Control System Security SCADA/DCS. By Chaiyakorn Apiwathanokul,, CISSP Chief Security Officer PTT ICT Solutions Company Limited

Transcription

1 Control System Security SCADA/DCS By Chaiyakorn Apiwathanokul,, CISSP Chief Security Officer PTT ICT Solutions Company Limited

2 Objectives To understand the current situation and threats against Control System To aware of being a target of terrorism as National Critical Infrastructure To create ICT security awareness To acknowledge the issues and concerns

3 What is Control System, SCADA and DCS? Control systems are computer are computer-based systems that are used by many infrastructures and industries to monitor and control sensitive processes and physical functions. Typically, control systems collect lect sensor measurements and operational data from the field, process and display this information, and relay control commands to local or remote equipment. There are two primary types of Control Systems. Distributed Control Systems (DCS) typically are used within a single processing or generating plant or over a small geographic area. Supervisory Control and Data Acquisition (SCADA) systems typically are used for large, geographically dispersed distribution operations.

4 Global Cases Siberia,1982 CIA s hacker attacked USSR s pipeline operation software caused a massive explosion during the summer of 1982 in the controversial pipeline delivering Siberian natural gas to Western Europe. from book At the Abyss: An Insider's History of the Cold War (Ballantine, 2004, ISBN ) 2002: FBI traced found the visitors routed through telecommunication network of Saudi Arabia, Indonesia and Pakistan studied emergency telephone systems, electrical generation and transmission, water storage and distribution, nuclear power plants and gas facilities.

5 Global Cases (cont.) Based on evidence collected in Afghanistan, Al Qaeda had a high level of interest in DCS and SCADA devices. (AFI Intelligence Briefing - 28th June 2002) Islamic terrorism looks for new methods of attack 'Bombs and Bytes' The next Al Qa'ida terrorist threat US faces an 'electronic Pearl Harbour' 2003: Slammer Worm crashed Ohio nuke plant network, Davis-Besse According to a document released by the North American Electric Reliability Council in June, Slammer downed one utility's critical SCADA network after moving from a corporate network, through a remote computer to a VPN connection to the control center LAN. (

6 Global Cases (cont.)- Insider Sabotage The wireless could be a real mess. Control systems often use microwave, data radios and cellular packet services for communications. Depending on the implementation, these forms of communication can be vulnerable to certain types of attacks. Disgruntled employee might be the most dangerous since he knows the system and he is with the system. sues/dec02/features/scadavs/scada vs.html

7 Activity Timeline of U.S. Critical Infrastructure Protection 9/11/2001

8 Involving Institute Department of Homeland Security (DHS) National Cyber Security Division (NCSD) Information Analysis and Infrastructure Protection (IAIP) National Infrastructure Protection Center National Infrastructure Assurance Office Department of Defense (DOD) Department of Energy (DOE) Office of Energy Assurance (OEA) 21 Steps to Improve Cyber Security of SCADA Networks National Institute of Standards and Technology (NIST) National Security Agency (NSA) FBI National Infrastructure Protection Agency American Gas Association (AGA) Cryptographic Protection of SCADA Communications, Part 1 Background, Polices and Test Plan National Infrastructure Security Coordination Centre, England

9 Problem 1: Lo Chance Hi Impact Incident is focused more after 9/11 incident Impact H High P1 P2 P3 L Low L Medium H Probability P4 P5 P6 P7 What never happened, may happen % = POSSIBLE RISK = Likelihood x Impact

10 Problem 1: (cont.) Lo Chance Hi Impact Incident is focused more after 9/11 incident P1 P2 P3 P4 P5 P6 P7 National Critical Infrastructure "critical infrastructure"-- industrial sectors that are "essential to the minimum operations of the economy and government." PDD63, 1998 Telecommunications Energy Banking and Finance Transportation Water Systems Emergency Services

11 Problem 2: A Gap of Coordination P1 P2 P3 P4 P5 P6 P7 Different vocabulary ICT: I I know TCP/IP, NetBIOS, MSSQL, SAP and etc. Operation: I I know Profibus, FieldBus,, MODBUS, Solenoid valve, Turbine, Hydraulic, Pneumatic and etc. SCADA/DCS could be somewhat frighteningly exciting to ICT people. Inadequate knowledge and experience on the system lowers the confident to provide appropriate support. Operation people should work with IT Security Professionals from ICT Department or consultancies Educating IT Department about Process Control & SCADA operations

12 Problem 3: Unsynchronized Technology Lifecycle P1 P2 P3 P4 P5 P6 P7

13 Problem 3: (cont.) Unsynchronized Technology Lifecycle P1 P2 P3 P4 P5 P6 P7 ICT technology keep changing while Control System is here to stay. Production processes are rarely changed. We can operate as we always do. So, WHY UPGRADE??? ICT equipment life is ~3-5 5 years Control equipment life is ~10+ years SCADA Security today is where enterprise security was years ago

14 Problem 4: Sharing the SAME CHALLENGES P1 P2 P3 P4 P5 P6 P7 The information or data from devices or controllers shall be sent or processed at a server of that system which could expose many possibility to attack as follow: Communication Media Radio : Jammer Protocol Anomaly Operating System running on the server Microsoft Windows Unix Database MS-SQL SQL Oracle System running standard Operating System is vulnerable to standard attacks Malware/Virus/Worm/SpyWare

15 Problem 5: We are Connected P1 P2 P3 P4 P5 P6 P7 The operation network is somehow connected to the corporate network or even able to access the Internet. Without proper protection and control, the operation environment is really in high risk.

16 Problem 6: Is the system integrator have security in mind when engineering the system? P1 P2 P3 P4 P5 P6 P7 Is all possible condition properly handled? Ex. The engineer may knows that the reading equipment would never yield a negative value, so he wrote program to only handle the > 0 value. WHAT IF someone injects a negative value to that variable by tapping the media or at the database level? Can you tell what will happen? Is the program running in the controller a security-aware by design?

17 Problem 6: cont. P1 P2 P3 P4 P5 P6 P7 None of the industrial control systems used to monitor and operate the nation's utilities and factories were designed with security in mind. Moreover, their very nature makes them difficult to secure. Linking them to networks and the public Internet only makes them harder to protect. Said by Joseph Weiss, executive consultant for KEMA Consulting :// avs.html

18 Problem 7: Policy Enforcement P1 P2 P3 P4 P5 P6 P7 People + Process + Technology are needed to work in harmony. Sometime we need certain technology or tool to ensure that the defined process or policy is in good shape. The most vulnerable entity is PEOPLE.. So keep them aware of what they are doing and risk they are fronting, plus the consequent damages and responsibility if they are not complied with the policy.

19 Problems Summary 1. Lo-chance Hi-Impact 2. A Gap of Coordination 3. Unsynchronized Technology Lifecycle 4. Sharing the SAME CHALLENGES 5. We are Connected 6. System Integrator 7. Policy Enforcement People Oriented Process Oriented Technology Oriented

20 Reference / More Information SCADA/DCS Security Joe St Sauver,, Ph.D., University of Oregon Computing Center darkwing.uoregon.edu/~joe/scada/ Security for Critical Infrastructure SCADA Systems Andrew Hildick-Smith, GSEC Practical Assignment SCADA and Industrial Automation Security, General Information Security CSI/FBI Computer Crime and Security Survey

21 Question?