Jeff Dagle. P.O. Box 999, M/S K5-20; Richland WA ; Fax: ;

Similar documents
Supervisory Control and Data Acquisition (SCADA) Introduction

Summary of Cyber Security Issues in the Electric Power Sector

Potential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group

Firewalls (IDS and IPS) MIS 5214 Week 6

Submitted on behalf of the DOE National SCADA Test Bed. Jeff Dagle, PE Pacific Northwest National Laboratory (509)

Job Sheet 1 The SCADA System Network

Area Covered is small Area covered is large. Data transfer rate is high Data transfer rate is low

Connectivity 101 for Remote Monitoring Systems

ECE 444/544 Supervisory Control & Critical Infrastructures Lectures 20 & & 28 March 2018

Authenticate and encrypt all serial data communications to protect critical assets

Creating a Dynamic Serial Edge For Integrated Industrial Networks

SEL-3025 Serial Shield Serial Cryptographic Transceiver

ITEC 3800 Data Communication and Network. Introducing Networks

Data Communication and Network. Introducing Networks

N-Dimension n-platform 340S Unified Threat Management System

Merge physical security and cybersecurity for field operations.

November 29, ECE 421 Session 28. Utility SCADA and Automation. Presented by: Chris Dyer

Networking interview questions

Chapter 6: DNP Introduction. 6.2 Features of the DNP The OSI/ISO model. 6.3 Basic topology

Avygdor Moise, Ph.D. Future DOS Research & Development Inc. Enablers of plug & play AMI solutions that work

CCNA Exploration1 Chapter 7: OSI Data Link Layer

High performance monitoring & Control ACE3600 Remote Terminal Unit

Contents. Introduction to Networking. Preface...i. Introduction... xix

The vendor shall have implemented an ISO 9001 certified Quality Management System.

Verizon Software Defined Perimeter (SDP).

COMMUNICATION NETWORKS. FOX615/612 TEGO1 IEC GOOSE Proxy Gateway interface module.

Introduction to Information Technology Turban, Rainer and Potter John Wiley & Sons, Inc. Copyright 2005

October 05, ECE 421 Session 12. Utility SCADA and Automation. Presented by: Chris Dyer

Substation. Communications. Power Utilities. Application Brochure. Typical users: Transmission & distribution power utilities

Guide to Networking Essentials, 6 th Edition. Chapter 6: Network Reference Models and Standards

Network Security and Cryptography. 2 September Marking Scheme

COMPUTER NETWORKS UNIT I. 1. What are the three criteria necessary for an effective and efficient networks?

Wireless Data Communications for SCADA Systems

Securing the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.

Identify the features of network and client operating systems (Windows, NetWare, Linux, Mac OS)

A TCP/IP BASED COMMUNICATION ARCHITECTURE FOR DISTRIBUTION NETWORK OPERATION AND CONTROL

Layering in Networked computing. OSI Model TCP/IP Model Protocols at each layer

Data Communication. Introduction of Communication. Data Communication. Elements of Data Communication (Communication Model)

CIT 380: Securing Computer Systems. Network Security Concepts

Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure

The OSI Model. Open Systems Interconnection (OSI). Developed by the International Organization for Standardization (ISO).

Communication Networks

Netwoking Essentials

Communication Service Provider

Security in grid control centers: Spectrum Power TM Cyber Security

CyberFence Protection for DNP3

Test Bank for A Guide to Designing and Implementing Local And Wide Area Networks 2nd Edition by Palmer and Sinclair

IEC Vaasa Seminar 21st October Contents

Data Communications. From Basics to Broadband. Third Edition. William J. Beyda

Organizations have developed standard sets of protocols

QEI. SCADA Remote Gateways & RTUs Substation & Feeder Automation Capacitor Control

Chapter 2 Communicating Over the Network

SCADA Protocols. Overview of DNP3. By Michael LeMay

Cyber Security of Power Grids

ON-LINE EXPERT SUPPORT THROUGH VPN ACCESS

CompTIA Network+ Study Guide Table of Contents

Chapter 1. What is Data Communications 8/19/2010. The Data Communications Industry. Approach to Data Communications

Virtual Dispersive Networking Spread Spectrum IP

TestOut Network Pro - English 4.1.x COURSE OUTLINE. Modified

This course prepares candidates for the CompTIA Network+ examination (2018 Objectives) N

Secure Industrial Automation Remote Access Connectivity. Using ewon and Talk2M Pro solutions

IC32E - Pre-Instructional Survey

Chapter 8 Information Technology

31270 Networking Essentials Focus, Pre-Quiz, and Sample Exam Answers

Integrating Information Systems: Technology, Strategy, and Organizational Factors

Cyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies

Configuring your VLAN. Presented by Gregory Laffoon

Network protocols and. network systems INTRODUCTION CHAPTER

Introduction. Communication

SCADA OVER TETRA. Patrick Colling May 2016

Cyber Criminal Methods & Prevention Techniques. By

We are going to see a basic definition of the devices you can find in a corporate wired network, so you can understand basic IT engineering jargon.

