Improving SCADA System Security NPCC 2004 General Meeting Robert W. Hoffman Manager, Cyber Security Research Department Infrastructure Assurance and Defense Systems National Security Division, INEEL September 30, 2004
Orientation
National Security Division Mission Areas Homeland Security Combat Support/Demilitarization Nonproliferation/Counter-proliferation Intelligence Technology and Analysis Information and Communications Safeguards and Security
Critical Infrastructure Assurance Critical Infrastructure Test Range Wireless SCADA Cyber Security Transportation Physical Security systems Test Range Protocols
Infrastructure Interdependencies Problem: Given the increasing interconnections and interdependencies of our critical infrastructure systems, it is absolutely essential that we understand their vulnerabilities, so we can correct or compensate for them. Infrastructure systems were designed by engineers to address a specific need. Security, (physical or Cyber), is an after thought, if addressed at all.
Cyber Security Research Mission Provide internationally recognized Cyber Security resources capable of providing unique solutions to complex problems in the protection of our nation s infrastructure.
Genesis Tasked to protect the integrity of the INEEL production environment IT while enabling the successful completion of mission objectives. Areas of Expertise: Intrusion Detection Network Traffic Analysis Automated Modem War Dialing Incident Response and Reporting Operating System Vulnerability Assessment System Forensics Strategic Technology Assessment Unique Tool Development
SCADA / PCS assessment and mitigation Cyber Security Centric Engineering Design Review Comprehensive Remote and Onsite assessments Vendor / Industry interactive National SCADA Test Bed Control Systems Security & Test Center
Cyber Security Lab Problem: The risks to U.S. critical infrastructure from cyber attacks are real and evolving. Leveraged Solution: Utilizing multi-faceted capabilities from various design engineering components of the INEEL IT and RD organizations. Resources like the Cyber Security Lab can play an integral role in all aspects of solution development.
Vendor / Industry interactive System Arrives Sponsor path Provide baseline recommendations Baseline Identify Vulnerabilities Identify Script Kiddie concerns Generate Exploit Code Demonstrate examples of hostile activity Work with Sponsor To mitigate Assist in mitigation or T&E of same Determine acceptable level of risk Assess modified risk state Repeat Secure path Document Initial State Prioritize and classify (1-n) vulnerabilities Address most probable attack mechanisms at this layer Document vendor / sponsor modifications Evaluate / record effectiveness and impact
SCADA System Exploit Demonstration NPCC Task Force on Infrastructure Security and Technology, October 26 27, 2004 - Boston MA Afternoon Workshop split into two sessions Phase 1 Component Overview Attack demonstration and Impact Phase 2 Detailed configurations Hands On detection / mitigation
Typical Utility Network Architecture
Demonstration Overview Phase 1 Demonstration of cyber exploit on multiple levels Operating System Standard network protocol SCADA system protocol Network Component overview Assessment/Mitigation/Protection Strategies
Demonstration Overview Phase 2 Layered defense configuration Exploit/Defense interaction What does an IDS see during an exploit? What does a Firewall see during an exploit? Rule set configuration Security Tools of the Trade
Points of Contact Robert Hoffman, Manager Cyber Security Research hoffrw@inel.gov, (208) 526-8599, (208) 521-4247