process control networks security · 7 key words cyber security, critical infrastructure (ci),...
TRANSCRIPT
1
PROCESS CONTROL NETWORKS SECURITY
A Dissertation
Presented to
The Engineering Institute of Technology
by
Omar Salim Kidege
In Partial Fulfillment
of the Requirements for the Degree
Master of Engineering in
INDUSTRIAL AUTOMATION
AUGUST 2017
COPYRIGHT © 2017 BY OMAR SALIM KIDEGE
2
TABLE OF CONTENTS
List of Figures ................................................................................................................ 4
List of Tables ................................................................................................................. 5
Acknowledgement ......................................................................................................... 6
Key Words ..................................................................................................................... 7
Abstract ....................................................................................................................... 8
Chapter 1. Background Overview ................................................................................ 10
1.1 Introduction ..................................................................................................... 10
Chapter 2. Critical Infrastructures (CIs) Definition ..................................................... 12
2.1 Critical Infrastructure Threats ....................................................................... 117
2.2 Critical Infrastructure Attacks....................................................................... 119
2.3 Control Measures ............................................................................................ 21
Chapter 3. Process Control Network ........................................................................... 26
3.1 PCNs Definitions ............................................................................................ 26
3.2 PCNs Set up and Properties ............................................................................ 27
3.3 PCNs misconception ....................................................................................... 29
3.4 Importance of securing PCNs ......................................................................... 32
Chapter 4. Vulnerability, Risks and Threats ................................................................ 36
4.1 Previous Attacks ............................................................................................. 43
4.2 Zotob Worm Attack on Daimler Chryslers Manufacturing Plants ................. 44
4.3 Viruses Affected Process Control Networks (PCN) servers in Africa ........... 45
Chapter 5. Current State of PCN’s CIs Security .......................................................... 48
5.1 Major PCN’s vendors Security Practices ........................................................ 50
5.2 Siemens ........................................................................................................... 50
5.3 Schneider Electric/Invensys ............................................................................ 57
5.4 Honeywell Process Solutions .......................................................................... 61
3
5.5. Yokogawa Electric Corp ................................................................................. 64
5.6.1 Human Errors ........................................................................................... 64
5.6.2 Standards and security policies ................................................................ 65
5.6.3 Security solution ...................................................................................... 66
5.6.4 Network security and layers..................................................................... 67
5.6.5 Wireless in PCN ....................................................................................... 69
Chapter 6. Relevant Organization and standards ......................................................... 71
6.1 General PCN Security Recommendations ...................................................... 73
Chapter 7. Results of the review .................................................................................. 77
Chapter 8. Network management tools (NMT) ........................................................... 81
Chapter 9. State Model Diagram ................................................................................. 89
9.1 Command Lined Interface .............................................................................. 90
9.2 Internet Protocol Security (IPSec) standard .................................................... 98
9.3 Network address translation (NAT) .............................................................. 101
Chapter 10. Recommendation. ................................................................................... 105
Chapter 11. Conclusion. ............................................................................................. 107
4
LIST OF FIGURES
Figure 1 Sample Industrial Automated Control System Network (Eric K., 2011). ..... 26
Figure 2 High Security Network Architecture (Chee B., N. 2012) ............................. 29
Figure 3 The Reality of the Air Gap (Eric K., 2011). .................................................. 34
Figure 4 Vulnerability trend by (Tino H., 2012) ......................................................... 39
Figure 5 Stuxnet (Yokogawa B.,V, 2014). .................................................................. 42
Figure 6 Cybersecurity cost (David W,2014). ............................................................. 49
Figure 7 CERT Cooperation (Tino H., 2012). ........................................................... 52
Figure 8 Industrial security objectives (Tino H., 2012). .............................................. 53
Figure 9 Security requirements (Tino H., 2012). ......................................................... 53
Figure 10 Protection layers (Siemens AG.2012) ......................................................... 54
Figure 11 “Defense in Depth” strategy example (Siemens AG.2012) ....................... 55
Figure 12 Automation cell (Siemens AG.2012) .......................................................... 55
Figure 13 CISP Security implementation (Invensys O, 2015) .................................... 58
Figure 14 Layered Approach (Chee B., 2012) ............................................................. 62
Figure 15 ANSI/ISA–99 (Yokogawa B.,V, 2014) ....................................................... 65
Figure 16 Yokogawa security life cycle ...................................................................... 66
Figure 17 Network Architecture (Yokogawa B.,V, 2014)........................................... 67
Figure 18 Network Architecture (Lockheed M., 2015). .............................................. 73
Figure 19 ZENWorks unified console, Source. (Novel, 2017).................................... 86
Figure 20 SMD Higher level=0 (S. P. Maj, 2010) ....................................................... 96
Figure 21 SMD Level 01 source (S. P. Maj, 2010) ..................................................... 96
Figure 22 SMD Level 02 source (S. P. Maj, 2010) ................................................... 97
Figure 23 SMD with ARP table expanded source (S. P. Maj, 2010) .......................... 98
Figure 24 SMD of PIX firewall with IPSec source (S. P. Maj, 2010) ....................... 101
Figure 25 NAT SMD diagram ................................................................................... 104
5
LIST OF TABLES
Table 1 Sources, threats and targets of CIs (Warren M.J., 2008) ................................ 19
Table 2 Applications and Systems at Risk (Eric K., 2011). ........................................ 32
Table 3 Threat overview by (Siemens G., 2014) ......................................................... 41
Table 4 Security responsibilities (Tino H., 2012) ........................................................ 56
Table 5 Cyber Security Portfolio (Invensys O, 2015) ................................................. 59
Table 6 CISP Cyber security best practices (Invensys O, 2015) ................................. 60
Table 7 Review results ................................................................................................. 77
Table 8 Vendor Comparison ........................................................................................ 78
Table 9 NMT Features ................................................................................................. 83
Table 10 NMT Advantages and Disadvantages........................................................... 84
Table 11 ZENworks Features ...................................................................................... 87
Table 12 CLI source (S. P. Maj, 2010) ........................................................................ 91
Table 13 Steps to be followed for CLI ......................................................................... 99
Table 14 IPsec CLI Source (S. P. Maj, 2010) ............................................................ 100
Table 15 CLI for NAT ............................................................................................... 102
6
ACKNOWLEGEMENT
I Omar Salim Kidege first author developed this article in continuous effort to
decrease risks and threats within and across all critical infrastructure process control
networks and to share common process control network systems-related security
mitigation recommendations. I wishes to acknowledge and thank Dr. S Paul Maj
Associate Dean (Research), Engineering Institute of Technology whose dedicated
efforts contributed significantly to the completion of this article.
7
KEY WORDS
Cyber security, Critical Infrastructure (CI), Process Control Networks (PCN),
Intelligent Electronic Device (IED), Distributed Control System (DCS), encryption,
firewall, Industrial Control System (ICS), Defense in Depth, Demilitarized Zones
(DMZ), Intrusion Detection System (IDS), Intrusion Prevention System (IPS), policy
and procedures, Programmable Logic Controller (PLC), Supervisory Control and
Data Acquisition (SCADA) ,security zones and process control, State Model Diagram
(SMD) and Network Management Tools (NMT).
8
ABSTRACT
Critical infrastructure (CI) is the pillar of a nation's economy, health and
security. Infrastructure provides utilities to homes and both transportation and
communication systems that people depend on. The standard for defining what may
be a critical infrastructure, and which ones qualify, have been increasing over time. A
critical infrastructure is described as those properties, networks and systems, whether
virtual or physical, so fundamental to a country that their breakdown or destruction
would have a devastating impact on national economy, security, public health and
safety. There is an increase of infrastructures that require government protection,
hence governments will have to rank its efforts and try to reduce the effects on the
government’s critical infrastructures of any forthcoming breakdown of any kind such
as terror attack or systems crash while taking considering the effect and the risk level.
For systems to be regarded as critical, protection must be provided against all sorts of
crashes both natural and man-made.
The PCN is an integral part of Critical Infrustructure operations both business
and technical. However initially there was perception that PCNs are secure because
they are isolated from the communication network. But due to interconnections
between PCNs and IT networks in the CIs, security concerns and threats are ever
increasing. The main PCNs threats in CI are configurations, policy and technology. In
this case PCNs vendors have their ways of securing their networks in which most of
them agree that Defense in Depth is the way out to secure CIs PCNS. As per the
critical review carried out in this thesis most of the vendors give similar guidelines
with little depth on how to secure PCNs. To strengthen security guidelines Network
management tools and State Model Diagrams (SMD) will enhance configuration,
9
monitoring and management of complex PCN. This thesis will carry out critical
review of the CI Process Control Network Security vendor based and recommend the
best way to enhance PCN security. The thesis mostly utilized United States of
America (USA) critical infrastructures security guidelines as examples.
10
CHAPTER 1. BACKGROUND OVERVIEW
1.1 Introduction
Modern businesses depend mostly on automation and related communications
systems to be able to attain their goals. In particular, Process Control Network (PCN)
systems are vital to all angles of modern life and hence regarded to be categorized as
central nervous of critical infrastructure. Given that modern industries systems are
integrated i.e. Process Control Networks (PCNs) and may be connected to the internet
hence PCNs become subjected to potential security threats. According to (Sjoerd P.,
2010) PCNs could comprise of control points ranging from ten to thousands which
are straightly or distantly managed and the urge of actual data transfer hence they
make a highly complicated network which entail 24/7 obtainability. Due to the
criticality of PCNs governments have created laws and rules to identify critical
infrastructures and ensure that they abide to rules to secure networks. For instance in
USA - In October 1997 the President’s Commission on Critical Infrastructure
Protection (PCCIP) in the US defined Critical Infrastructure as “a network of
independent, mostly privately-owned, man-made systems and processes that function
collaboratively and synergistically to produce and distribute a continuous flow of
essential goods and services” (W.D.Wilde and M.J.Warren, 2008). To emphasize
how critical PCN in a Critical Infrastructure is Lean E Panetta (Former US secretary
of defense) iterated “A Cyber-attack perpetrated by nation or violent extremist group
could be as destructive as the terrorist attack in 9/11’’ (Garamone J., 2012).
According to (Garamone J., 2012) major world's oil companies have suffered cyber-
attacks. For instance in the Middle East companies such as Saudi Aramco was
hacked and heavy damage to computer network system was experienced.
11
As the complexity of cyber-attacks rises, ability how to protect critical
infrastructure systems such as energy production, gas, water, and other crucial
systems become essential and heavily required (Eric K., 2011).
In response to these incidents, government initiatives, vendors such as
Siemens, Honeywell, Yokogawa, Schneider and many more offer principles for
implementing the best network security strategy which will enhance security (Tino
H., 2012). Some of the measures suggested by vendors Siemens such as creating
multilayer of protection. “Defense in Depth” You should not rely on just one layer,
measure are in place but not everyone apply them (Tino H., 2012).
It is vital to understand directives from related standard organizations for
instance North American Electric Reliability Corporation Critical Infrastructure
Protection (NERC-CIP), Federal Information Security Management Act (FISMA),
Chemical Facility Anti-Terrorism Standards (CFATS), and the control system
security proposals of National Institute of Standards and Technology (NIST) Federal
Information Security Management Act (FISMA) regardless of the industries
criticality. Because this organizations offer baseline for great best practices for
Process Control Networks Security even though they have certain weaknesses (Eric
K., 2011). The thesis also critically analyze vendor base guidelines and offer clear and
better understanding to both IT Engineers and Process Control Engineers and help
them bridge the gap so that they can work as team and not as different parties to keep
PCNs secure.
12
CHAPTER 2. CRITICAL INFRASTRUCTURES (CIS)
DEFINITION
There are several definitions of CI which are based on industries, governments
and experts in the national security and information technology. The term “Critical
Infrastructure” is defined as “systems and assets, whether physical or virtual, so vital
to the United States that the incapacity or destruction of such systems and assets
would have a debilitating impact on the security, national economic security, national
health or safety, or any combination of those matters.” (DCSINT H., 2006)
Below are the subdivision of the CIs
1. Physical – These comprise of both physical properties such as facilities real
estate, components, products and animals while the nonphysical e.g.
information. Physical security seem to be more difficult task when it is
regarded that 85% of the government’s critical infrastructures are private
owned. Proper security of physical assets need teamwork among all private
sectors and governments.
2. Human – These comprise of personnel to be secured and the staff who could be
a threat (e.g., due to restricted control systems access, operations, and highly
confidential information). These staff need special protection to prevent
unwanted actions.
3. Cyber – These consist of software, information hardware, data, and core system
such as Process Control Network (PCN) and Information Technology (IT)
which may cause disturbances, damages, and even fatalities (DCSINT H.,
2006).
13
In other definitions, Canadian government refer Critical infrastructures as
processes, facilities, systems, technologies, networks, assets and services important to
the health, environment, safety and security or economic well-being of Canadians
and the effective working of government ( Government C, 2015). The critical
infrastructure offers vital services that reinforce American society and act as the
pillars of nation's economy, security, and health. It is known that the power used in
the homes, the water we drink, the transportation, the stores, and the communication
systems are fully required to keep the family intact and informed (Security, 2016).
Never the less Elsevier in (S.Shenoi, 2017) elaborated CI further as follows: “These
critical infrastructure sectors include: information technology, telecommunications,
energy, banking and finance, transportation systems, chemicals, critical
manufacturing, agriculture and food, defense industrial base, public health and health
care, national monuments and icons, drinking water and water treatment systems,
commercial facilities, dams, emergency services, nuclear reactors, materials and
waste, postal and shipping, and government facilities”.
In addition, Critical Infrastructures were further defined by the Critical
Infrastructure Assurance Office (CIAO) to consist of food and agriculture such as
production, storage, and circulation, and various products such as aluminum, steel,
iron, and other finished products, etc. Health care industry, and the educational
system are also included. The CIAO defined infrastructure as “the framework of
interdependent networks and systems comprising identifiable industries, institutions
(including people and procedures), and distribution capabilities that provide a reliable
flow of products and services essential to the defense and economic security of the
United States, the smooth functioning of governments at all levels, and society as a
whole” (Warren M.J., 2008).
