Toward Open Source Intrusion Tolerant SCADA. Trevor Aron JR Charles Akshay Srivatsan Mentor: Marco Platania

Similar documents
Network-Attack-Resilient Intrusion- Tolerant SCADA for the Power Grid

Network-Attack-Resilient Intrusion-Tolerant SCADA for the Power Grid

Evaluating BFT Protocols for Spire

Spire: Intrusion-Tolerant SCADA for the Power Grid

Spire: Intrusion-Tolerant SCADA for the Power Grid

Toward Intrusion Tolerant Clouds

AUTOMATED SECURITY ASSESSMENT AND MANAGEMENT OF THE ELECTRIC POWER GRID

Research Statement. Amy Babay December 2018

Firewalls (IDS and IPS) MIS 5214 Week 6

Cyber Security of Industrial Control Systems (ICSs)

Automation Services and Solutions

Securing Industrial Control Systems

A FAULT- AND INTRUSION-TOLERANT ARCHITECTURE FOR THE PORTUGUESE POWER DISTRIBUTION SCADA

The Future of Industrial Control Systems Security

Towards a Practical Survivable Intrusion Tolerant Replication System

Towards a Practical Survivable Intrusion Tolerant Replication System

SCADA Protocols. Overview of DNP3. By Michael LeMay

Robust BFT Protocols

Towards Recoverable Hybrid Byzantine Consensus

Cyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies

Dmitry Ishchenko/Reynaldo Nuqui/Steve Kunsman, September 21, 2016 Collaborative Defense of Transmission and Distribution Protection & Control Devices

Addressing Cyber Threats in Power Generation and Distribution

Smart Cities and Security. Security - 1

Maxwell Dondo PhD PEng SMIEEE

Substation. Communications. Power Utilities. Application Brochure. Typical users: Transmission & distribution power utilities

May SCADA Testbed Cyber-Security Evaluation. Iowa State University. Advisor: Members: Manimaran Govindarasu

Cyber Security and Substation Equipment Overview

Amy Babay April 2018

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Providing SCADA network data sets for intrusion detection research Antoine Lemay (ÉPM) José M. Fernandez (ÉPM) WORLD-CLASS ENGINEERING

SCADA and Central Applications An introduction

Job Sheet 1 The SCADA System Network

Securing the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.

Chapter X Security Performance Metrics

INDUSTRIAL CONTROL SYSTEMS & COMPUTER PROCESS CONTROL

Semantic Security Analysis of SCADA Networks to Detect Malicious Control Commands in Power Grids

The SCADA Connection: Moving Beyond Auto Dialers

Power System Network Simulator (PSNsim)

Tools, Techniques, and Methodologies: A Survey of Digital Forensics for SCADA Systems

Modular Smart Grid Power Systems Simulators (Utilities)

i-pcgrid WORKSHOP 2016 INTERACTIVE REMOTE ACCESS

Connectivity 101 for Remote Monitoring Systems

Cyber Security and Privacy Issues in Smart Grids

Amy Babay November Doctor of Philosophy in Computer Science September 2018

IEC in Digital Substation and Cyber security

Shabnam Rukhsar Electrical Engineering Department, Anjuman College of Engineering and Technology.India

Cyber Security of Power Grids

How CyberArk can help mitigate security vulnerabilities in Industrial Control Systems

Toward Intrusion Tolerant Cloud Infrastructure

The SCADA Connection: Moving Beyond Auto Dialers

Building a resilient ICS

Load Management of Industrial Facilities Electrical System Using Intelligent Supervision, Control and Monitoring Systems

PROTECTING MANUFACTURING and UTILITIES Industrial Control Systems

High performance monitoring & Control ACE3600 Remote Terminal Unit

IEC A cybersecurity standard approaching the Rail IoT

Small hydro power plant automation. Oswaldo Kaschny Schneider Electric Brazil CDI Power

1 Description of Methodology for Volt / Var Optimization

Substa'on Automa'on and SCADA The Key to efficiency. Empowering Lives

Introduction to ICS Security

WHITE PAPER. Vericlave The Kemuri Water Company Hack

2 nd Cybersecurity Workshop Test and Evaluation to Meet the Advanced Persistent Threat

Chapter X Security Performance Metrics

Jeff Dagle. P.O. Box 999, M/S K5-20; Richland WA ; Fax: ;

Cyber Attacks & Breaches It s not if, it s When

Control Systems Cyber Security Awareness

Designing a new IEC substation architecture

Communication Pattern Anomaly Detection in Process Control Systems

Failure Diagnosis and Cyber Intrusion Detection in Transmission Protection System Assets Using Synchrophasor Data

Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.

Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Scaling Byzantine Fault-tolerant Replication to Wide Area Networks

ENGINEERING AND SERVICES FIRM THAT SPECIALIZES IN HYDROELECTRIC POWER AND CONTROL SYSTEM DESIGN, OUR TEAM OF PROFESSIONALS HAVE WORKED TOGETHER

Detection and Analysis of Threats to the Energy Sector (DATES)

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

Protection, Monitoring, and Control System for Distribution Substations ALARM HISTORY SYSTEM COMM. On-Line Documentation TRANSFORMER 12 MW

Data Diode Cybersecurity Implementation Protects SCADA Network and Facilitates Transfer of Operations Information to Business Users

Digital substations. Introduction, benefits, offerings

On Bounded Rationality in Cyber-Physical Systems Security: Game-Theoretic Analysis with Application to Smart Grid Protection

From Wikipedia, the free encyclopedia

Securing the North American Electric Grid

Digital Wind Cyber Security from GE Renewable Energy

How AlienVault ICS SIEM Supports Compliance with CFATS

Security Standards for Electric Market Participants

INTELLIGENT SCADA FOR LOAD CONTROL

Peter Overgaauw Pascal Stijns 27 Oct 2016 EXPERION PKS CONTROLS ELECTRICAL SYSTEMS TOO!

Automate and Preserve Electromechanical Relay Investment Part 3 of 3 Using the Bitronics 70 Series to Improve Remote Monitoring and Control

FERC Hydroproject Cyber Security [FERC 3A Section 9 versus CIP v5]

Substation SCADA Monitoring

Electricity for Free? The Dirty Underbelly of SCADA and Smart Meters

Cyber Threat Awareness CETAC 2018

Industrial Defender ASM. for Automation Systems Management

Relays - SCADA - Metering

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

State of Israel Prime Minister's Office National Cyber Bureau. Unclassified

Development Of EMCS In Power Plants

October 05, ECE 421 Session 12. Utility SCADA and Automation. Presented by: Chris Dyer

Multistage Cyber-physical Attack and SCADA Intrusion Detection

HARDWARE OF SUPERVISORY CONTROL & DATA ACQUISITION SYSTEM

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Critical Resilient Interdependent Infrastructure Systems and Processes

Transcription:

Toward Open Source Intrusion Tolerant SCADA Trevor Aron JR Charles Akshay Srivatsan Mentor: Marco Platania

Outline What is SCADA? SCADA Vulnerabilities What is Intrusion Tolerance? Prime PvBrowser Our Architecture Demo Future Directions

What is SCADA? Supervisory Control and Data Acquisition Used to supervise and control national infrastructure Main components: Master HMI PLCs/RTUs Designed to work with propriety hardware and protocols Components are connected on private, isolated network

SCADA in Power Grids (1) Power grids include generation plants and transmission/distribution substations which are spread across wide areas Electrical Generation Plant: generates electrical power to be transmitted across the grid Transmission Substation: transforms power for long distance transmission and provides switching between sources/destinations to meet the needs of the grid Distribution Substation: receives power from a transmission substation(s) to be distributed on site

SCADA in Power Grids (2) SCADA system is used to monitor power substations RTUs read data from field devices Transformers Generators Switches Data is processed by the SCADA master and presented to the user through the HMI If the values read from RTUs exceed predefined safety threshold, alarms are raised by the master

SCADA Systems moving to the Internet Traditional Security Model Perimeter based Security through obscurity Primary/Standby Architecture SCADA systems originally designed to run on private networks and are not optimized for security In the past decade, SCADA systems witnessed many changes Use of off-the-shelf hardware Standardized protocols Open networks (e.g. Internet)

SCADA vulnerabilities Attacks exploiting software vulnerabilities Stuxnet Project SHINE Attacks involving foreign governments Current solutions are ineffective against malicious intrusions

What is Intrusion Tolerance? Intrusion Tolerance: Executing correct operations even if a part of the system is controlled by an adversary Safety: all correct replicas maintain consistent state Liveness: eventual progress There are many algorithms in literature that provide byzantine fault tolerant replication, until less than one third of the system is compromised BFT Zyzzyva Prime Aardvark

Prime: Byzantine Replication with Performance Guarantees Under Attack First BFT protocols to provide performance guarantees while under attack Limits the power of a malicious leader to achieve bounded delay performance guarantee

Defense across space and time Prime and BFT protocols in general are fragile over long system life time Solution Defense Across Space: diversify the execution environment to generate different versions of the same application Defense Across Time: periodic and proactive replica rejuvenation to clean undetected intrusions Diversity + Proactive recovery allow for long lived intrusion tolerant systems

Intrusion tolerant SCADA Use Prime to replicate SCADA masters SCADA master works correctly if no more then f replicas out of 3f+1 replicas have been intruded Diversity and proactive recovery allow for the system to function for a long time An earlier version of Prime was integrated by Siemens into their SCADA product for the power grid, but it does not include diversity and proactive recovery (no protection across space and time)

Our Goals To develop a proof-of-concept of an open source intrusion tolerant SCADA Components: PvBrowser: Open source SCADA software Prime: Intrusion tolerant replication with performance guarantees under attack RTU emulator: simulates data generation from field devices

PvBrowser Open source SCADA Master and HMI server Architecture Master Data acquisition daemon (DAD): communicates with RTUs/PLCs Shared memory: medium for communication between DAD and Pvserver ProcessViewServer: visualizes data from DAD and communicates with HMI HMI ProcessViewBrowser: presents information from the visualizer to user

PvBrowser (Modifications)

PvBrowser (Modifications) Break Shared Memory

PvBrowser (Modifications) Break Shared Memory Implement message passing between DAD and PVServer Allows us to: Eliminate nondeterministic behavior

PvBrowser (Modifications) Break Shared Memory Implement message passing between DAD and PVServer Allows us to: Eliminate nondeterministic behavior Run processes on different machines

PvBrowser (Modifications) Break Shared Memory Implement message passing between DAD and PVServer Allows us to: Eliminate nondeterministic behavior Run processes on different machines Implement replication

Modbus Standardized communication protocol used by many SCADA systems around the globe Used to communicate with Remote Terminal Units (RTUs) Values stored in memory registers, organized as: Input Registers: analog inputs of different types (e.g. voltage, amperage) Input Status: digital input used to represent dichotomous values (e.g. electrical breakers, switches) Coil Status: digital output used to switch voltage in a relay (e.g. switch power ON/OFF to field device) Holding Registers: store additional data the can be used by other devices; less commonly used

Modbus Example

Our Architecture DAD and 3f+1 PVServers all run on different physical machines DAD polls RTUs and communicates data to servers via message passing Data polled from field units is replicated consistently across all servers using Prime HMI can connect to any server and observe consistent data at each correct replica PRIME MODBUS RTU RTU RTU MASTER MASTER MASTER MASTER BROWSER Data Acquisition

RTU Emulator ASE2000 Version 2 RTU Test Set Allows the user to define RTUs For each RTU, it is possible to specify communication protocol (e.g. Modbus) and the number of registers Used to test how the SCADA master responds to events (e.g. change of values/states) Allows testing of newly implemented protocols (e.g. DNP3)

RTU Emulator Example

https://cdn.fbsbx.com/hphotos-xap1/v/t59.2708-21/11170697_10206615424567947_1652314067_n.pdf/powergridoverview-dagle.pdf?oh=a311fd53c7bdbe0459294bafa930067f&oe=5547523f&dl=1

Future Directions Our Architecture provides intrusion tolerant replication of the data used by the SCADA Master PRIME MODBUS RTU RTU RTU Data Acquisition MASTER MASTER MASTER MASTER BROWSER

Future Directions Our Architecture provides intrusion tolerant replication of the data used by the SCADA Master Additional components: Replication of all events involving the SCADA master, allowing a client to compare the state of each server and determine the correct state (with f+1 consistency) PRIME MODBUS RTU RTU RTU Data Acquisition MASTER MASTER MASTER MASTER CLIENT LIBRARY BROWSER

Future Directions Our Architecture provides intrusion tolerant replication of the data used by the SCADA Master Additional components: Replication of all events involving the SCADA master, allowing a client to compare the state of each server and determine the correct state (with f+1 consistency) Implementing intrusion tolerance for data acquisition Replicating DAD Using Prime to synchronize and order data polled from RTUs/ PLCs MODBUS PRIME Data Acquisition RTU RTU RTU Data Acquisition MASTER MASTER MASTER MASTER CLIENT LIBRARY BROWSER Data Acquisition Data Acquisition

Special Thanks Johns Hopkins DSN Lab Dr. Yair Amir Dr. Marco Platania

Intrusion tolerance: the time is now! Critical Infrastructures (power grids, water plants, transportation systems, ) are at the heart of human society Power grids are particularly important because other Critical Infrastructures, systems, and human activities rely on them This is one of the factors that make power grids an increasingly important target for cyber attacks In 2013 DHS reported that in 2012 the 40% of cyber attacks targeted the energy sector Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy Barack Obama, State of the Union 2013

Breaking the barriers Power service industry is highly regulated Power companies strictly follows the regulation requirements SCADA system manufacturers have no (or little) incentive to develop capabilities that are not demanded by power companies Because intrusion tolerance is not on the regulations, power companies and SCADA system manufacturers are not interested in working on intrusion tolerant solutions The first prototype of intrusion tolerant SCADA produced by Siemens was never translated to a product in the field, lacking customer demand and regulatory requirements

Our goal Building the first survivable intrusion tolerant open source SCADA system Impact on the energy ecosystem: Showing to regulators, power companies, and SCADA manufacturers the importance of intrusion tolerance and that the problem is solvable Making intrusion tolerant a regulatory requirement Showing and teaching SCADA manufacturers how to integrate intrusion tolerance in their own systems via open source Involving other researchers so to enlarge the SCADA community and increase the impact that it can have

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback