Improving SCADA System Security

Transcription

1 Improving SCADA System Security NPCC 2004 General Meeting Robert W. Hoffman Manager, Cyber Security Research Department Infrastructure Assurance and Defense Systems National Security Division, INEEL September 30, 2004

2 Orientation

3 National Security Division Mission Areas Homeland Security Combat Support/Demilitarization Nonproliferation/Counter-proliferation Intelligence Technology and Analysis Information and Communications Safeguards and Security

4 Critical Infrastructure Assurance Critical Infrastructure Test Range Wireless SCADA Cyber Security Transportation Physical Security systems Test Range Protocols

5 Infrastructure Interdependencies Problem: Given the increasing interconnections and interdependencies of our critical infrastructure systems, it is absolutely essential that we understand their vulnerabilities, so we can correct or compensate for them. Infrastructure systems were designed by engineers to address a specific need. Security, (physical or Cyber), is an after thought, if addressed at all.

6 Cyber Security Research Mission Provide internationally recognized Cyber Security resources capable of providing unique solutions to complex problems in the protection of our nation s infrastructure.

7 Genesis Tasked to protect the integrity of the INEEL production environment IT while enabling the successful completion of mission objectives. Areas of Expertise: Intrusion Detection Network Traffic Analysis Automated Modem War Dialing Incident Response and Reporting Operating System Vulnerability Assessment System Forensics Strategic Technology Assessment Unique Tool Development

8 SCADA / PCS assessment and mitigation Cyber Security Centric Engineering Design Review Comprehensive Remote and Onsite assessments Vendor / Industry interactive National SCADA Test Bed Control Systems Security & Test Center

9 Cyber Security Lab Problem: The risks to U.S. critical infrastructure from cyber attacks are real and evolving. Leveraged Solution: Utilizing multi-faceted capabilities from various design engineering components of the INEEL IT and RD organizations. Resources like the Cyber Security Lab can play an integral role in all aspects of solution development.

10 Vendor / Industry interactive System Arrives Sponsor path Provide baseline recommendations Baseline Identify Vulnerabilities Identify Script Kiddie concerns Generate Exploit Code Demonstrate examples of hostile activity Work with Sponsor To mitigate Assist in mitigation or T&E of same Determine acceptable level of risk Assess modified risk state Repeat Secure path Document Initial State Prioritize and classify (1-n) vulnerabilities Address most probable attack mechanisms at this layer Document vendor / sponsor modifications Evaluate / record effectiveness and impact

11 SCADA System Exploit Demonstration NPCC Task Force on Infrastructure Security and Technology, October 26 27, Boston MA Afternoon Workshop split into two sessions Phase 1 Component Overview Attack demonstration and Impact Phase 2 Detailed configurations Hands On detection / mitigation

12 Typical Utility Network Architecture

13 Demonstration Overview Phase 1 Demonstration of cyber exploit on multiple levels Operating System Standard network protocol SCADA system protocol Network Component overview Assessment/Mitigation/Protection Strategies

14 Demonstration Overview Phase 2 Layered defense configuration Exploit/Defense interaction What does an IDS see during an exploit? What does a Firewall see during an exploit? Rule set configuration Security Tools of the Trade

15 Points of Contact Robert Hoffman, Manager Cyber Security Research (208) , (208)