14
Further more critical infrastructures were regarded as any facilities or
technologies that if damaged or made inaccessible for certain time would heavily
affect government economy and social wellbeing of the society (Wangdi Y., 2011).
International Bodies e.g. European Union (EU) defines CI as follows; An EU critical
infrastructure is an “asset, system or part thereof located in Member States which is
essential for the maintenance of vital societal functions, health, safety, security,
economic or social well-being of people, and the disruption or destruction of which
would have a significant impact in a Member State as a result of the failure to
maintain those functions” (European C., 2013).
Critical infrastructures were also identified as those divisions of infrastructure
that if damaged would cause significant risk to needed supplies (e.g., food, energy,
medicines) and services such as police, fire, and EMS, and communication or a
substantial loss of service coverage or effectiveness (Richard L Church, 2008).
CIs are those systems that offer vital support services to a country, geographic
area for a commercial entity; when they collapse, there is possibility of large loss of
human life, the environment or financial markets (Egan M., 2007).
In other CI definition, sections and departments of the Dutch national
infrastructure are that essential to the Netherlands that significant failure or even loss
of service could cause severe repercussions to the Dutch society, government and
industry as well as to neighboring countries. At the beginning of year 2002, the Dutch
government started the critical infrastructure protection project ‘‘Bescherming Vitale
Infrastructure’’ with the goal to develop an integrated set of strategies to secure the
critical infrastructure of government and industry (Eric A.M.L., 2003).
15
Varying the definitions to echo present worries has led to flexibilities but has
also led to some uncertainties about CIs definitions. Therefore, the proliferation of
critical-infrastructure sectors has added difficulty to an existing complicated field. To
come up with basic principles that guides functioning and clear connections, it is wise
to combine thoughts into coalescing ideas and a less number of sectors crated on
shared traits (O’Rourke T.D., 2007).
This lead to the concept of a “lifeline system” to measure the functioning of
enormous, geographically dispersed networks during earthquakes, hurricanes, and
other hazardous natural events. Lifelines are grouped into six main systems: gas and
liquid fuels, electric power, transportation, telecommunications, water supply and
waste disposal. Considering these systems are integrated with the financial well-
being, security, and social fabric of the societies they support. Utilizing lifelines
concept, it clarify characteristics that are common to crucial support systems and
offer awareness into the engineering trails to enhance the functioning of large Process
Control Networks (O’Rourke T.D., 2007).
Never the less “Critical Infrastructure” is referring to a vital “network”
infrastructure, comprising any network utilized in the direct functioning of any
system upon which one of the defined “critical infrastructures” relies. This could be
the main reasons that critical infrastructures still at risk today because most of PCNS
security seminar has rumbled into a disagreement over semantics, instead of actual
fruitful discussion on the PCN security. (Eric K., 2011).
Fortunately, the two terms are closely connected in that the defined critical
infrastructure means those systems listed in the Homeland Security Presidential
Directive (HSPD)(Eric K., 2011).
16
HSPD-7 sets up a national policy for Federal departments and agencies to
classify and rank United States critical infrastructure, key resources and to shield
them from terrorist attacks. HSPD-7 comprise of public safety, bulk electric energy,
nuclear energy, chemical manufacturing, agricultural, pharmaceutical, manufacturing,
distribution, and even features of banking and finance: essentially, anything whose
interruption might affect a nation (Eric K., 2011).
Finally (Wikipedia, 2006) defines critical infrastructure as a phrase applied
by governments to portray resources that are vital for the running of a society and
economy. Usually associated with the phrase are entities for:
Electricity power generation, transmission and supply;
gas production, transport and supply;
oil and oil products production, transport and supply;
telecommunication;
water supply (drinking water, waste water/sewage, stemming of surface water
(e.g. dikes and sluices));
agriculture, food production and supply;
heating such as natural gas, fuel oil and coal
public health such as hospitals and ambulances
transportation systems such as railway network, airports, , inland shipping
and harbors
financial services such banking, stock exchange and share trading
Security services such as police and military
Nevertheless, the definitions are endless but all they emphasis on the same
core principal part which is that if critical infrastructure’s security is breached it will
harm big number of human life in one way or another. What are the threat associated
with CI?
17
2.1 Critical Infrastructure Threats
According to (Newark C.A, 2005) CI threats are categorized in three groups
which are:
1. Natural Threats – weather and geological hazards e.g. Tsunami and
earthquakes etc.
2. Human Threats – Terrorism which comprise of cyber-attack and bombing etc.
3. Accidental or Technical Threats - transportation accidents and failures,
infrastructure failures and hazardous material accidents
The danger CIs facing is that cyber threats today are “significant and
evolving,” therefore as threats are changing neither can the defenses be still. The
Homeland Security Department manages the federal effort to secure the 16 critical
infrastructure sectors. DHS occasionally updates its National Infrastructure Protection
Plan and issues sector-specific plans to narrow down into specific critical
infrastructure (Michelle H., 2016).
According to (Michelle H., 2016) “I know it can be a bit overwhelming and
hard to get your arms around. I find it helpful to break that threat down and there are a
number of ways that you can do that you can think about it in terms of the variety of
actors, [or] you can think of it in terms of the variety of effects”
Regarding adversaries such as burglars, vandals, spies or saboteurs, Spaulding
suggested that vandals enjoy attacking websites to prevent access of service mostly
for political goals, and sometimes just for fun. Burglars mainly steal personal data for
selling and money from their victims. This group also contain stealing of academic
information or technology. “Some of that intellectual property theft might be
18
industrial espionage. But much of it is probably done by nation states who are trying
to advantage their nation. So that moves us into spies who are stealing traditional
national security [information], spy versus spy,” she said. (Michelle H., 2016).
The attack of PG&E Metcalf power substation near San Jose, California, as
per investigators two attackers were involved , both of whom are unknown.
According to Jon Wellingoff, who was the chairman of the Federal Energy
Regulatory Commission during the attack, “the most significant incident of domestic
terrorism involving the grid that has ever occurred” in the U.S. But according to
Federal Bureau of Investigation (FBI) the attack was “lone wolf” which recently have
been warned about (Jared F., 2014).
For instance, James Clapper who was Director of National Intelligence warned
during annual global threat assessment conference that “homegrown violent
extremists will likely continue to pose the most frequent threat to the US Homeland,”
particularly “those who act alone or in small groups” (Jared F., 2014).
A series of coordinated attacks towards oil and gas sector were discovered by
McAfee in 2011 which were thought to originate from China. The attack was termed
as Night Dragon fortunately no serious damage was experience but theft of sensitive
information although the intension was unknown.
Additionally, Secretary of Homeland Security Jeh Johnson warned that “lone
wolf” attacks are “the terrorist threat to the homeland—illustrated last year by the
Boston Marathon bombing—that I worry about the most; it may be the hardest to
detect, involves independent actors living within our midst, with easy access to things
that, in the wrong hands, become tools for mass violence” (Jared F., 2014). Below
table shows threats sources and their targets.
19
Table 1 Sources, threats and targets of CIs (Warren M.J., 2008).
Finally, the ecowarriors are out to demolish assets significant to their
targets. “That's one of the most concerning aspects of cyber security threats that we
look at today, threats to industrial control systems to supervisory control and data
acquisition (SCADA) systems,” Spaulding said. “Those are the cyber-attacks that can
have physical consequences that could be quite significant.” (Michelle H., 2016).
2.2 Critical Infrastructure Attacks
According to (DCSINT H., 2006) attacks on CIs can be categorized as direct
or indirect effect to the Infrastructure. Direct attack might cause a stoppage or
disruption of the functions or processes such as the attack on World Trade
Organization on 9/11 which resulted disruption of critical processes of the business.
20
On the other hand indirect attack causes chain of effects such as loss of lives, jobs and
financial damage to the economy.
(DCSINT H., 2006) emphasizes that indirect attack causes more harm than
direct because the saboteurs uses an Infrastructure as a means to destroy other
Infrastructure which lead to double losses. The real example of this was 9/11 whereby
transportation system was used as means to destroy business and financial
Infrastructure and loss of lives too. It also affected defense Infrastructure such
Pentagon which is the heart of security and defense of the whole country. Hence
interdependency of CIs is essential but also poses more risk in case of attack occurs
on any of the linked infrastructures.
Below diagram shows that different critical infrastructures rely on each other.
It also indicates that when one infrastructures fail, others will be affected too as long
as they are interlinked.
Figure 1 Critical Infrastructure depending on each other (Rosslin J. R., 2013).
To strengthen the issue of threat and attacks that is not just theoretical.
Triumphant cyber-attacks have interrupted parts of the CIs in the U.S. and other
21
places. The latest being a successful attack in 2015 which knocked out portion of the
Ukrainian power grid, exposing 700,000 homes and businesses in the dark (Michelle
H., 2016). Disturbingly, the same saboteurs were also involved in hacking US energy
sector which led to the Industrial Control Systems Computer Emergency Response
Team (ICS-CERT) in 2014 (Brett B., 2016).
To deepen the roots on the issue of attacks happening in real life, U.S.A was
not left out of the circle. According to (Brett B., 2016) U.S. Justice Department
indicted seven hackers purported to be from Iranian regime. They executed a well-
organized attack targeted 46 essential financial and the Dam out skirt of the New
York City. In addition to that, Verizon investigators reported that, in USA water
industries cyber-attack which altered process flow set points and the quantity of
chemical required possibly the most horrifying situation (Bret B., 2016).
2.3 Control Measures
According to (Eric K., 2011) “to stop a hacker, you need to think like a
hacker”, meaning that in order to effectively protect against a cyber-attack the
engineer need to think like one trying to hack your network. This idea still has value,
except that now the “hacker” can be thought of as expert of control systems, as well
as significantly having more tools, means and highly inspired. To add on that
(DCSINT H., 2006) emphasis by saying that “To build and implement a robust
strategy to protect our critical infrastructures and key assets from further terrorist
exploitation, we must understand the motivations of our enemies as well as their
preferred tactics and targets.”
Based on that, different sectors are proceeding at different speeds, some are
proactive to cyber threats while others reactive. Furthermore, according to (Michelle
22
H., 2016) “There are some sectors that have got a head start on others when it comes
to cyber security and cyber defense,” For instance financial sector since 1990s was
already at the forefront of digitizing banking and all of the various financial services.
Currently all sectors have inter-relationships fostered by computers and the
digitization of their businesses. As a result they are progressively vigilance in regard
to cyber security (Michelle H., 2016). Nevertheless changes are on the rise to firm up
the defenses and to the speed of the ever-developing threat. The growth in the threats
is compared by variation to the targets. Whereby security previous struggle was
targeting operational technologies and information technology, — “those things that
control the widgets and gears and gadgets in our world today” — are pleasant more
and predominant. Due to this, they are exposed to potential attacks increased same as
the hackers are becoming enhanced at discovering and abusing vulnerabilities
(Michelle H., 2016).
(Michelle H., 2016) also added that “When you think in terms of security and
information technology, corporate systems business systems, there's a whole other
world that greatly increases the security exposure,” he said. “That's operational
technology, and so we deal with that across all of the various sectors from
manufacturing to nuclear power generation. [It’s an] absolutely fascinating world with
all the security concerns associated with it.” He (Michelle H., 2016) believes that
while securing the critical infrastructure, it incorporates physical security as well, it is
not advisable to think that system is secure because of the operational technology in
hand.
He stressed further in his article, “I think most folks take a look at critical
infrastructure and kind of believe that some of the critical infrastructure is largely
23
isolated from a cyber-security attack. I disagree,” he said. “I believe that all 16 critical
infrastructures are increasingly vulnerable and have an attack surface that could be
exploited through cyber-attack. As we see the advent of the internet of things, we see
increasing digitization of business processes and the like, every sector is vulnerable to
cyber-attack and needs to take cyber security seriously.” (Michelle H., 2016)
In order to tackle security issues, the Federal Energy Regulatory Commission
(FERC) sanctioned eight cyber security and critical infrastructure defense standards
suggested by Natural Environment Research Council (NERC). Though, there is
substantial flexibility in relation to their implementation. For instance, NERC-CIP-
005 Requirement 4 (R4) states:
“The responsible entity shall perform a cyber-vulnerability assessment of the
electronic access points to the electronic security perimeter(s) at least annually.”
(Michelle H., 2016).
Clearly, there are different tactics of safeguarding the electronic perimeter, as
stated by (Zahid A., 2008) that firewall deployment and access control are among the
most popular ways.
Likewise, CIP-009 Requirement 2 (R2) deliberates the defense impacts of
operating procedures and disaster recovery practices, their comparative arrangement,
time limits and requirements (Zahid A., 2008). Based on the risk, these measures may
comprise of changes in techniques, tactics such as; adding redundancy; assets
selection; segregation or strengthening; protection, etc. (DCSINT H., 2006).
24
Furthermore, USA government have assigned special department to follow
and ensure security measures of critical infrastructures are up to the required
standards.
The Department of Defense Directive 3020.40, dated 19 August 2005
established the Defense Critical Infrastructure Program (DCIP). The directive requires
the Army to establish, resource and execute an organizational critical infrastructure
program. The directive set responsibilities for each of the different sectors of the
DCIP (DCSINT H., 2006):
DEFENSE SECTOR LEAD AGENT
Defense Industrial Base (DIB) Director, Defense Contract Management
Agency
Global Information Grid (GIG) Director, Defense Information Systems
Agency
Financial Services Director, Defense Finance & Accounting Service
Health Affairs Assistant Secretary of Defense of Health
Affairs
Intelligence, Surveillance, and Director, Defense Intelligence Agency
Reconnaissance (ISR)
Personnel Director, DOD Human Resources Activity
Logistics Director, Defense Logistics Agency
Public Works Chief, U.S. Army Corps of Engineers
Transportation Commander, U.S. Transportation Command
Space Commander, U.S. Strategic Command
25
To strengthen and ensure security Australian government also issued security
policy to CIs operators to abide with. The Licensee must abide all the times with the
security conditions in regard to the Datasets with a categorization of unclassified –
(DLM) for Public Announcement and unclassified – (government use only) for
Uncertain datasets. The guidelines were as follows:
Authorized users only are allowed to view recorded information from the
dataset.
Complete or partial data set to be stored as government security guidelines
such as Protective Security Policy Framework (PSPF) and Information Security
Manual (ISM) (Australian Gov., Nov 2016).
So far the measures taken and discussed above are on wider view or higher
level, but the truth is, almost all CIs rely on automation to be able to deliver services
to the public. The automation is in the form of Process Control Network (PCN) which
could be consist of different vendor based control systems such
SCADA,DCS,APC,PLC and etc.
Therefore securing the CIs require PCNs to be secured and protected from any
type of attack and also ensure if it happen it should be able to be brought back online
quickly in order to lessen the impact.
26
CHAPTER 3. PROCESS CONTROL NETWORK
An industrial network is typically made up of several distinct areas, which are
simplified here as a business network or enterprise, business operations, a supervisory
network, and process and control networks, and Supervisory Control and Data
Acquisition (SCADA). Regulatory and Data fetching, is one of special part of
industrial network which should is also termed as Industrial Control Systems (ICS),
Distributed Control Systems (DCS), or Process Control Systems (PCS). Each section
have separate logical, physical security and policies implications, concerns. (Eric K.,
2011).
Figure 1 Sample Industrial Automated Control System Network (Eric K., 2011).
3.1 PCNs Definitions
PCNs are system nets that typically comprise of actual Industrial Process
Control Systems (PCSs) utilized to observe and regulate from a distance or local
industrial machines for example pumps, motors, valves, and relays, etc. They are
27
utilized in all types of (manufacturing) surrounding. For instance the environments
consist of oil and gas pipelines, chemical plant processes, electrical generation,
transmission equipment, manufacturing facilities, water purification and supply and
traffic signal management infrastructure utilizes PCN (Alvaro A. C., 2008).
Many of the Critical Infrastructure Systems are Regulators systems operating
the World's critical national infrastructures such as power generation, distribution,
water, communication and transportation. Supervisory Control and Data Acquisition
Systems (SCADA) is the core to this Critical Infrastructure Systems. (Rosslin J. R.,
2013).
Other types of Control systems are computer-based systems that oversee and
regulate actual processes. These systems symbolizes extensive diversity of linked
information technology (IT) systems associated to the actual world. Based on the
function, they may be referred as Process Control Systems (PCS), Supervisory
Control and Data Acquisition (SCADA) systems (critical infrastructures control
system) and Cyber-Physical Systems (CPS). Control systems are comprised of
actuators, sensors, communication devices and control processing units. Many of
them have a ranked structure (Alvaro A. C., 2008).
3.2 PCNs Set up and Properties
The consistent operation of current infrastructures rely on automation and
SCADA systems. SCADA is comprised of data collection, data transmission it to the
main site, executing required functions such as analysis, regulatory and graphic
representation for Human machine interface and finally produce gives out put back to
the process in form of MV movement. Usually SCADA systems comprise of Main
28
Station, distant located equipment such as RTU, PLC and IED and the
communication path such as field bus (Rosslin J. R., 2013).
On the other hand, as per (Alvaro A. C., 2008) PCNs are composed of
hundreds and many distantly managed regulatory points, hence make complicated
infrastructures. Many of the control points need current and actual data, a high
redundant and secure environment.
For further understanding (Norea D.B., 2016) has further elaborated PCN
contents as subsystems such as:
A human–machine interface or HMI is the machine or device which display
process information to a human operator, and in which he observe and
regulate the process;
A supervisory (computer) system (Master Terminal Unit or MTU), fetching
information on the process and in return manipulate the process based on the
configuration.
Remote terminal units (RTUs) linking the sensors in the process, changing
analog signals to digital information and transmitting it to the supervisory
main system;
Programmable Logic Controllers (PLCs)
Remote Instrument Building as communication infrastructure linking main
supervisory system and remote terminal units;
Different analytical and process instrumentation such as analyzers
The operator can access HMI which is connected with Master Terminal Unit.
The core of PCN is the MTU which controls RTU which in turn monitors remote
PLCs which are connected to several sensors and actuators. In summary, production
process plant will have different production machines which includes the PCNs to
observe and regulate these Infrastructure. Based on location distribution they are
29
linked via LAN/WAN to main control center and business networks (Norea D.B.,
2016).
Below is an example PCN by (Kevin S., 2016).
Figure 2 High Security Network Architecture (Chee B., N. 2012).
3.3 PCNs misconception
As per (Norea D.B., 2016) the usual PCNs misconceptions are:
Special protocol and patent connection usage via anonymity can enhance
security of PCN
PCNs need expert intelligence to increase difficult of network intrusion and
access control;
PCNs are located on an actual isolated area, with separate network;
PCN and other business networks communication are secured by robust
access controls;
PCNs are not linked to the internet hence they are secure
Other misconceptions are:
30
“Our production systems are completely isolated from outside access.”
During analog error in early 80s the above understanding was correct. As
operators and engineers moved to PC-based controls, using HMI to show the facility
processes in actual time. PCN and Business network have also been linked and can be
accessed from the internet. In his book “The Art of Intrusion,” expert Kevin Mittnick
made it clear how intruder, similar to a neophyte, can penetrate the network through
internet (Mitnick Kevin D., 2005). It is usual habit for PLC to have access to the
internet. According to a major vendors of PLCs, most of their products are sold with
internet services permitted. Although their study indicate that 13% of customers only
configured and utilize the internet services while the remaining they don’t reconfigure
the web access password and use the default instead. (Dr. Samuel G. V., 2008).
“Our system is secure because it would be impossible for an outsider to
understand it.”
It is termed as “security by obscurity” and has repeatedly revealed to be an
incorrect notion. If the vulnerability in high number of “indecipherable” computer
operating system code could be penetrated because the basic logic education of a
Digital Regulatory System gives less hurdles. Designed for safety, systems are
engineered to carry out emergency shutdown when any of the dangerous conditions
are sensed by instruments. Understanding the trip logics is easier than understanding
the whole process (PHOENIX C., 2005).
31
“We’re not a likely target. We’re not important or interesting enough to
attract hackers.”
According to (Dr. Samuel G. V., 2008) many personal computers are tested
for antivirus and patches online every day. Data communication online is major
source of Trojans, viruses and worms to be transferred and affect control system. This
does not depend on intension it’s random and may affect any computer in the web. In
China it’s termed as “Unrestricted Warfare,” by Chinese’s People Liberation Army
and currently they call it Integrated Network Electronic Warfare.
“We’ve never had a problem. There has been no intrusion or disruption
in our production network.”
According to (PHOENIX C., 2005) “Eligible Receiver” attack on U.S.
Department of Defense networks the DOD installed Intrusion Detection Systems
(IDS). Based on results from IDS, it showed that the network was being tried to be
penetrated frequently. Then the notion that “It hasn’t happened yet, so it seems
unlikely. I don’t think it will happen.”
“We can’t justify the expense and manpower.”
As the say goes “if you don’t repair the crack then you will build the whole
wall”. The cost of security is a fraction of 1% of the budget while the return is high.
With latest technology a network of security can be upgraded by few technicians
rather than IT managers. No loss of production will be incurred due to upgrade. To
justify security upgrade consider “What will we suffer if a disaster shuts us down?”
(Eric K., 2011).
Below table shows systems which pose to be at risk
32
Table 2 Applications and Systems at Risk (Eric K., 2011).
3.4 Importance of securing PCNs
According to (Eric K., 2011) the necessity to enhance the security of industrial
networks cannot be exaggerated. Most of the industrial systems are designed with
legacy devices while other scenarios, operating legacy procedures that have
developed to function in routable networks.
Initially, all systems were designed mainly for reliability that was before
eruption of Internet connectivity, actual-time data systems, web-based applications,
and energy. At the time, boundary or actual security was a major worry while data
security wasn’t an issue, this was when security was air tight and internet connection
was a night mare. This was due to physically network isolation to any outside source.
The figure below illustrate the separation.
33
Figure 4 Air Gap Separation (Eric K., 2011).
Even in digital communication the bridge or air gap will be also there but in
reality there is none.
Due to development of internet, the need of actual data increases and hence
the air gap has to disappear in order to achieve real time communication among
different organizations and networks. Normally, a firewalls are utilized for controlling
and blocking data traffic unless it’s essential for business operation efficiency.
Regardless of the importance of the data allowed via fire wall, the gap doesn’t exists
anymore and connection to the critical systems exists. Any connection or path spotted
by the hackers can be utilized to exploit the system. (Eric K., 2011).
Below is the actual connection of the current network systems.
34
Figure 3 The Reality of the Air Gap (Eric K., 2011).
Generally Industrial networks are accountable for manufacturing and process
operations in all dimensions. Therefore, any successful intrusions of the PCNs may
lead to direct impact to the processes which may lead to potential dangerous
repercussions penetration. This is because it may change chemical reactions in a
process or even loos of control of nuclear reactor temperatures which could be
catastrophic (Eric K., 2011).
(PHOENIX C., 2005) reported that according to Internet blogs and reports,
hackers have started to find out that Distributed Control Systems (DCS) and SCADA
(Supervisory Control and Data Acquisition) and are “cool” to penetrate. Therefore
hacker’s eager has tremendously gone up and attempt to hack control systems started
rising after 2001. In-Depth News Agency interviewed a security specialist, PBS
35
Frontline, the analyst said it takes less than two minutes to penetrate SCADA system
running on Microsoft Operating system. Therefore SCADA, DCS, Programmable
Logic Controllers (PLCs) and other base control systems utilized in oil and gas
refineries, power plants and grids, pipeline pumping stations, air traffic and railroad
management, chemical plants, pharmaceutical plants, automated beverage and food
lines, automotive assembly lines, industrial processes, and water treatment plants for
many years ago hence they fall under threat.
Securing PCNs has become essentials because of the risks and possibilities of
attacks. Some of the possible impact are as follows: (Tino H., 2012).
Risk of loss of lives and serious assets damage
Environmental effect
Loss of academic data
Loss of production or impaired product quality
Damage to company reputation and economical loss
36
CHAPTER 4. VULNERABILITY, RISKS AND THREATS
Vulnerabilities or Susceptibilities are features of system, an installation, asset,
application, or its sub systems that might lead to loss or malfunction when is
subjected to certain threat level. For instance, geographical location can be a major
cause if more than one CI are located in one place hence an attack on one CI can
heavily affect the other. This means that they are all susceptible to distraction of the
same attack or events. (Parfomak P.W., 2008).
Most of the CIs which normally are geographically located within each other
proximity for example in USA are:
Transportation — More than 33% of U.S. waterborne container shipments sail
via the ports of Los Angeles and Long Beach (Parfomak P.W., 2008).
Transportation — More than 37% of U.S. freight railcars sail via Illinois and
more than 27% of freight railcars sail via Missouri.
Hazardous Materials and Chemical Industry— More than 38% of U.S.
chlorine manufactures are situated in coastal Louisiana.
Public health and health care — 25% of U.S. pharmaceuticals companies
located in San Juan Metropolitan Area, Puerto Rico.
Energy — 43% of U.S. oil refineries situated along the Louisiana and Texas
coasts
Based on (Security D.H., 2008), risk have been described as the likelihood of
an incident occurring due to threat, multiplied by impact of the incident happening.
Previously, security was not considered while designing PCNs. Mainly they were
meant to control processes and industries and that’s was all. But due to current
integration with business IT systems hence the PCNs are no longer safe and physical
gap does not exist. These two aspects in many lead to new security threats.
37
According to (Security D.H., 2008) some of the common issues with design
and maintenance of PCNs which are major causes in of PCNs vulnerabilities increase
are as follows:
1. Insufficient policies, techniques and measures guiding control system security.
2. Badly constructed PCNs that crashes to classify communication connection
and fail to engage adequate “defense-in-depth” tools, fail to prevent “trusted
access” to the control system network, that depend on “security through
obscurity” as a security apparatus.
3. Wrongly arranged operating systems and implanted devices that permit new
ways and functions to be implemented; impossible installation of software
and firmware updates; insufficient or impractical (such as robotic arm) testing
of updates before implementation.
4. Usage of wrong or defective safeguarded wireless network. Use of non-
isolated communication stations for command and regulate and non-
predictable communication like Internet-based PCNs. Insufficient verification
of control system communication-protocol traffic. 5. Inadequate mechanisms
to spot and prevent maintenance or administrative entry to control system
mechanisms; Lack of identification and control of modems fitted to aid remote
connection; weak password ethics and maintenance customs; less usage of
VPN arrangement in control system networks.
5. Usage of old and outdated tools to spot and report on strange or suspicious
activity in the volumes of correct control system traffic.
6. Double usage of critical control system low-bandwidth network tracks for
noncritical traffic or unlicensed traffic.
38
7. Lack of ideal periphery checks in control systems that may turn to “buffer
overflow” or collapse in the control system software.
8. Inadequate management of change on control system software and updates.
In addition to the above flaws, security threats may be not only external, but
internally based (Security D.H., 2008).
According (Eric K., 2011) security specialists at Red Tiger Security exhibited
research in 2010 that obviously shows the current state of security in industrial
networks. Intrusion tests were done on several North American electric power plants,
results was that vulnerabilities and warning were overwhelming. This lead to further
investigation to be carried out sponsored by DHS to identify common malicious
vectors in order to enhance critical system security from attacks. The feedback was
further analyzed by Black Hat and shows that critical industrial network system were
far behind and susceptible to attacks throughout the year. In worst scenarios, there
were systems which were almost three years overdue for update.
What does this shows us? It shows that there are known susceptibilities that
permit intruders’ and cyber criminals’ access into critical control networks. A
susceptibility that has been identified is readily available freely from open source
penetration testing utilities for example Backtrack and Metasploit. This make it easy
to misuse of tools and be available to many which increases risk to the industries
critical system networks (Eric K., 2011).
It should not be a shock that there are famous susceptibilities within process
control network systems. Process control network systems are by default hard to
patch. By deliberately restricting (or even better, eliminating) access to the Internet
and other networks, just by getting patches can be challenging. Since dependability is
39
vital, in reality patching could be challenging and can only be done during shutdown.
This means that patching will be almost impossible and system will be unpatched and
won’t be secure. Therefore vulnerabilities disclosure need to enhanced because of
current wave changing from wireless to clouding computing and sudden increase in
mobile gadgets in the control systems (Eric K., 2011).
Below is the graph showing vulnerability trend.
Figure 4 Vulnerability trend by (Tino H., 2012).
Previously, PCNs were physically disconnected from other networks such as
internet and other outside networks. That is why it was assumed that PCNs were
secure from outside attacks. The introduction of Internet with TCP/IP and
interconnection with PCNs and business network, there has been substantial benefits
to Process Control Network systems. Advantages comprise of efficiency via
interconnection with suppliers, clients and remotely managing of the systems. These
permitted the control of different sophisticated, physical separated and bigger PCNs.
40
Nonetheless, this improvement in network structure and management came at huge
price of the vulnerabilities and risks introduces to PCNs (Sjoerd P., 2010).
Currently almost all CIs use PCN which could comprise of, SCADA, PLC,
RTU, and DCS as core control system. They are usually linked to the network and
business network which make the PCNs vulnerable to penetration by outsiders if not
well secured. Anyone or an organization with hateful intent might interfere the
process operation of the system by disrupting data flow through process control
networks. They may do unauthorized alteration to programmed instructions in the
PLC's, RTU's and DCS controllers which may lead to unsafe situation (Parfomak
P.W., 2008).
As the internet connections increases from the field level to the business
network, the related security concerns urgency become vital for industries.
Furthermore, open communication and the increased networking of production
systems consist not only big opportunities, but also high risks and vulnerabilities. To
offer an industrial plant with complete security protection against cyber-attacks and
intruders, the suitable strategy must be made. (Siemens G., 2014).
41
Table 3 Threat overview by (Siemens G., 2014).
According to (Yokogawa B.,V, 2014) new threat associated to process control
systems was uncovered in July 2010. It is was a sophisticated malware known as
Stuxnet, which was aimed for Siemens PLC systems. Prior the discovery of Stuxnet,
malware were not considered as a threat to process control systems. Nevertheless, the
arrival of this latest malware crushed this optimistic opinion. Later, many other
malware related to process control malware surfaced. Stuxnet was followed by
DUQU, Flame, and Red October among many others were discovered.
In general statistics from Yokogawa as well as Process Control industries
indicate that there is an increase in security incidents proportional to the number of
threats. These statistics were gathered from threats from all industries. Even though
not all were associated with process control systems, but it was clear that PCNs was
42
becoming one of the important and critical target (Yokogawa B.,V, 2014). Below
figure shows how the Stuxnet worked
Figure 5 Stuxnet (Yokogawa B.,V, 2014).
How Stuxnet worked
Alongside security threats caused by technology development, cyber-security
threats were present for instance: unintentional (human errors) actions leading to
security incidents; internal and outsiders with hateful intent (Yokogawa B.,V, 2014).
According to (Rosslin J. R., 2013) threats to CIs can be categorized into 3
groups which are:
1. Natural threats,
2. Human-caused,
3. Accidental or technical.
43
Natural threats comprise of weather issues such as hot and cold climates,
geological hazards e.g. earthquakes, land shifting, tsunamis, and volcanic emission.
These threats affect heavily CIs especially Transportation sector. For instance, in
1995 Japanese critical Infrastructures was destroyed by earthquake. This affected the
road to Japan's largest container shipping port of Kobe. In addition, steel
manufacturers and chemical manufacturer’s transport system were also affected
(Rosslin J. R., 2013).
On the other hand, terrorism is the one referred as Human-caused threats. This
could comprise not only rioting, cyber-attacks, product fiddling but also bombing and
explosions.
Nevertheless Accidental and technological menaces include comprise of
failures and transportation accidents, hazardous material spill accidents and
infrastructure failures (Rosslin J. R., 2013).
According to (Tino H., 2012), there are other potential threats such as
Spying on data, formulae
Disruption of production process plant
Plant shutdown caused by virus and malware attack
Application software program manipulation
Malicious use of process system function
4.1 Previous Attacks
As discussed by (Sjoerd P., 2010) in previous section that process control
systems had wrong perspective of being secure due to isolation from the world. Eric
B., 2007 emphasizes that with their traditional dependence on branded networks,
software and hardware, PCNs were regarded invulnerable to the cyber-attacks felt on
44
Information Technology Organizations. Similarly and unfortunately, the-field
experience and academic research shows misdirected assurance. The release of web
technologies, TCP/IP and Ethernet created loopholes which hackers and virus writers
may misuse it and take control of the PCNs of the CIs. This lead to increase in cyber-
based security events which affect manufacturing industries and critical infrastructure
(Eric B., 2007). Initially, this scenario was regarded fanciful, but Stuxnet proved them
wrong and became an issue of concern. It is estimated that approximately 400 to 500
per year cyber security events occurred in U.S, and more Europe without cyber war
involvement. In addition to that, Repository of Industrial Security Incidents (RISI)
reported that, incidents affecting PCNs and SCADA in CIs have gone up by 20% per
year for the past decade (Changemanager, 2011).
Following are some of the actual CIs incidents occurred:
4.2 Zotob Worm Attack on Daimler Chryslers Manufacturing Plants
According to (Paul F., 2005) Daimler Chryslers U.S. auto manufacturer was
hacked and worm infected 13 of its plants. Several millions losses due to plant
shutdown while 5000 workers stood idle waiting for patching up of the plant control
system after attack. The Plants affected were in Delaware, Illinois, Wisconsin,
Indiana, Ohio, and Michigan. They were knocked down at around 3:00 PM on
Tuesday, which resulted in production loss for up to 50 minutes, according to Dave
Elshoff (Daimler Chrysler’s spokesperson). Even though the plants were brought
back online, there was still struggling after the incident and also wondered whether
parts suppliers will be able to deliver because they were also affected by the attack.
Elshoff said that DaimlerChrysler thought that its network was penetrated
more than once with worms, and the company was yet feeling the impacts of the
45
incident. "I wouldn’t characterize our operations as out of the woods yet," Elshoff
said. In addition, financial services sector of the company was also attacked by the
latest worms, which lead to plant shutdown.
4.3 Viruses Affected Process Control Networks (PCN) servers in Africa
According to (RISI, 2004) Honeywell servers managing PCNs located in
Chad were attacked by virus which lead to communication failure in 2004. Due to
this, wells and manifolds to the Floating Production Offshore Platform (FPSO)
systems were shutdown. This further lead to productivity loss and system parameter
manipulation which could have led to catastrophic disaster.
According to (Sidarth T.,2016) due to the severity of Critical Infrastructure’s
security and PCNs any attack which occurred need to be reported for learning purpose
and awareness. Other major cyber attacked which surprised the Industrial Network
Systems and world business organizations are as follows:
1. Ransomeware WannaCry
According to (wikipedia.org ,2017) WannaCry ransomware attack happen to
be worldwide cyberattack by the WannaCry ransomware cryptoworm. Mainly,
Microsoft Windows operating system were targeted by encrypting data and
demanding ransom payments in form of Bitcoin cryptocurrency.
It started on Friday, 12 May 2017, (Sophos.com, 2017) and within a day it was
reported to have infected more than 230,000 computers in more than 150 countries.
Some parts of Britain's National Health Service (NHS), FedEx, Deutsche Bahn and
Spain's Telefónica, were attacked, along with many other countries and companies all
over the world. Shortly after the attack began, luckily "MalwareTech" a web security
46
researcher identified an applicable kill swtch. This intensley reduced the spread of the
infection, sucessfully stopping the initial erruption on Monday, 15 May 2017.
Unfortunately the latest malware detected lacked the kill switch and affected many
organizations.Somehow researchers managed to recover data from affected computers
under some circumstances.
2. Operation Ghoul
Sidarth T., 2016 reported that, there was a spear phishing movement aiming
for industrial organizations located in the Middle Eastern countries i.e. from India to
Spain. This was revealed by Kaspersky Labs in August 2016. The operation was
termed as “Operation Ghoul”. The attack begin with an email that seemed to be
originating from a bank in UAE. It was a phishing email with false credentials of the
Emirate NBD bank. It was embedded with an infected attachment that had HawkEye;
a malware used to collect personal data via clipboard data, keystrokes etc. According
to Kaspersky Labs, minimum 130 organizations were affected by Operation Ghoul.
3. New York Dam attack
According to (Sidarth T., 2016) Department of Justice (DOJ) reported that,
Iranian hacker penetrated US critical infrastructures and affected New York Dam
process control system with aim of proclaiming a new strategy of war on American
soil. They penetrated the system and broke into the command center via mobile
modem. This shows the intention of some foreign nations to attack, and carryout
malicious activities on US infrastructure.
Even though this incident was confirmed and brought to daylight in 2016, but
it actually occurred in 2013 and was attributed to Iranian hacker.
47
4. Ukrainian Power Outage
In December 2015, Black Energy malware affected Prykarpattyaoblenergo a
power company Ukraine. This caused severe power outage that affected large area of
the capital Ivano-Frankovsk. Based on the investigations it was revealed that Black
Energy malware was introduced into the control via phishing email which affected
Microsoft Excel document. This lead to huge losses in all critical infrastructures and
even fatalities in transportation industries. (Sidarth T., 2016).
48
CHAPTER 5. CURRENT STATE OF PCN’S CIS SECURITY
According to research carried out by Frost & Sullivan, “Global Oil and Gas
Infrastructure Security Market Assessment,” the total oil and gas critical infrastructure
security business is projected to grow from $18 billion dollars to $31 billion dollars
from 2011 to 2021 (Loockheed M., 2015).
According to (Loockheed M., 2015) regardless of this high expenditure in
security, the ABI Research study portrays that Process Control Networks (PCN) in
many CIs are as “poorly protected against cyber threats…at best, they are secured
with IT solutions which are ill adapted to legacy control systems such as PCN.”
The main reason behind the rise in spending on cyber security is the growing
expenses to a hacked or breached CIs. A latest analysis carried out by Ponemon
Institute on the cost of data breach incidents for CIs in the United States indicates
that, data cost of the breached CIs has raised across the board since 2013. By
average, it increased from $188 to $201 per lost or confidential data in the black
market. The overall cost paid by companies per breach rose from $5.4 million to $5.9
million. But just as importance is the effect of a data breach of Operation Technology
systems, which can not only reveal data but also interrupt process operations, but also
poor product quality, asset damage, and endanger the lives and safety of persons
around the CI and its communities could be far more catastrophic, fatal, and costly.
Figure below shows the prediction of Cybersecurity cost in the USA and the
world.
49
Figure 6 Cybersecurity cost (David W,2014).
According to (David W,2014) the cost of cybersecurity solution such as threat
intelligence and firewalls is expected to increase steadily heading to 0.1percent of the
world GDP and 0.35percent of US GDP. These are mainly driven by two forces
which are the attackers’ capabilities to penetrate the systems and the increase of CIs
connected to the internet which increases their susceptibilities. The probabilities of
CIs to be attacked either via cyber-attacks or by physical intruders are on the rise.
As it has been mentioned that the CIs control system are mainly PCNs which
comprise of different control systems but mostly DCS, APC.SCADA, PLC and etc.
All of the mentioned ones are vendor based and each vendor has its own ways of
protecting its design based on the customer requirements. Because of that, it has led
to some of weakness to some of the practices applied by some vendors and hence the
PCNs become compromised security wise. This make it important to review what
50
major vendors PCNs security practices are in order to come up with uniform and good
practices guidelines to enhance critical infrastructure’s PCNs security.
5.1 Major PCN’s vendors Security Practices
According to (Wes I., 2008) ABB, Siemens, Schneider Electric, Emerson
Process Management, Yokogawa Electric Corp and Honeywell Process Solutions are
considered as major vendors of PCNs. All the above mentioned companies have one
thing in common, which is to ensure their products stay safe and secure in order
satisfy the customer. In this case, the product is PCN. Therefore, out six of them, this
paper will discuss four of them which will be Siemens, Schneider Electric, Honeywell
Process Solutions and Yokogawa Electric Corp. These will suffice to be guide
towards development of the best ways of ensuring Critical Infrastructure’s PCNs stay
safe and secure.
5.2 Siemens
According to (Siemens G., 2014) as the Ethernet connections rises from top to
field level, the related security concerns are turning to a more critical subject for
Process Control Systems industries. Nevertheless, free ware communication and the
intensified Ethernet and internet connections of Process Control systems encompasses
not only enormous opportunities, but also extreme risks.
To offer an industrial plant with extensive PCN security protection against
attacks, the appropriate and adequate plans need to be implemented. This is where
Siemens comes into picture to selectively and strategically apply these measures
within the bounds of an integrated range for Process Control System for CIs security
(Siemens G., 2014).
51
An optimal PCN security solution can only be effected if new tactics are
considered due to ever evolving threats and hence it must be able to adapt or adjust
based on the threat evolvement. According to (Siemens G., 2014), there is no such
thing as “absolute security”. To guarantee a permanent and comprehensive solution,
Siemens offer defense in-depth advice, friendly cooperation, and evolving growth the
PCNs security strategies and products.
Through Defense in Depth, Siemens offers a multi-layers model that provides
CIs both in-depth and all-round defense. The model is founded on the mechanisms of
network security, plant security, and system integrity, as advised by ISA 99 / IEC
62443 – the leader in industrial automation security standards. Each section offer
different protection to CIs for instance, physical plant security protect the facility
against physical attacks while network protection and the protection of system
integrity provide security against cyber-attacks and unlicensed entry or login by users
or intruders. (Siemens G., 2014).
In addition, Siemens utilizes CERT (Computer Emergency Response Team)
which is universal network for security concerns and response. CERT was developed
as an outcome of the first internet virus or worm occurred in 1998. Approx.250 CERT
universal corporations worldwide stand for both governmental and private companies.
Trusted information is exchanged via FIRST (Forum of Incident Response and
Security Teams) organizations, new members must be introduces by at minimum two
live members. The mandatory rules of cooperation twixt FIRST members are outlined
in FIRST operational structure (Tino H., 2012).
Communication BETWEEN Siemens $ ICS-CERT, (Tino H., 2012).
52
Siemens CERT is the first contact point for cyber security issues and requests
for regarding Siemens internal IT as well as product issues and requests.
Information is transferred via reliable encoded channels (data) or telephone.
So far ICS-CERT has contacted Siemens CERT with numerous vulnerabilities
which were identified by analyst to them.
Figure 7 CERT Cooperation (Tino H., 2012).
Industrial security has to cover a wide range of objectives
53
Figure 8 Industrial security objectives (Tino H., 2012).
Regardless of the integration between Office Security and Industrial Security
there is some differences in priorities (Tino H., 2012).
Figure 9 Security requirements (Tino H., 2012).
54
To strengthen security of a plant against cyber-attacks, a multiple level service
idea for Industrial Security is available from Siemens Industry (Siemens G., 2014).
“No single security measure is good enough to prevent intrusion” (Tino H.,
2012).
Siemens depend on “Defense in Depth” strategy – creating multiple layers of
security, each layer supports other layers, for every move between layers an intruder
or attacker must spend more effort and time. Below is an example of different layers
of protection as per Siemens.
Figure 7 Protection layers (Siemens AG.2012).
55
Figure 8 “Defense in Depth” strategy example (Siemens AG.2012).
According to (Tino H., 2012). To be safe and trustworthy CIs require more
than one protection layer in other words embedded security is a must.
In order to strengthen the security Siemens create Secure Automation Cells to
secure PCN. Automation cell ensures high productivity and intensive security needs.
Figure 9 Automation cell (Siemens AG.2012).
Defense in depth strategy summary is as follow:
56
Security cells segmentation
Cell access only front and not front & back
Disabled ports and media devices
PC strengthening
Task-centered Access control and User Account Management with minimum
license
Anti-Virus & Whitelisting
Data and File transfer to and from PCS7 via “Quarantine PC” and FTTP/SFTP
in DMZ
Remote access through secure communication, special Access point and
dedicated support user account
Policies and Procedures
Security need everyone’s contribution same as say goes “Security is
everyone’s responsibility” (Kenneth M., 2016). Siemens have allotted the
responsibilities based on job groups. Below diagram shows responsibilities.
Table 4 Security responsibilities (Tino H., 2012).
57
Siemens summarize industrial security as follows (Tino H., 2012):
Industrial security is not only a topic of technical implementation, but begin
from security awareness across all layers of management and employees
Security is an continuous task and must be maintained throughout lifecycle
phases
There is no 100% security-Security is a process comprising of operators,
management, suppliers and integrators and not only a product for sale
Siemens Industry Automation offers products, system and solutions in
addition to professional services to guarantee total Industrial Security for
customers
5.3 Schneider Electric/Invensys
According to (Invensys, 2012), all inclusive Cyber Security programs have
never been more required than they are currently. Besides the old style hacker’s aims,
major banks corporations and the utilities division are increasingly emphasis in cyber
security. Currently, SCADA, PLC, DCS systems are being targeted for weakness,
exploitation and stealing of industrial confidential data. Invensys Critical
Infrastructure and Security Practice (CISP) are made based on the best practices
methods via its lifecycle strategy, which guarantee that the resolutions are network
and control system diagnostic. PCN life cycle is grouped into four main category
which are as follows:
Stage 1: Assessment & Planning – CISP reviews the existing network, point
out any issues and recommend areas for enhancement.
Stage 2: Development of Architecture & Design – CISP ensures that based
on evaluation to pinpoint what requirements to be applied and create the
comprehensive designs essential to make it happen.
58
Stage 3: Implementation & Modernization – CISP use network design and
make it real via procurement, staging and commissioning of the latest system or
upgrades.
Stage 4: Management & Optimization – CISP works together with network
management, giving a tools to enhance and optimize the continuously evolving and
changing landscape of process control network utilization.
Figure below shows CISP implementation.
Figure 10 CISP Security implementation (Invensys O, 2015).
Invensys cyber security portfolio is flexible enough that it can be used in its
entirety or applied by any person, offering inclusive yet expandable solution to Cyber
Security Compliances (Invensys O, 2015).
Similar to Siemens, Invensys also group the cyber solutions based portfolio
and expertise.
Below figure shows cyber security lifecycle portfolio.
59
Table 5 Cyber Security Portfolio (Invensys O, 2015).
Cyber security best practices are meant to offer guidelines on Process Control
Network security that will cut down external and internal threat vectors. Items are laid
out priority wise (Invensys O, 2015).
Ensure that system is up to date with newest Invensys-approved Operating
System (OS) and software patches.
Always use current anti-virus definitions
Update authorized application software
Enable Anti-Virus /Intrusion Prevention System
USB stick usage to be blocked to be used only after scanning and ensured no
virus
Strengthening Servers and Workstations. Strengthening Non-DCS nodes is an
obligatory and normally will not have an unwanted effect on the DCS.
Strengthening DCS nodes may be done and can change from Non-DCS assets
strengthening.
Change “default” admin passwords
Control user Rights
Always implement Backup and Restoration
Take inventory of network assets
60
Use physical network separation
Use logical network segregation (safe zones) whenever possible with restrict
Firewall Rules
Enable Firewall Logging
Use Network Management System (NMS)
Avoid clicking unverified links or files
Create an Incident Response Plan
Download and run latest McAfee Stinger tool
Table 6 CISP Cyber security best practices (Invensys O, 2015).
In addition to that, Invensys Operations Management also endorses that
customers assess their total cyber security strength as part of a continuous security
and robustness program for their Process Control Network Systems (Invensys, 2012).
The cyber security standard operating procedures obliges for different roles in
an effective Process Control Network Security program, comprising of:
61
Establishing the intent for deployment
Elaborating expectations
Specify the scope of the system to be added
Point out the procedures and control required to attain the required
expectations
The standard operating procedures act as the foundation for designing and
implementation of cyber security program and all associated works (Invensys O,
2015).
5.4 Honeywell Process Solutions
According to (Chee B., 2012) Process Control Systems has witnessed more
than six fold rise in susceptibility since 2010 to 2012.
Based on (Honeywell P., 2016), Process Control Systems are currently at
higher risk to cyber threats than ever before. Yet, the SANS Survey “Breaches on the
Rise in Control Systems” states that the means to secure these systems has not been
enhanced, even though the struggle to detect attacks and threats has not reduced.
Honeywell supports layered strategy to Process Control Network security.
62
Figure 11 Layered Approach (Chee B., 2012).
According to (Chee B., 2012) Defense in depth strategy offers multiple layers
of security to secure critical infrastructures.
These are as follows;
Multiple security structure
Multiple Layers of security
Resilient attacks
In addition to that, in order to enhance security ISA-95: 4 Level Security is
applied whereby:
Level 1- Regulators and actual time control
Level 2- Operator Stations, Servers, and supervisory control
Level 3- Historian and Advance Control and other level two areas or units
Level 3.5 – Business Network and PCN accessed through DMZ only.
63
Level 4- Business network with users and managers who can access Advance
Control applications and Historian
Level 3 and 3.5 utilizes standard open system Ethernet technology and Level 4
utilizes standard open system LAN technology.
Furthermore (Honeywell P., 2016) stated that, Risk-based frameworks have
surfaced to be the most effective methodology to attain continuous Process Control
Network security enhancement. Dealing in acquiescence with compliance and policy
targets, a risk-based methodology assists process plants and critical infrastructures to
manage risk based on the security outline of each site separately, and choose controls
determined by updated outcome. Honeywell’s Industrial Cyber Security Risk
Manager is regarded as the leader in ways to pre-emptively monitor, gauge and
manage cyber security risk for process control network industrial environments,
offering users of all levels with real-time understanding, visibility and decision
support needed for necessary actions based on the situation. It also developed Risk
Manager from the ground-up to interpret complicated industrial susceptibility, risk
and threat. Information data is merged so that at-a-glance view all information for
easy enhancement and site-wide conditional alertness.
Risk manager provides several benefits such as:
Real-time data acquisition and analytics program that continuously watches
for signs of cyber security threat
Proactively detect susceptibilities and threats that might affect the Process
Control Network System
Supervise network and system devices, check network traffic, detect rogue
devices & risk source, offering clear and complete visibility
Easy-to-use interface removes requirement for cyber network security expert
Compatible technology that easily works with non- Honeywell systems
64
Low effect technology won’t disturb process plant operations or cause
network delays
In addition to that several standards and methodology including ISA99/ IEC
62443 and the ISO 27000 series classify continuous observation as an essential
Process Control Network security program element. (Honeywell P., 2016)
5.5 Yokogawa Electric Corp
Based on statistics from the Process Control Industry, Yokogawa indicate that
there is significant increase in number of security incidents and increase in number of
threats too. These results are from threats in all markets. (Yokogawa B.,V, 2014).
Other threat to cyber security and Process control network security is the human
factor.
5.5.1 Human Errors
Apart from security threats and risk caused by changes in technology,
unintentional human errors have been there long before there the cyber-security
threats leading to in- and outsiders with evil intent. One way to alleviate the risks
related with cyber threats and ‘the human factor’ is by applying physical security in
the sense of cabinets or rooms locked using key card verification. Risk factor will be
reduced if staff cannot access areas where they could cause serious security issues be
it intentionally or unintentional. Other way is by ensuring personnel awareness
through training. Eugene Howard Spafford, a leading computer security expert, once
said:
65
“The only truly secure system is one that is powered off, cast in a block of
concrete and sealed in a lead-lined room with armed guards - and even then I have my
doubts.” (Yokogawa B.,V, 2014).
5.5.2 Standards and security policies
According to (Yokogawa B.,V, 2014) due to increasing security threats, some
of companies in the process control industry have instigated procedures and standards
to cut down the risks. Some of these companies focused on putting in place policies
and procedures for information communication technology (ICT) security in general.
Others with special interest into the process control industry have established a
specific process control security policies and procedures.
International Society of Automation (ISA) and International Electro technical
Commission (IEC) are among best examples of organizations that have come up with
security policies. Even though the security technologies which are applied in general
IT and process control systems are the same, but the importance varies due to the
impact or effect if the security is compromised.
Figure below shows these different priorities, as composed by the (ISA)).
Figure 12 ANSI/ISA–99 (Yokogawa B.,V, 2014).
66
5.5.3 Security solution
According to (Yokogawa B.,V, 2014) Security is a dynamic & never-ending
process and that why Yokogawa refers as Security Lifecycle.
Figure 13 Yokogawa security life cycle.
Security solutions can be decided and considered on situational basis locally.
For instance the following measures may be implemented after local analysis of the
situation:
Network Security Design;
Firewall;
Anti-Virus;
Security Patch Updates;
Disaster Recovery & back-ups;
Recovery & Backup
System Hardening
67
5.5.4 Network security and layers
In the event that a plant control system comprises of a few computers, the
network technicians can easily manage and maintain. However, in the event that the
network is huge then creating zones based on the process or certain common activities
will be vital to manage and secure the network.
In case of an attack, the affected area can be isolated without affecting the
other network. Appropriate network design permits network technicians to manage
and maintain the network easily and safely. Network architecture must be essential
foundation for all security measures (Yokogawa B.,V, 2014).
Below is an example of zoned network architecture.
Figure 14 Network Architecture (Yokogawa B.,V, 2014).
68
According to (Yokogawa B.,V, 2014) the grouping of a network is the
foundation of security control. The networks are classified from level 0 to level 4
based on functionality and network security.
Level 4: This is normally out of Yokogawa scope because it contain office
domain.
Level 3.5: As per Yokogawa definition this zone is not official. DMZ
(demilitarized zone) ensures data security to and from the Process Control domain,
manages and secure all the data traffic from Level 4 to system layers (Level 3 and
lower layers).
Level 3: This is the Manufacturing Operations Control Level 3 comprise of
the task involved in maintain and managing work-flows to produce the required end
products. It gathers raw data/information from level 2 PCN, execute them before the
data and information is used by level 4 network like Enterprise Resource Planning
(ERP) system. Therefore, it supports vertical integration functionality twixt Level 4
corporate network and Level 2 PCN.
Level 2: This is Area Supervisory Control, it includes the task involved in
observing and regulating the actual process. For instance the HMI stations are part of
this level.
Level 1: This the Local field level or Basic Control, it comprise of task which
are involved in sensing and adjusting the physical process parameters. It also consist
of sequence control, continuous control, discrete control and batch control. In
addition, it contains safety and protection systems that oversee the process and
automatically return the process to a safe state if it exceeds safe limits.
69
Level 0: Process Control Level 0 is the actual real process. It comprise of the
sensors and actuators pumps etc. It is exactly linked to the process and process
equipment.
5.5.5 Wireless in PCN
The requirement for launching wireless system in the process control industry
has been rising up, mainly due to reduced costs and enhance effective
communications. However the presence of wireless system, brings new concern for
the process control industry. Some of the issue which come along with wireless
system are:
Real-time operational excellence
Environment resistance
Protection against explosion
Radio wave interference
Security (e.g. eavesdropping, falsification, spoofing)
However wireless systems become more prone to a potential attacker because
physical access to the network is not necessary to intrude. Therefore, physical security
mitigations are therefore insufficient in this case. It is becomes essential to implement
other security mitigations as well, e.g. encryption system (Yokogawa B.,V, 2014).
(Yokogawa B.,V, 2014) has recommended the following measures to enhance
security of the wireless network in process control industry
Setting up and hiding the SSID
MAC address filtration
WIFI connection only via approved firewall
WPA2 encryption only to be used
70
Finally according to (Yokogawa B.,V, 2014) one does not need to be Einstein
to see that smart-viruses and malware are becoming smarter. Always be step ahead
when it comes to network security the industry although most of them are one step
behind, but the best way out to deal with this is to be vigilant all along (Yokogawa
B.,V, 2014).
71
CHAPTER 6. RELEVANT ORGANIZATION AND
STANDARDS
Several organizations are trying to state ways of securing process control
network systems in industries. These organization are based regional, nationally and
even worldwide. Also they could be governmental or even private. Organization such
as North American Electric Reliability Corporation Critical Infrastructure Protection
(NERC CIP) issues heavy fines for non-compliance if one falls under their
jurisdiction. Others such as Chemical Facility Anti-Terrorism Standards (CFATS)
provides proposal for self-check and because it cannot give levy fines for no
adherence (Eric K., 2011).
According to (Invensys, 2012) various standards organizations aid companies
create effective PCNs Security adherence strategies. Examples are:
North American Electric Reliability Corporation Critical Infrastructure
Protection (NERC-CIP)
Internet Engineering Task Force (IETF)
National Institute of Standards and Technology (NIST)
Department of Homeland Security (DHS)
Chemical Facility Anti-Terrorism Standards (CFATS)
International Society of Automation (ISA)
International Organization for Standards (ISO)
Nuclear Energy Institute (NEI)
Private Standards-making organizations produce more specific guidelines to
aid companies protect their operational technology in addition to standards on
protecting electronic devices. Industrial Automation and Control Systems (IACS)-
ISA/IEC- 62443 is a set of standards and technical reports given mainly by the
72
International Society for Automation (ISA) to “define procedures for implementing
electronically secure industrial automation and control systems and security practices
and assessing electronic security performance” (Lockheed M., 2015).
According to (Lockheed M., 2015) for the sake of the standards,
manufacturing and process controls systems are defined largely to consist of hardware
systems such as distributed control systems (DCS); programmable logic controllers
(PLC); supervisory control and data acquisition (SCADA); and networked sensors,
monitors and diagnostic systems. It also consist of the related human, internal,
network, or machine interfaces. The standards help to point out and address
susceptibilities in order to secure machinery and the information contained in process
control systems whose interference could result in the following disasters:
Endangerment of public or employee safety
Public confidence loss
Regulatory requirements violations
Confidential or proprietary information loss
Financial loss
National security impact
Finally, oil and gas organization are responsible for their own security of data
and process control related systems, with assistance accessible from Standards-
making companies and administration in the form of best practices and
recommendations for applying standards. In addition to that, for instance in USA
assistance is offered to companies on request from the Department of Homeland
Security with audits and guidelines on applying process control security plans and
their controls.( Lockheed M., 2015).
73
Below table shows ISA standards.
Figure 15 Network Architecture (Lockheed M., 2015).
6.1 General PCN Security Recommendations
According to (Corporation, Lockheed M., 2015), the U.S. government
provides a complete set of cyber security guidelines from the National Institute of
Standards and Technology (NIST). NIST’s 800-series of Special Publications offers
guidance on applying the best practices for PCN security. A public-private alliance
has yielded to Critical Security Controls, previously referred as the SANS Top 20 list,
which distinguishes basic steps that companies may utilize to strengthen cyber
security. Currently, version 5 of the PCN Security Controls aims first on ranking
security measures that are effective against the latest Advanced Targeted Threats,
with a strong prominence on ‘What Works’.” The list function on the 80-20 principle,
the idea is that small number of susceptibilities or issues are the cause of major
74
threats; ranking them could be cheap way to enhance total security. Based on
(Corporation, Lockheed M., 2015) PCNs Security Controls - Version 5, contains the
following based on SANS Institute:
Record of Authorized and Unauthorized Devices
List of Authorized and Unauthorized Software
Hardware and Software Secure Configurations on Mobile Devices,
Workstations, Laptops, and Servers
Assessment and Remediation of Vulnerability Continuously
Malware Defenses
Software Security Application
Wireless Access Control
Data Recovery ability
Appropriate Assessment of Security Skills Training to Fill Gaps
Secure Configurations for Network Devices such as Firewalls, Routers, and
Switches
Restriction and Control of Network Ports, Services and Protocols
Regulated usage of Administrative Privileges
Defense Boundary
Audit Logs for Monitoring, Maintenance, and Analysis
Regulated entree centered on the Need to Know
Monitoring and Control of accounts
Data security
Incident Response and Management
Secure Network Engineering and design
Red Team Exercises and Penetration Tests if permitted
Many industry-specific guidance are provided on the basis of enhancing
Critical Infrastructure PCNs security, it is referred as “a set of industry
standards and best practices to help organizations manage cyber security risk.”
This was published in 2014 by NIST in retort to an executive order from
President Obama on securing privately-owned critical infrastructure. The aim
was to better secure the critical infrastructure on which most of the nation’s
75
security rely on, but which is out of government control. This was applicable
to all critical infrastructure all over USA. This was considered as “a consistent
and iterative approach to identifying, assessing, and managing cyber security
risk,” by owners and operators. “This approach is necessary regardless of an
organization’s size, threat exposure, or cyber security sophistication today.”
The methodology was meant to “enable organizations—regardless of size,
degree of cyber security risk, or cyber security sophistication—to apply the
principles and best practices of risk management to improving the security and
resilience of critical infrastructure.”
Same as other high-level standards are unbiased technology which do not
stipulate specific measures, applications or tools to be used. “The framework
is not a one-size-fits-all approach to managing cyber security risk for critical
infrastructure,” According to (Corporation, Lockheed M., 2015),
“Organizations will continue to have unique risks—different threats, different
vulnerabilities, different risk tolerances—and how they implement the
practices in the Framework will vary. Organizations can determine activities
that are important to critical service delivery and can prioritize investments to
maximize the impact of each dollar spent. Ultimately, the Framework is aimed
at reducing and better managing cyber security risks.”
The methodology consists of three basic elements: (Corporation, Lockheed
M., 2015).
The Core, a set of PCN security activities, results, and educative references
that are shared across critical infrastructure sectors, offering the complete
guidance for building specific structural profiles.
Profiles assit organization align its PCN security functions with its business
goals, risk acceptance, and resources; measure latest state of risk management;
and prioritize measures to be implemented for security improvement.
A group of four Tiers to offer a methodology for companies to examine and
comprehend the features of their strategy to managing PCN security threats.
They explain the need of current risk management and permit a examine of
how they are matched with business requirements.
76
NISTstates that the methodology will stay be a living article and will be
reviewed based on feedback and lessons learned from the organizations aapplying it
(Corporation, Lockheed M., 2015).
77
CHAPTER 7. RESULTS OF THE REVIEW
The four main international vendors of industrial process control systems are
Yokogawa, Honeywell, Siemens and Schneider Electric. Guidelines provided by each
of these vendors were analyzed. Below is what they normally do in general to ensure
scurity of PCNs.
Table 7 Review results.
Vendor PCN Security Guidelines
Yokogawa 1. Identifying what systems need to be protected, 2. Separating the systems logically into functional groups, 3. Implementing a defense-in-depth strategy around each
system, and 4. Controlling access into and between each group. 5. Policies 6. Procedures 7. Physical Security 8. Network Security 9. Host Based Security
Honeywell 1. Vulnerability assessment 2. Threat assessment 3. Risk analysis 4. Cyber security training 5. Development of security policies and procedures 6. Implementation of security Technology Defense in
Depth 7. Global threat intelligence 8. Incident detection and remediation 9. Timely response to the changing threat landscape 10. Training and awareness
Siemens 1. Physical security 2. Policies, procedures and training 3. Security cells and DMZ 4. Firewalls and VPN 5. System Hardening 6. Preventing wide range of attack 7. Malware detection and prevention
Schneider Electric /Invensys
1. Assess Critical Infrastructure vulnerabilities to cyber or physical attacks.
2. Develop plans to eliminate significant vulnerabilities. 3. Propose systems for identifying and preventing
attempted major attacks. 4. Develop plans for alerting, containing and rebuffing
attacks in progress. 5. Rapidly reconstitute minimum essential capabilities in
the aftermath of an attack. 6. Coordination among private and public CIs protection
78
(Interdependency) 7. Network management system
After thorough review of the PCNs security best practices from Vendors,
following similarities and differences were picked.
Table 8 Vendor Comparison.
RECOMMENDED YOKOGAWA HONEYWELL SIEMENS SCHNEIDER
ELECTRIC
System
Identification and
Assessment
Planning and
Strategy
Physical Security
Demilitarized Zone
and security cell
Fire wall and VPN
System Hardening
Policies and
Procedures
Training
79
Ethical Hacking
Recovery and Back
up
Network
Management(Audit)
7 9 9 8
Below are the outcome of the review
All PCNs major vendors discussed in this research concur Defense in Depth is
the best way to protect PCNs and IT networks although they differ in
wordings.
Ethical hacking is not recommended by many of the PCNs vendors except
“Schneider electric”.
CERT (Computer Emergency Response Team) involvement is crucial
As per the checklist above Honeywell and Siemens stands out to meet the
recommended best practices to ensure PCN security in the Critical Infrastructures.
Never the less Schneider electric stands out to be the only vendor so far who clearly
pinpoint the need for Penetration test (Ethical Hacking). Lastly Yokogawa also meets
the requirements for PCN security but one has to go in details to get what they
actually mean which is ultimately same as the other vendors which is Defense in
Depth.
Therefore as per the outcome it is clear that vendors and government
guidelines and recommendation are generic and have no specific details to industries
80
of exact what has to be done. Never the less they act as guide but to be able to secure
PCN thorough and detail way forward is needed. This is where Network Management
Tools comes into picture.
81
CHAPTER 8. NETWORK MANAGEMENT TOOLS (NMT)
Currently network management applications mainly collect and display
information, while providing limited information processing and problem-solving
capabilities. (S. P. Maj, 2010) A number of different knowledge-based approaches
have been proposed to correct this deficiency, evolving from rule-based systems
through case-based systems, to more recent model-based systems. With this
development there are some deficiency created hence a good network management
toll should exhibit at least the following features: (Maj. S. P. Kohli. G. & Murphy. G,
(2004).)
Speeds detection, diagnosis, and resolution of network issues—before outages
occur.
Displays and observe response time, performance and availability of network
devices.
Automatically discovers and maps network devices, and typically deploys in
about an hour.
Improves operational efficiency with out-of-the-box, customizable
dashboards, alerts, and reports. Provides an enhanced view of your network
with automatic capacity planning and topology-aware intelligent
According to (S. P. Maj, 2010) there are several NMT which are available in
the market such as Solarwinds, Check point, what’s up Gold, Ciscoworks, Cisco net
Manager, Open NMS, IBM Tivoli, Novel Zenworks etc. Nonetheless they are
difficult to display protocol and devices configuration data while preserving a
navigational environment simultaneously.
In any network security is paramount and Firewalls are the backbone of the
network security. According to (Rubbin A.D, 1997) firewall configuration is regarded
82
to be crucial. Nevertheless, configuring general devices for security purposes in a
large network could pose a challenge to many of the IT Engineers. This problem
became complex and configurations prone to errors increases when it comes to
Firewalls configurations and rules management, specifically for business networks.
According to Bartal “This is a crucial task….The bottom line is that, the
security of the whole internet depends upon the exact contents of the rule- based
,with no level of abstraction available. Since syntax and semantics of the rules and
their ordering depends upon the firewall product or vendor, this is akin to the dark
ages of software where the programs are written in assembly language so that the
programmer had to know all the idiosyncrasies of the target processor” (Bartal.
Mayer.Nassim. & Wool, November 2004).
In order to assist and enhance monitoring of the network and reduce
configuration complications specifically for security devices and firewalls Network
Management Tools (NMT) such as what’s up Gold, Solarwinds, Cisco net Manager,
IBM Tivoli, Open NMS, Novel Zenworks and etc. are available in the market. These
tools offer Command Line Interface (CLI) with pull-down menus and Graphic User
Interface which ease the configuration and monitoring of the security devices in the
network. (S. P. Maj, 2010)
However each tool comes from different vendor and has certain capabilities
and disabilities and sometimes some tools may provide total network requirements
hence they carter for issues related to merging of different technologies such as
wireless, public, private, voice and other problems related to network security.
However, according to (Paquet, 1997) no single vendor can suffice network security
requirements. Mostly all network monitoring.
83
Due to limited access to the network management tools only some of the few
common features of NMT have been identified:
Table 9 NMT Features.
Software Features
What’s up
Gold
Application monitoring, Network Traffic Analysis, Discovery &
Network Monitoring, Distributed Monitoring, Virtual
Environment Monitoring and Failover Manager
Solarwinds troubleshooting, network performance measure and benchmark,
intelligent alerts etc.
Novel
Zenworks
endpoint security management, firewall protection, TCP/UDP
port rules and Access Control Lists (ACLs), Encryption,
dynamic security levels
Cisco Net
Manager
configuration management, real-time change tracking,
compliance auditing, automated configuration, user activity
tracking etc.
Open NMS network and application monitoring, SNMP traps, syslog
messages etc.
IBM Tivoli (
Broader Based
Tool)
Database monitoring, energy management, virtual environment
management etc.
Ciscoworks Real-time network monitoring, dynamic status, configuration
84
Table 10 NMT Advantages and Disadvantages.
Ciscoworks
Characteristics Advantages Disadvantages
Simplifying the
configuration,
administration,
monitoring, and
troubleshooting
of Cisco
networks
Enhancing
efficiency and
accuracy of the
network
operations
personnel
Enhancing
network
availability via
configuration and
easy trouble
shooting and
repair
Strengthening
network security
via integration
via audit of
network-level
changes and
A centralized
system for sharing
device
information
across all network
applications,
improving
manageability,
and awareness
increase of
network changes
Network
identification,
end-station
observation and
topology views,
Real-time
network fault
analysis
Hardware and
software
inventory
management,
centralized
configuration
Monitoring and
A Cisco-based
computer network only
can be used
Very expensive
Consumes a huge
amount of computer
resources.
Requires high
performance
networking equipment
to run it because it has
become such a large
and complete
management system
Not suitable to update
network configuration
when it is required
immediately
As many network
management protocols
have been used, they
create a lot of network
traffic
85
access control
services
tracking of
network response
time availability
Web-based
interface for
launching and
navigating
network
functionality
What’s Up Gold
Characteristics Advantages Disadvantages
Web-based
interface
Full reporting
features
Supports Both
SNMP and WMI
Real-time
monitoring all
critical network
devices and
services
Discovers and
maps all network
devices
Notifies when
problems happen
on the network
Gathers network
information over
time and
generates reports
Real-time
network
monitoring
Consumes a huge of
computer resources.
Requires high
performance
networking equipment
to run
As many network
management protocols
have been used, they
create a lot of network
traffic
Not suitable to update
network configuration
when it is required
immediately
Very expensive
Source. (S. P. Maj, 2010)
86
Among the NMTs displayed above Novel ZENWorks is specialized on
network security and mostly used in this portfolio. ZENWorks family of products also
offer most of businesses with a progressively robust and various set of identity-driven
device configuration management, patch management and asset management
capabilities. (Novel, 2017)
Figure 19 ZENWorks unified console, Source. (Novel, 2017).
According to (Novel, 2017) ZENworks Configuration Management is more
intelligent, flexible and scalable. Apart from the basic features of other network
management tools ZENworks has the following:
87
Table 11 ZENworks Features.
ZENWorks
Features Advantages
One web based console covers all
(management console for
configuration, asset, patch and
now endpoint security
management)
Auto location identifier
One adaptive agent
Policy and bundle management
change
Administrative group
enhancement
Support advance hardware and
OS (64bit)
Manual device creation and
reconciliation
Package and repository
management
Support remote operation
Endpoint security management
Advanced power management
End-user productivity increase
User self defence
Lower cost
Risk mitigation security based
Alignment with IT business objectives
Enhanced VPN
Enhanced application control
88
Expanded security capabilities
Automatic email notification
Advance alerting capability
Enhanced encryption
Enhanced Firewall features e.g.
Layer 2 firewall capability
Advanced Wi-Fi management
In exception of what’s up gold and ZENWorks, these tools lack two crucial
features which are:
Most tools don’t’ have single window display for actual data from different
devices
Several commands needed for CLI
According to (Furnell, 2005) device configuration with NMTs could be
problematic even for basic application due to complexity of some of NMTs. This
problem is exacerbated for dedicated devices such as firewalls which are not only
complex devices within themselves but also difficult to configure.
State Model Diagram were suggested mainly for managing and configuring
network devices and related protocols. (Maj. S. P. Kohli. G. & Murphy. G,
(2004).)These leads to the modelling where network monitoring, configuration and
troubleshooting made easy. This can be regulated by displaying only specific details
of specific device via hierarchical top down display.
89
CHAPTER 9. STATE MODEL DIAGRAM
Difficulty of NMTs may be regulated by abstraction. Models related on
abstraction regulate information via hierarchical top-down breakdown to specific
details of a device in special context are displayed. (S. P. Maj, 2010)
According to Gilbert, “A Model is a simplified representation of a system,
which concentrates attention on specific aspects of the system. Moreover, models
enable aspects of the system i.e. objects, events, or ideas which are either complex or
on a different scale to that which is normally perceived, or abstract to be rendered
with visible or more readily visible”. (Gilbert J, 1995)
Network devices purposes and structures are easily understandable using
models. SMDs consist implementation data sourced from CLI which make it possible
to check and validate device status and operation. (Maj. S. P. Kohli. G. & Murphy.
G, (2004).) Maj also suggested that State Model Diagram monitors states and changes
occurring during hacking and intrusion, while MNT do not show status changes. (S.
P. Maj, 2010)
SMD Benefits are:
State based
Dynamic
Scalable
Graphic displays
Customised
SMD table design can be configured and customised based on the user level of
interaction required. For instance fa0/1 can be opened further to contain information
90
of communication such as Full-duplex, 100Mb/s etc. Likewise Routers can be further
expanded to see the routine protocol configuration and related operational
information. Below are example of SMD tables from higher level to the lowest. (S. P.
Maj, 2010)
“Using the models it is relatively easy to understand the purpose and structure
of the devices. The models include implementation details, derived from the CLI
commands, hence it is possible to verify and validate device operation”. (S.P Maj,
Kohli, & Murphy, 2004)
Utilization of SMD modeling will be shown first by comparing the output of a
basic network managed via the CLI and similarly by SMDs. Then gradually more
complicated networks will be modeled via SMDs.
9.1 Command Lined Interface
CLI is usually used to configure and manage network devices. For instance
two routers in the network will require four different CLI commands: They have to
show interface fa0/1, show running-configuration, show Addressable Routing
Protocol (Arp), and interface fa0/0. As is shown CLI output is text based and verbose.
(S. P. Maj, 2010)
91
Table 12 CLI source (S. P. Maj, 2010).
Router1#show running-config
Building configuration...
!
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface Ethernet0/0
ip address 192.168.10.1 255.255.255.0
duplex auto
speed auto
!
Router1#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.1.1 - 000c.30e2.e501 ARPA FastEthernet0/1
Internet 192.168.1.2 24 0001.6c81.644c ARPA FastEthernet0/1
Internet 192.168.1.3 26 0001.6c81.678a ARPA FasteEthernet0/1
Router1#show int fa0/1
92
FastEthernet0/0 is up, line protocol is up
Hardware is AmdFE, address is 000c.30e2.e501 (bia 000c.30e2.e501)
IP address 192.168.1.1/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:01:02, output 00:00:25, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queuing strategy: fifo
Output queue :0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
5301 packets input, 806014 bytes
Received 5239 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
93
12722 packets output, 1150037 bytes, 0 underruns
0 output errors, 0 collisions, 7 interface resets
0 babbles, 0 late collision, 0 deferred
10 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Router1#show int fa0/0
FastEthernet0/0 is up, line protocol is up
Hardware is AmdFE, address is 000c.30e2.e500 (bia 000c.30e2.e500)
IP address 192.168.10.1/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:01:02, output 00:00:25, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queuing strategy: fifo
Output queue :0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
94
5 minute output rate 0 bits/sec, 0 packets/sec
5301 packets input, 806014 bytes
Received 5239 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
12722 packets output, 1150037 bytes, 0 underruns
0 output errors, 0 collisions, 7 interface resets
0 babbles, 0 late collision, 0 deferred
10 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
In addition to this two PC configuration commands (ipconfig) are needed.
PC1
C:\>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . :
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100+ Server Adapter (PILA8470B)
Physical Address. . . . . . . . . : 0001.6c81.644c
Dhcp Enabled. . . . . . . . . . . : No
95
IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :192.168.1.1
PC2
C:\>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . :
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100+ Server Adapter (PILA8470B)
Physical Address. . . . . . . . . : 0001.6c81.678a
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :192.168.1.1
Similarly the above CLI can be managed by SMD as follows:
96
Figure 16 SMD Higher level=0 (S. P. Maj, 2010).
Figure 17 SMD Level 01 source (S. P. Maj, 2010).
97
Figure 18 SMD Level 02 source (S. P. Maj, 2010).
The ARP protocol automatically maps physical (MAC) to logical (IP)
addresses in order to encapsulate layer 3 packets into layer 2 frames.
The ARP box may be expanded using a level 2 SMD.
98
Figure 19 SMD with ARP table expanded source (S. P. Maj, 2010).
Firewalls are the pillars of network security configuring and monitoring need
to be easy and no special knowledge required. Hence SMD are significantly used to
model the firewall. (Bartal).
SMD can be also modelled to configure and monitor other types of network
security such as Internet Protocol Security (IPsec), Port Address Translation (PAT)
and Network Address Translation (NAT). It is also possible for SMD to be modelled
for granularity of embryonic links and virtual machines. (S. P. Maj, 2010)
9.2 Internet Protocol Security (IPSec) standard
For security over internet communication IPSec takes the lead and is regarded
as Internet Engineering Task Force (IETF) standard with flexibility, stronger security
and authentication. (S. P. Maj, 2010). It made of two protocols i.e. Authentication
99
Header (AH) protocol for source authentication and Encapsulating Security Payload
(ESP) data security. It also offers end-to-end security via agreed encryption, twixt
assigned network devices such as routers or firewalls and hosts. (S. P. Maj, 2010)
CLI for IPsec and modelling of IPsec can illustrated as follows. Steps required
for configuration are.
Table 13 Steps to be followed for CLI.
Task 1. Prepare for IPSec
Step 1 Determine IKE policy between IPSec peers
Step 2 Determine IPSec policy including IPSec peer details
Step 3 Check current device configurations
Step 4 Ensure network connectivity
Task 2. Configure Internet Key Exchange (IKE) for pre-shared keys
Step 1 Enable IKE
Step 2 Create IKE policies
Step 3 Configure pre-shared keys
Step 4 Verify IKE configurations
Task 3. Configure IPSec
Step 1 Configure crypto access lists
Step 2 Configure transform set suites
100
Step 3 Configure global IPSec security association lifetimes (optional)
Step 4 Configure crypto maps
Step 5 Apply crypto maps to interface
Step 6 Verify IPSec
Task 4. Test and verify IPSec
CLI for IPsec and verification of configuration and operability.
Table 14 IPsec CLI Source (S. P. Maj, 2010).
Configuration and operational IPsec commands:
1. Show crypto map
2. Show crypto isakmp key
3. Show crypto isakmp policy
4. Show crypto isakmp sa
5. Show crypto ipsec sa
6. Show crypto ipsec transform-set
7. Show crypto engine configurations
8. Show crypto engine connections
CLI offers very less useful details of the network device under supervision
hence SMD is required.
101
Figure 20 SMD of PIX firewall with IPSec source (S. P. Maj, 2010).
Using SMD on IPSec ensures complete and correct configuration, consistency
twixt IPSec functional parts such as ACL and mapping and also proof check on
devices on the same network. (S. P. Maj, 2010)
9.3 Network address translation (NAT)
Network address translation NAT can be also modelled using SMD as
follows.
CLI commands are
PIX
insideNameif
100security
192.168.100.1/24IP
e1Interface
insideNameif
100security
192.168.100.1/24IP
e1Interface
255.255.255.0Subnet mask
255.255.255.0Subnet mask
192.168.200.0
192.168.100.0
IP
Permit
100
Protocol
Implicit Deny
Destination
Source
Permit|deny
Access-list
255.255.255.0Subnet mask
255.255.255.0Subnet mask
192.168.200.0
192.168.100.0
IP
Permit
100
Protocol
Implicit Deny
Destination
Source
Permit|deny
Access-list
PIX-main Esp-des esp-md5-hmacPIX-main Esp-des esp-md5-hmacDesEncryption
ShaHash
192.168.2.2Peer address
Test123Crypto isakmp key
Pre-share
1
Authentication
Crypto isakemp policy priority
DesEncryption
ShaHash
192.168.2.2Peer address
Test123Crypto isakmp key
Pre-share
1
Authentication
Crypto isakemp policy priority
outsideNameif
0security
192.168.1.1/24IP
e0Interface
outsideNameif
0security
192.168.1.1/24IP
e0Interface
outsideInterface
100Match address
PIX-mainTransform set
192.168.2.2
PIX-main-map
Peer
Crypto map
outsideInterface
100Match address
PIX-mainTransform set
192.168.2.2
PIX-main-map
Peer
Crypto map
Keys
Encryption (transform-set)
Mapping
ACL
192.168.1.1Crypto isakmp identity 192.168.1.1Crypto isakmp identity
nameif
IP
e2Interface
Security
nameif
IP
e2Interface
Security
102
Table 15 CLI for NAT.
Commands
pixfirewall# show route
inside 192.168.100.0 255.255.255.0 192.168.100.1 1 CONNECT static
dmz 192.168.50.0 255.255.255.0 192.168.50.1 1 CONNECT static
outside 192.168.1.0 255.255.255.0 192.168.1.1 1 CONNECT static
pixfirewall# show arp
inside 192.168.100.2 0001.6c81.644c
outside 192.168.1.2 0001.6c81.6226
pixfirewall# show xlate
1 in use, 1 most used
Global 192.168.1.99 Local 192.168.100.2
pixfirewall# show conn
1 in use, 1 most used
TCP out 192.168.1.2:80 in 192.168.100.2:1041 idle 0:00:12 Bytes 1250 flags UIO
pixfirewall# clear arp
pixfirewall# clear xlate
pixfirewall# show route
inside 192.168.100.0 255.255.255.0 192.168.100.1 1 CONNECT static
dmz 192.168.50.0 255.255.255.0 192.168.50.1 1 CONNECT static
103
outside 192.168.1.0 255.255.255.0 192.168.1.1 1 CONNECT static
PC100.2 open web page PC1.2 and PC1.3
pixfirewall# show arp
inside 192.168.100.2 0001.6c81.644c
outside 192.168.1.2 0001.6c81.6226
outside 192.168.1.3 0001.6c81.6704
pixfirewall# show xlate
1 in use, 1 most used
Global 192.168.1.99 Local 192.168.100.2
pixfirewall# show conn
2 in use, 2 most used
TCP out 192.168.1.2:80 in 192.168.100.2:1045 idle 0:00:56 Bytes 1250 flags UIO
TCP out 192.168.1.3:80 in 192.168.100.2:1047 idle 0:00:35 Bytes 1250 flags UIO
NAT SMD will look as follows;
104
Figure 21 NAT SMD diagram.
Considering several NMTs and SMDs, there are several exhibited advantages
from SMDs over NMTs which consist of:
Applicable to all network protocols and devices
One SMD can be equated to several CLI commands
Permit simultaneous interactions
Several device data display at one window
Permit hierarchical navigation of the network
Supports troubleshooting and configurations.
105
CHAPTER 10. RECOMMENDATION
Firstly, it’s clear from the major vendors critically analyzed in the thesis
concur that single layer of protection is not sufficient to prevent or protect CI from
attacks. Hence it is advisable that all major vendors to incorporate Defense in Depth
strategy of protection which constitute of several layers of protection.
Secondly, all the CIs should embrace CERT (Computer Emergency Response
Team) which will be able to alert the companies and vendors of the PCNs of the
vulnerabilities in their networks system so that they can patch up before they are
attacked. This will act as additional protection layer to the Defense in Depth strategy.
In addition it will aid in promotion of cooperation among clients in regard to IT and
PCN security, maintain statistics and incident, promote standards, regulations,
increase communication, public awareness of CIs issues, promote adoption of
relevant standards and support autonomous security audit competence.
Thirdly, ethical hacking to be recommended to check and ensure that PCNs
and IT network are really secure instead of assuming that they are safe while they are
not.
NB: It should be dealt with caution .The reason behind it is that, according to
(Duggan, David P., 2005) execution of ethical hacking on Industrial Control Systems
(ICS) could be a nightmare and should be done with utmost care. These systems were
designed and configured to regulate and automate some physical processes and
machines. In case of wrong command, a wrong action can occur leading huge waste,
equipment damage, injury, or even disaster or even fatalities. One need a thief to
106
catch another thief meaning that vendors may need to employ hackers to do the
ethical hacking and also act as security specialists.
Fourth, governments should unite to fight a common enemy by creating
common standards and regulations for CIs PCNs all over the world. For instance in
USA the standards and regulations are implemented in CIs but other countries such
Iran, Libya are isolated from the world and hence their CIs don’t meet the required
protection level. This will reduce vulnerabilities of the CIs all over the world.
Relevant government bodies to act as watch dog of the CIs to ensure recommended
security measures are implemented.
Fifth, Network management tools exhibited in the thesis can be put into use
and enhance PCN security and management. In addition SMDs if further developed
and customized can be a life savior for CI security industries.
107
CHAPTER 11. CONCLUSION
Ultimately all vendors agree PCNs security is the back bone of their business
and must be dealt highest priority and Defense in Depth is the way out. Even though
according to (Yokogawa B.,V, 2014) 100% secured Process Control Network is in
Utopia. Just imagine of dilemma that security and workability may not be in
symphony. Trade-offs may is a must twixt security and workability, and no one can
ensure that process control network systems will never get infected with a malware.
Moreover, even though secure process network systems can be established, this would
not avoid cyber-security troubles.
Never the less it is evident that SMDs if well configured and customized based
on network requirements can reduce the work load by making troubleshooting,
configuration and monitoring of network device easy and first. It is also evident that if
further combination of SMDs with existing NMTs if well configured they can
increase network security because less configuration errors will occur. The drawback
currently SMDs have not yet been commercialized and therefore they might be not
available for everyone to use. Further work and studies are required to commercialize
and customize SMDs.
Finally the vendors and governments need to stay up to date to the ever
evolving field of cyber security. One of the main problems with Cyber Security is that
the threats are constantly evolving in frequency and sophistication (Artur A., 2014).
Whilst guidelines may be adhered to, informed by best practices standard operating
procedures it can be concluded that threats may still exist in the real world of CIs
PCNs. Security experts agree that, given adequate time and resources, any system
108
even hardened, relatively segregated, industrial control systems can be penetrated by
determined external hackers or careless or disgruntled employees. However, clearly,
there are ways to reduce the risk to an acceptable level (as low as reasonably
practical) and to do so without compromising the basic functionality of the system
(Arc AG., 2014).
109
REFERENCES
[1] Alvaro A. C., S. A. (2008, 07 15). Research Challenges for the Security of
Control Systems. 1–10.
[2] Australian Gov. (Nov 2016). Critical Infrustructure Protection. In NOREA,
Process Control System and Network Security (p. 1). Pearth: NOREA.
[3] Bartal. Mayer.Nassim.& Wool. (November 2004). ACM Transactions on
Computer Systems (TOCS). novel firewall management toolkit Volume 22 Issue
4, 381–420.
[4] Brett B. (2016, April 29). Current Threats. Cyber Attacks Against Critical
Infrastructure Are No Longer Just Theories, 1–10.
[5] Changemanager. (2011, 01 27). Cyber Security for Industrial Control System.
Cyber Security for Industrial Control System, 1–5.
[6] Chee B., N. (2012). Designing Secure Network. Honeywell Ngai Designing
Secure Network, 25.
[7] Clarke, Richard A. (2008). “Your Government Failed You,”. “Your Government
Failed You,”, 292.
[8] Corporation, Lockheed M. (2015). CyberSecurity For the Oil &Gas Industry.
Definitive Guide to CyberSecurity For the Oil &Gas Industry, 1–26.
[9] David Wilkofsky, Arthur Gruen and Norman Eisenberg, “TIA’s 2014 – 2017
Market Review & Forecast” (Telecommunications Industry Association,
2014),
110
[10] http://test.tiaonline.org/resources/market-forecast
[11] DCSINT H., 1. (2006). Critical Infrastructure. Threats and Terrorism, 3–80.
[12] Dr. Samuel G. V. (2008, October 18th ). Joint Hearing, House of Representatives,
One Hundred Ninth. “SCADA Systems and the Terrorist Threat".
[13] Egan M., M. J. (2007, March). Anticipating Future Vulnerability:Defining
Characteristics of Increasingly Critical Infrastructure-like Systems. Contingency
and Crisis Management, 15(1), 4–17.
[14] Eric A.M.L., H. H. (2003). Critical Infrastructure Protection in The Netherlands.
In U. E. Gattiker (Ed.), EICAR Conference Best Paper Proceedings 2003 (pp. 1–
19). Netherlands: EICAR Denmark c/o TIM-World ApS.
[15] Eric B., D. L. (2007). Network Security. Security incidents and trends in, 1–5.
[16] Eric K. (2011). Industrial Network Securing Critical Infrastructure. (J. Broad,
Ed.) London: Elsevier.
[17] European C. (2013, 8 28). COMMISSION STAFF WORKING DOCUMENT. on
a new approach to the European Programme for Critical Infrastructure
Protection, 1–17.
[18] Fabio P. (2016). Process Control Network. Cyber-Security, 1–19.
[19] Furnell. (2005). Making security usable. Are things improving.
[20] Garamone J. (2012, October 11). Panetta Spells Out DOD Roles in Cyberdefense.
DOD News, p. 1.
111
[21] Gilbert J. (1995). The role of models and modelling in some narattive science.
The role of Models and Modelling.
[22] Government C. (2015, 12 01). Public Safety. Critical Infrustructure, 2–5.
[23] Honeywell P., S. (2016). Industrial Cyber Security Risk Manager. Industrial
Cyber Security Risk Manager, 5.
[24] Invensys. (2012). CISP CYBER SECURITY BEST PRACTICES. CISP CYBER
SECURITY BEST PRACTICES, 2.
[25] Invensys O, M. (2015). Invensys Cyber Security. Best Practices and Solutions,
15.
[26] Jared F. (2014, Feb 19). Security. Terrorist Attack Shows Vulnerability in Critical
Infrastructure.
[27] John M., P. P. (2004, oct 1). Critical Infrastructure and Key Assets. Definition
and Identification, 1–19.
[28] Kenneth M. (2016, May). Annual Briefing. Annual Briefing, 35.
[29] Kevin S. (2016). Cyber Security for Industrial Control Systems. Keeping Worms
and Viruses at Bay, 1–15.
[30] Loockheed M. (2015). definitive-guide-to-cybersecurity-for-oil-gas-industry.
Haddonfield, NJ: Lookheed Martin Cooporation.
[31] Maj. S. P. Kohli. G. & Murphy. G. ((2004).). State Models for Internetworking
Technologies. Frontiers in Education, 34th Annual Conference,. Savannah,
Georgia, USA.: Paper presented at the IEEE.
112
[32] Michelle H. (2016, July 11). Critical infrastructure threats and defenses evolve
together. Defining Cyber threat, 1–10.
[33] Mitnick Kevin D., S. W. (2005). Hacking Industrial Network. “The Art of
Intrusion", Chapter 8 and 9.
[34] Newark C.A. (2005). Risk Management Solutions. 1995 Kobe Earthquake 10-
year Retrospective, 1–6.
[35] Next G. (2016) Technology News
[36] Norea D.B. (2016). FACT SHEET. Process Control System and Network
Security, 1–6.
[37] Novel. (2017). Discovering ZENworks 11. Discovering ZENworks, 1–7.
[38] O’Rourke T.D. (2007). Spring 2007. (T. R. Briggs, Ed.) Critical
Infrastructure,Interdependencies,and Resilience, 1–8.
[39] Parfomak P.W. (2008). CRS Report for Congress"Vulnerability ofConcentrated
Critical Infrastructure. Background and Policy Options.
[40] Paquet, R. (1997). The risk of network and system management technology
investment. The risk of network and system management technology investment.
[41] Paul F., R. (2005). Zotob, PnP Worms Slam 13 DaimlerChrysler Plants. Zotob,
PnP Worms Slam 13 DaimlerChrysler Plants, 1–5.
[42] Paul R. (2014). Improving Network Security through Cyber - insurance. South
California: ProQuest.
113
[43] PHOENIX C. (2005). Innominate Security Technologies AG. Hacking the
Industrila Network, 1–14.
[44] Richard L Church, M. P. (2008). Identifying Critical Infrustructure. The Median
and Covering Facility Interdiction Problems, 94(3), 491–502.
[45] RISI. (2004). The Repository of Industrial Security Incident. two-viruses-cause-
near-miss-with-process-control-networks-pcn-in, 2.
[46] Rosslin J. R., M.-k. C.-s.-s.-c.-H. (2013). International Journal of Control and
Automation. Common Threats and Vulnerabilities of Critical, 1–6.
[47] Rubbin A.D. (1997). Web Security Source. Web Security Source.
[48] S.Shenoi. (2017). International Journal of critical Infrustructure Protection. 1.
[49] Security D.H. (2008). Introduction to Control Systems, Security for IT
Professionals.
[50] Security, U. D. (2016, October 14). Critical Infrusture Security. What is Critical
Infrustructure, 3.
[51] Sheikh M. A. (2017, 01 24). 12 steps to Li-Fi implementation. A light-fidelity
instrument communication network reduces hardwiring costs and mitigates
security risks, 1–3.
[52] Sidarth T. (2016). CYWARE. 3 Cyber Attacks that rocked Industrial Control
Systems, 2.
[53] Siemens G. (2014, Feb). Network Security. Industrial Security Answers For
Industry, 1–32.
114
[54] Sjoerd P., M. N. (2010). Process Control Network Security. In Comparing
frameworks to mitigate the specific threats to Process Control Networks (pp. 1-
64). Amsterdam: www.jbisa.nl.
[55] Sophos.com. (2017). Naked Security. Sophos.
[56] S. P. Maj. (2010). State Model Diagrams:. In A universal, model driven method
for network system configuration and management. Software Engineering for
Secure Systems: Industrial and Research Perspectives (pp. 192-210). H.
Mouratidis. Hershey, PA, IGI Global.
[57] Steven M. Rinaldi, J. P. (2004). Complex Networks. Critical Infrustructure
Ineterdependencies, 1–15.
[58] Susan S. (2007). Business Continuity and Disaster Recovery. Arizona:
ELSEVIER.
[59] Tino H. (2012, 02 09). Industrial Security. Industrial Security, 38.
[60] Trent N., J. B. (2008). Defense in cyberspace. Beating cyber threats that target
mesh networks, 4.
[61] W.D.Wilde and M.J.Warren, M. J. (2008). Australian Information Warfare and
Security. Visualisation of Critical Infrastructure Failure, 48.
[62] Wangdi Y., V. D. (2011, June). Critical Infrastructure Cyber Threat – A Case
Study. IJCSNS International Journal of Computer Science and Network S 20
ecurity, VOL.11 No.6, June 2011, 4.
115
[63] Warren M.J., W. W. (2008). Visualisation of Critical Infrastructure Failure.
Australian Information Warfare and Security Confrence (p. 63). Australia: Edith
Cowan University Resaerch Online.
[64] Wes I. (2008). Distributed Control Systems Vendors Respond to PAC Questions.
Distributed Control Systems Vendors Respond to PAC Questions, 2.
[65] Wikipedia. (2006). Critical Infrustructure. European Program For Critical
Infrustructure Protection.
[66] wikipedia.org. (2017). WannaCry_ransomware_attack#cite_note-10.
https://en.wikipedia.org.
[67] Yokogawa B.,V. (2014). Plant Network Security. How to defend your plant
against threat, 63.
[68] Zahid A., R. C. (2008). AUTOMATED ASSESSMENT OF COMPLIANCE
WITH SECURITY BEST PRACTICES. In S. S. Mauricio Papa, CRITICAL
INFRASTRUCTURE PROTECTION II (p. 173). Virginia, USA : Springer.