, Automotive, etc.), Entry Point (Internet, Wireless,
Modem, etc.), Perpetrator, Type of System and Hardware Impacted, Brief
Description of Incident, Impact on Company, Measures to Prevent Reoccurrence
and References
Discovered
attacks from BCIT Industrial Security Incident Database (ISID)
Lessons learned from the Maroochy water
breach by Jill Slay and Michael Miller, Australian
Computer Crime and Security Survey
Discovered
attacks By Symantec SECURITY RESPONSE, “Targeted Attacks Against the Energy
Sector”, publish January 2014
Discovered
attacks from BCIT Industrial Security Incident Database (ISID), ibidem
Discovered
attacks By Symantec SECURITY RESPONSE, “Targeted Attacks Against the Energy
Sector”, publish January 2014, ibidem
The
Tofino Industrial Security Solution is an international company engaged in cyber cecurity for SCADA and
industrial control systems. Presented solution
represents the latest technology and security solutions in
the security of SCADA systems. More
information is available at:
http://www.tofinosecurity.com/
IP rights
–intellectual properties rights
Precedent can be
wiev in Supreme
Court’s Quanta Computer opinion
[http://www.greenpatentblog.com/wp-content/ uploads/2012/12/Quantaopinion.pdf]
International Journal of
Information & Network Security (IJINS) Vol.1
No.4, October 2012, pp. 265~274 ISSN: 2089-3299, descried and presented some portable SCADA Security Toolkits. Also, on
video lecture Hardware Attacks, Advanced ARM Exploitation, and Android Hacking,
ibidem.
