Cyber Security of SCADA Systems Testbed Development May1013 Group Members: Ben Kregel Justin Fitzpatrick Michael Higdon Rafi Adnan Adviser: Dr. Manimaran.

Slides:

Advertisements

Similar presentations

Team Dec13_11: Cole Hoven Jared Pixley Derek Reiser Rick Sutton Adviser/Client: Prof. Manimaran Govindarasu Graduate Assistant: Aditya Ashok PowerCyber.

Advertisements

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Copyright (c) 2008, All Rights Reserved. Iowa State University G. Manimaran & Chen-Ching LiuCPS-Energy Workshop-2009Page  1 SCADA control network.

Physical and Cyber Attacks1. 2 Inspirational Quote Country in which there are precipitous cliffs with torrents running between, deep natural hollows,

Upgrading Remote Access to the Analog Model Power System Amrit Dahal Ryan Litzko Client: Dr. Brian Johnson, ECE Dept. ECE 544: Control Systems and Critical.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Personnel hours$10,000-$12,000 Hardware Virtualization Server(?)$3000-$10,000 SIPROTEC 4 7SJ61 Relay s$0 SCALANCE S612 Security.

K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.

A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.

Cyber Security of SCADA Systems Testbed Testbed Development Group Members: Justin Fitzpatrick Rafi Adnan Michael Higdon Ben Kregel Adviser: Dr. Manimaran.

1 Kyung Hee University Prof. Choong Seon HONG Network Control.

K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

11 SECURITY TEMPLATES AND PLANNING Chapter 7. Chapter 7: SECURITY TEMPLATES AND PLANNING2 OVERVIEW  Understand the uses of security templates  Explain.

1 ● Plant Automation Security Review of Cyber Security Attack at Maroochy Water Services ● Bradley Yager ● National Business Development Manager – Telemetry.

Summary Device protocols tied intimately to applications. A need to significantly reduce critical data update times. Current network bandwidth consumption.

IT Infrastructure Chap 1: Definition

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

Click anywhere to continue Click here to go back Presented by Sam Sciacca – Working Group C1 Chair Substations C0 Subcommittee IEEE Standard for Substation.

WebCast 5 May 2003 Proposed NERC Cyber Security Standard Presentation to IT Standing Committee Stuart Brindley, IMO May 26, 2003.

CIP 2015 Smart Grid Vulnerability Assessment Using National Testbed Networks IHAB DARWISHOBINNA IGBETAREQ SAADAWI.

Louisiana Tech Capstone Submitted by Capstone 2010 Cyber Security Situational Awareness System.

CONTENTS: 1.Abstract. 2.Objective. 3.Block diagram. 4.Methodology. 5.Advantages and Disadvantages. 6.Applications. 7.Conclusion.

Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.

TS workshop 2004U. Epting, M.C. Morodo Testa - TS department1 Improving Industrial Process Control Systems Security Uwe Epting (TS/CSE) Maria Carmen Morodo.

IS3220 Information Technology Infrastructure Security

Network Requirements Analysis CPIT 375 Data Network Designing and Evaluation.

ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

EMerge Status Report COIT September 18, Description Deploy a Human Resources Information System using a secure and robust technical platform for.

SCADA NETWORK SECURITY BY LICET 4-AUG-12.

Advancing National Wireless Capability Date: March 22, 2016 Wireless Test Bed & Wireless National User Facility Paul Titus Department Manager, Communications.

SCADA Supervisory Control And Data Acquisition Pantech Solutions Here is the key to learn more.

Artificial Intelligence In Power System Author Doshi Pratik H.Darakh Bharat P.

Lessons Learned Implementing an IEC based Microgrid Power-Management System October 12, 2015 Presented by: Jared Mraz, P.E.

Lab #2 NET332 By Asma AlOsaimi.

CompTIA Security+ Study Guide (SY0-401)

CSCE 548 Student Presentation By Manasa Suthram

Critical Security Controls

Agenda Control systems defined

Products/Solutions/Expertise of C-DAC Mumbai in Smart City Domain

EAS Lessons Learned Summary

Software and Systems Integration

Project Management Processes

Project Management Managing Project Execution

How SCADA Systems Work?.

Advanced Threat Protection

Detection and Analysis of Threats to the Energy Sector (DATES)

the CERN Electrical network protection system

Introduction to Networking

NERC CIP Implementation – Lessons Learned and Path Forward

Cyber Security of SCADA Systems

CompTIA Security+ Study Guide (SY0-401)

Outline Introduction Switchgear Modeling in IEC 61850

Audit Plan Michelangelo Collura, Folake Stella Alabede, Felice Walden, Matthew Zimmerman.

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

NERC Cyber Security Standard

Control Systems Security Working Group Report

Project Management Processes

REMOTE POWER MONITORING OF MARINE SITES

Nenad Stefanovic and Danijela Milosevic

Wenyu Ren, Timothy Yardley, Klara Nahrstedt

Automation Committee Workshop Presentation 3

M.Eng. Alessandro Mancuso Supervisor: Dr. Piotr Żebrowski

Cyber Security of SCADA Systems Remote Terminal Units (RTU)

Security in SDR & cognitive radio

Presentation transcript:

Cyber Security of SCADA Systems Testbed Development May1013 Group Members: Ben Kregel Justin Fitzpatrick Michael Higdon Rafi Adnan Adviser: Dr. Manimaran

What is SCADA? Supervisory Control and Data Acquisition ► Use in critical infrastructures, utilities ► Sensing, decision making and control associated with real-time operation

WWW Sensor 1 Sensor 2 RTU 1 RTU 2 Scalance Host 1Host Control Center Scalance Substation 2Substation 1 SCADA Network Topology

Problem & Solution ► Problem  Significantly dated SCADA systems  Security concerns in the past  Security risks in today’s internet age  Open to attacks from the outside ► Solution  Design and implementation of SCADA test beds for use in security evaluation, testing and simulations.

► The National SCADA Test Bed (NSTB) with DOE  Primary goals: ► Industry awareness and collaboration ► Developing solutions and risk mitigation strategies ► Developing intelligent, inherently secure and dependable control systems and infrastructures ► National standards and guidelines for secure control systems ► Research goals geared toward answering and satisfying the problem and need statement of this project as well as industry needs. Project Need

► FR01. Establish an operational SCADA test bed. ► FR02. Incorporate security features into the SCADA test bed. ► FR03. Integrate a live resistive current load ► FR04. Conduct simulations and analysis on the test bed. ► FR05. Conduct attack scenarios for the test bed. Functional Requirements

► NFR01. Users shall be able to try to hack into the system with any means necessary. ► NFR02. Users shall be able to run software with no problems. ► NFR03. Users shall be able to change settings on relays for testing. ► NFR04. The software shall be updated by Siemens. ► NFR05. All our research shall be fully documented. ► NFR06. Maintain proper communication between network hardware. Non-Functional Requirements

► Develop system software fluency  Individual program operations ► Develop SCADA test bed  Establish functionality between all devices  Incorporate security practices ► Integrate hardware simulation  Develop a simulated load  Configure current protection methods  Manual control and telemetry from control center ► Cyber security evaluation and testing Goals

► Complete report on the simulation system used ► Reports on vulnerabilities from attack simulations ► Documentation on how to reproduce and combat said vulnerabilities Deliverables

► Personnel  Research and development dependent project  High level of software and device complexity  Extremely high learning curve for the software ► Software and Facilities  Software programs provided by Siemens  Teleconferencing session with representatives from Siemens  Necessary training and skills  Efficient operation of the software ► Assistance of two grad students  Test bed setup  Security testing Resource Requirements

Schedule ► Establish a software model  Substations and generation  October 2009 ► Integrate hardware into software  Establish a full test bed  December 2009 ► Test vulnerabilities and holes in system  Fixing broken elements of the system  Jan-May 2010

Project Schedule

Work Breakdown

Risks ► Lack of proper training:  SCADA test bed operation is crucial  Proper software and device training  Training sessions ► Malfunctioning software or test bed equipment:  Sensitive and expensive devices  Improper use could result in breakdown  Corruption in the system database  Nature of our work is to test the vulnerability of the system  Being careful not to damage any of the equipment

Implementation

► Control Center ► Remote Terminal Unit (RTU) ► Sensors High Level Components

WWW Sensor 1 Sensor 2 RTU 1 RTU 2 Scalance Host 1Host Control Center Scalance Substation 2Substation 1 SCADA Network Topology

Functional Testing ► Progressive testing of the SCADA system  Separate “phases” ► Remotely open and close a circuit breaker ► Integrate a resistive load ► Observe real-time current on the system ► Over-current tripping on the relays

WWW Sensor 1 Sensor 2 RTU 1 RTU 2 Scalance Host 1Host Control Center Scalance Substation 2Substation 1 SCADA Network Topology

Control Center  Spectrum Power TG  Managing databases  Establishing communications  Monitoring current or voltage levels, trip breakers.  Analog telemetry from relays  Binary statuses for breakers

WWW Sensor 1 Sensor 2 RTU 1 RTU 2 Scalance Host 1Host Control Center Scalance Substation 2Substation 1 SCADA Network Topology

► Point-to-point data protection between SCALANCE cells ► Real-time data encryption ► Remote access through gateways SCALANCE

WWW Sensor 1 Sensor 2 RTU 1 RTU 2 Scalance Host 1Host Control Center Scalance Substation 2Substation 1 SCADA Network Topology

► SICAM PAS (Power Automation System) ► Operates between the control center and sensory relay devices ► Responsible for interpreting sensory data and communicating this data to a control center Remote Terminal Units (RTU)

WWW Sensor 1 Sensor 2 RTU 1 RTU 2 Scalance Host 1Host Control Center Scalance Substation 2Substation 1 SCADA Network Topology

► Siemens DIGSI 4 ► Sensor components at remote substations ► Measure and capture real-time transient current data ► Act as a circuit-breaker and trip in the event of over-current Relays

Security Testing ► Nmap  Port scanning  Communication Port ► Wireshark  Packet capture  DNP 3.0 Protocol  Relay Open/Close request packet ► Attack Development  Disrupt operation of SCADA system

Security Testing ► Disrupt communication between the control center and the remote substations ► ARP poisoning  Man-in-the-Middle attack  Filtered out original command requests  Replicated commands from the control center but the relay reported no change in the status of the circuit ► Results  Successfully filters command request  Control center command lockout

Accomplishments ► Attack-defense testing and impact analysis: 1.Successful setup and configuration of our SCADA network 2.Incorporation of SCALANCE devices in VPN mode 3.Remote control of relay circuit breakers 4.Integration of an actual resistive load 5.Implementation of circuit breaker tripping in the event of an over- current detection 6.Compromising the operation of the SCADA system 1. Denial of Service attacks 2. Man-in-the-Middle attacks

Conclusions & Lessons Learned ► Scope of the project  Simple attacks  Local SCADA network ► Possibility of more sophisticated attacks ► Better understanding and management of the software and devices  More efficient operation of the system  Allows for more in-depth security evaluations

Discussion