VIKING. Vital Infrastructure, Networks, Information and Control Systems Management. A Research Project in the EU Seventh Framework Programme

Transcription

1 VIKING Vital Infrastructure, Networks, Information and Control Systems Management A Research Project in the EU Seventh Framework Programme Mathias Ekstedt, PhD Industrial Information and Control Systems 1

2 The Power Network 2

3 SCADA 3

4 Workstation for operators Advanced Workstations SCADA LAN Office LAN Firewall A SCADA Server (Online/Standby) B Communication Equipment (Front-End) Application Servers Modem Communication Networks System Vendors Front-End Substation LAN Front-End Substation LAN Firewall INTERNET WAN IED IED IED Modem SCADA Security 4

5 Potential Consequences Northeast Blackout 2003, US and Canada 50 million people without electricity Financial losses estimated to 6-10 billion USD Railway system interrupted Airports shut down (passenger screening, electronic tickets) Gas stations unable to pump gas Disrupted cellular communication Disrupted television (cable tv) Internet traffic disrupted Water system lost pressure: boil water advisories, closing of restaurants Sewage spills CIA senior analyst Tom Donahue: We have information that cyberattacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. 5

6 VIKING Objectives 1. Identification and assessment of vulnerabilities for SCADA systems. Prediction of system failure impacts and security risks. 2. Costs and consequences of misbehaving control systems in the power transmission and distribution network. 3. New technical security and robustness solutions. 4. Increase the awareness of the dependencies and vulnerabilities of cyber-physical systems in the power industry. 6

7 Project Structure 7

8 Partners ABB E.ON Developer of SCADA systems Power transmission and distribution, SCADA system user Zürich Insurance Company Consequences and costs of power system disruptions Astron KTH ETH SCADA system integration Software system architecture, networked control systems, communication networks Power system modeling, cyber-physical modeling, game theory UC Berkeley Computer security, systems modeling University of Maryland Hybrid networks, network security 8

9 Core Research Issue Decision support for control system security issues: What is the level of security of my process control system(s)? What are the security weaknesses in my systems? How do the weaknesses influence each other? What can I do to improve the system security effectively? What happens if I change my systems? What happens if I change my organization? 9

10 Models for IT!? 10

11 Theory for ITmodels!?? Distance between Paris and Dakar = F(x) Security in the SCADA system = F(x) 11

12 The challenge: control system security is a broad and complex area Plenty of reference material: NIST SP (and others), NERC CIP, ISO 17799, ISO 27004, ISA-SP99, material from US-CERT, SCADA Procurement Language,, books, articles A wide-spanning area: Business Organization Requirements Risk analysis, information and functionality criticality classification, staff access rights, business continuity management, IT Organization Requirements Testing tools and competence, configuration management, IT policies, acquisition processes, coding practices IT System requirements Firewalls, IDS, access control, authentication, encryption, execution environment limitations, network configurations, protocol limitations, internal application design, Vulnerabilities/attack vectors denial of service, default passwords, man in the middle, buffer overflow,. And all of this is connected; systems to systems to organization to organization Analysis Paralysis!?! 12

13 Organizing security theory Definitions SCADA Security Causality Quality of firewall protection Quality of... Quality of Intrusion Detection Quality of risk analysis 13

14 Only network diagrams are not sufficient What can be said from this kind of model? - Firewall configuration? - access control? - authentication? - risk analyses? - IT policies - functional dependencies? - 14

15 Credibility of Analyses - we are not always sure Credibility of empirical information Degree of consistency of answers Auto reflected credibility Expertise of source Time proximity Historical reliability of source Referred Credibility Credibility of the theory Your gut feeling Expert s statement Backed with experiments or hands-on experience 15

16 Some parts of the solution Cyber-physical models and enterprise architecture - Power network models, software architecture, hardware/system architecture, organization/business architecture Attack graphs Defense graphs Bayesian statistics Risk and cost analyses 16

17 Contact Mathias Ekstedt VIKING Project Coordinator Gunnar Björkman VIKING Technical Coordinator Pontus Johnson 17