Campus Network Design

IP Mobility vs. Session Mobility

Cyber Security for Renewable Energy Systems

Switching on our smartphone and sending an to a friend living 5000 km from our home is something that we take for granted, but that involves a

SUBSTATION AUTOMATION SYSTEMS

Inform IT Information Management Tenore. SCADA Extension ABB

OrionLX. An Overview of the OrionLX Product Line

Secure Communications on VoIP Networks

OSI Layer OSI Name Units Implementation Description 7 Application Data PCs Network services such as file, print,

Top-Down Network Design

Maxwell Dondo PhD PEng SMIEEE

Networking Essentials

Data Communications. Course Design Data Communications. Pre/Post Test (80 Questions/80 Points) Upon Request None No No No

Agenda 05/21/

Dr. Johan Åkerberg, ABB Corporate Research, Sweden, Communication in Industrial Automation

OSI ISO, OSI Reference Model

MTA_98-366_Vindicator930

Cybersecurity and Communications Based Train Control

SCADA security why is it so hard? Amol Sarwate Director of Vulnerability Engineering, Qualys Inc.

CASE STUDY. Wind Farm in Mexico Completes First Successful IEC Application With Multivendor Interoperability

Solution Overview Vectored Event Grid Architecture for Real-Time Intelligent Event Management

Ch. 4 - WAN, Wide Area Networks

CS4700/CS5700 Fundaments of Computer Networks

firewalls perimeter firewall systems firewalls security gateways secure Internet gateways

Wireless Network Security Fundamentals and Technologies

Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Industrial Security - Protecting productivity. Industrial Security in Pharmaanlagen

Transcription:

SCADA: A Deeper Look Jeff Dagle Pacific Northwest t National Laboratory P.O. Box 999, M/S K5-20; Richland WA 99352 509-375-3629; Fax: 509-375-3614; jeff.dagle@pnl.gov gov

Outline Vendors Protocols DNP3.0ProtocolExample Protocol Demonstration 2

SCADA Principles of Operation Interface with Physical Devices Remote terminal unit (RTU) Intelligent electronic device (IED) Programmable logic controller (PLC) Communications Directly wired Power line carrier Microwave Radio (spread spectrum) Fiber optic 3

Typical SCADA Architecture Main Application Processing Primary Server Secondary Server Inter-site Gateway Telemetry Server 1 Telemetry Server n Central Processing LAN Telemetry LAN Independent Control Center A Independent Control Center B Leased Lines RTU Comm Server Modem Modem Modem RTU RTU RTU xx x Bridge Bridge Bridge RTU RTU RTU yy y RTU Comm Server Modem Modem Modem RTU RTU RTU zz z Serial Links Phone Line Radio Fiber Optic Redundant Paths IED PLC IED 4

Major SCADA/EMS Vendors Asea Brown Boveri (ABB) Siemens Alstom ESCA Telegyr Systems Advanced Control Systems (ACS) Harris Bailey 5

SCADA Protocols (Partial List!) ANSI X3.28 BBC 7200 CDC Types 1 and 2 Conitel 2020/2000/3000 DCP 1 DNP 3.0 Gedac 7020 IBM 3707 Landis & Gyr 8979 Pert PG&E QEI Micro II Redac 70H Rockwell SES 91 Tejas 3 and 5 TRW 9550 Vancomm 6

Protocol Background International Standards Organization Open System Interconnection Reference Model ISO OSI Reference Model (protocol stack) 7 Application Provides interface to application services 6 Presentation 5 Session 4 Transport 3 Network 2 Data Link 1 Physical Data representation Starts, maintains, and ends each logical session End-to-end reliable communications stream Routing and segmentation/reassembly of packets Transmit chunks of information across a link Transmit unstructured bits across a link 7

Intermediate Nodes Application Application Presentation Presentation Session Session Transport Transport Network Network Network Data Link Data Link Data Link Data Link Physical Physical Physical Physical Physical REPEATER BRIDGE ROUTER 8

Simplified Protocol Stack International Electrotechnical Commission (IEC) Enhanced Performance Architecture (EPA) 3 Application Provides interface to application services 2 Data Link Routing and segmentation/reassembly of packets 1 Physical Transmit bits of information across a link 9

SCADA Protocol Example Distributed Network Protocol (DNP) 3.0 SCADA/EMS applications RTU to IED communications Master to remote communications Peer-to-peer instances and network applications Object-based application layer protocol Emerging open architecture standard 10

DNP 3.0 Data Link Layer Interface with the physical layer Packing data into the defined frame format and transmitting the data to the physical layer Unpacking frames received from physical layer Controlling all aspects of the physical layer Data validity and integrity Collision avoidance/detection Perform message retries Establish connection, disconnection in dial-up environment 11

DNP 3.0 Data Link Layer BLOCK 0 BLOCK 1 BLOCK n START LENGTH CONTROL DESTINATION SOURE CRC USER DATA CRC... USER DATA CRC FIXED LENGTH HEADER (10 OCTETS) BODY START LENGTH CONTROL DESTINATION SOURCE CRC USER DATA 2 starting octets of the header 1 octet count of USER DATA in the header and body 1 octet Frame Control 2 octet destination address 2 octet source address 2 octet Cyclic Redundancy Check Each block following the header has 16 octets of User defined data 12

DNP 3.0 Transport Function Supports advanced RTU functions and messages larger than the maximum frame length in the data link layer Additional data integrity it verification Packs user data into multiple frames of the data link frame format for transmitting the data Unpacks multiple frames that are received from the data link layer Controls data link layer 13

DNP 3.0 Transport Function TRANSPORT HEADER USER DATA 1 OCTET 1 to 249 OCTETS IN LENGTH FIN FIR SEQUENCE FIN FIR 0 = More frames follow 1 = Final frame of a sequence 1 = First frame of a sequence 0 = Not the first frame of a sequence SEQUENCE Number between 0 and 63 to ensure frames are being received in sequence 14

DNP 3.0 Application Layer Communications Interface with Application Software Designed for SCADA and Distributed Automation Systems Supported functions include send request accept response confirmation, time-outs outs, error recovery, etc. 15

Open protocols SCADA Trends Open industry standard protocols are replacing vendorspecific proprietary communication protocols Interconnected t to other systems Connections to business and administrative networks to obtain productivity improvements and mandated open access information sharing Reliance on public information systems Increasing use of public telecommunication systems and the internet for portions of the control system 16

Confidentiality Vulnerability Concerns Protecting information from unauthorized access Important for deregulation, competitive intelligence Integrity Assuring valid data and control actions Most critical for real-time control applications Availability Continuity it of operations Important for real-time control applications Historically addressed with redundancy 17

Laboratory SCADA Vulnerability Demonstration SCADA Protocol (DNP 3.0) Operator Interface Scenarios Denial of service Operator spoofing Direct manipulation of field devices Combinations of above Protocol Analyzer (Intruder) Field Device Remote Terminal Unit (RTU) Intelligent Electronic Device (IED) Programmable Logic Controller (PLC) Vulnerability implications vary significantly depending on the scenario and application 18

SCADA Message Strings Repeating easily decipherable format Captured by RTU test set 19

Mitigation Strategies Security through obscurity Poor defense against structured adversary Isolated network Communication encryption Concerns over latency, reliability, interoperability Vendors waiting for customer demand Signal authentication May provide good defense without the concerns associated with full signal encryption 20

IEEE Standard 1402-2000 2000 IEEE Guide for Electric Power Substation Physical and Electronic Security Provides definitions, parameters that influence threat of intrusions, and gives a criteria for substation security Cyber methods considered: passwords dial-back verification selective access virus scans encryption and encoding 21

Additional Countermeasures to Consider Implement access control with strong passwords Implement automatic reporting/intrusion detection features Create a multi-tiered access hierarchy Implement application level authentication and packet level data encryption Consider implementing public key infrastructure (PKI) When properly implemented, PKI certificates enable authentication, encryption, and non-repudiation of data transmissions i Implement properly configured firewalls and intrusion detection systems Have a defined Enterprise-level computer network security policy Ref: Concerns About Intrusion into Remotely Accessible Substation Controllers and SCADA Systems, Schweitzer Engineering Laboratories, www.selinc.com 22

Steps for Enhancing SCADA Security Establish a robust network architecture Eliminate trusted remote access points of entry Evaluate and deploy technology and approaches to enhance confidentiality, availability, and integrity Implement rigorous configuration management Provide adequate support and training Never become complacent! 23

Vendors Relatively few Mostly foreign Protocols Conclusions Several protocols being used Trend toward open protocols DNP 3.0 Protocol Example Emerging standard in the electric SCADA industry 24

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback