security of scada systems and challenges to national critical … · 2016-11-05 · introduction...
TRANSCRIPT
![Page 1: Security of SCADA Systems and Challenges to National Critical … · 2016-11-05 · Introduction SCADA Security Concerns Facts & Figures Incidents & Scenarios Solutions, Controls](https://reader034.vdocument.in/reader034/viewer/2022042804/5f5110f63f2aa508fa762a5d/html5/thumbnails/1.jpg)
Security of SCADA Systems and Challenges to
National Critical Infrastructure
![Page 2: Security of SCADA Systems and Challenges to National Critical … · 2016-11-05 · Introduction SCADA Security Concerns Facts & Figures Incidents & Scenarios Solutions, Controls](https://reader034.vdocument.in/reader034/viewer/2022042804/5f5110f63f2aa508fa762a5d/html5/thumbnails/2.jpg)
Introduction
SCADA Security Concerns
Facts & Figures
Incidents & Scenarios
Solutions, Controls & Effectiveness
Summary
![Page 3: Security of SCADA Systems and Challenges to National Critical … · 2016-11-05 · Introduction SCADA Security Concerns Facts & Figures Incidents & Scenarios Solutions, Controls](https://reader034.vdocument.in/reader034/viewer/2022042804/5f5110f63f2aa508fa762a5d/html5/thumbnails/3.jpg)
What is SCADA?
The Fuel in your Car
Traffic Lights
The Water at your Home
The Power at Your Home
The Water goes from your home
![Page 4: Security of SCADA Systems and Challenges to National Critical … · 2016-11-05 · Introduction SCADA Security Concerns Facts & Figures Incidents & Scenarios Solutions, Controls](https://reader034.vdocument.in/reader034/viewer/2022042804/5f5110f63f2aa508fa762a5d/html5/thumbnails/4.jpg)
A bit More details…
Supervisory Control And Data Acquisition.
• It generally refers to Industrial Control Systems (ICS):
“Computer systems that monitor and control industrial, infrastructure, or
facility-based processes”
• Used to control and monitor physical processes
• Transmission of electricity
• Transportation of gas and oil in pipelines,
• Water distribution, traffic lights, and other systems
• HVAC etc.
![Page 5: Security of SCADA Systems and Challenges to National Critical … · 2016-11-05 · Introduction SCADA Security Concerns Facts & Figures Incidents & Scenarios Solutions, Controls](https://reader034.vdocument.in/reader034/viewer/2022042804/5f5110f63f2aa508fa762a5d/html5/thumbnails/5.jpg)
Components - SCADA
• Master Terminal
• Human Machine Interactions
• Remote Terminal Unit
• Communication protocols
![Page 6: Security of SCADA Systems and Challenges to National Critical … · 2016-11-05 · Introduction SCADA Security Concerns Facts & Figures Incidents & Scenarios Solutions, Controls](https://reader034.vdocument.in/reader034/viewer/2022042804/5f5110f63f2aa508fa762a5d/html5/thumbnails/6.jpg)
SCADA Network - Sample
![Page 7: Security of SCADA Systems and Challenges to National Critical … · 2016-11-05 · Introduction SCADA Security Concerns Facts & Figures Incidents & Scenarios Solutions, Controls](https://reader034.vdocument.in/reader034/viewer/2022042804/5f5110f63f2aa508fa762a5d/html5/thumbnails/7.jpg)
SCADA Security Concerns
• Basic/no security on the actual packet control protocol
• Organizations assume that VPN is sufficient protection
and forget physical access to SCADA-related network
jacks and switches
• Unauthorized access to the control software, human or
virus infections and other software threats residing
• Packet access to the network hosting SCADA devices.
![Page 8: Security of SCADA Systems and Challenges to National Critical … · 2016-11-05 · Introduction SCADA Security Concerns Facts & Figures Incidents & Scenarios Solutions, Controls](https://reader034.vdocument.in/reader034/viewer/2022042804/5f5110f63f2aa508fa762a5d/html5/thumbnails/8.jpg)
Facts
• Outsiders can gain control -via cyber space
• Lead to major destruction/disturbance
• Require No highly sophisticated tools or knowledge
• Gap between control networks and Internet -?
• Systems are not too complex for outsiders
![Page 9: Security of SCADA Systems and Challenges to National Critical … · 2016-11-05 · Introduction SCADA Security Concerns Facts & Figures Incidents & Scenarios Solutions, Controls](https://reader034.vdocument.in/reader034/viewer/2022042804/5f5110f63f2aa508fa762a5d/html5/thumbnails/9.jpg)
Facts
• No Authentication
• No Patching
• Internet connectivity
![Page 10: Security of SCADA Systems and Challenges to National Critical … · 2016-11-05 · Introduction SCADA Security Concerns Facts & Figures Incidents & Scenarios Solutions, Controls](https://reader034.vdocument.in/reader034/viewer/2022042804/5f5110f63f2aa508fa762a5d/html5/thumbnails/10.jpg)
Some Scenarios
• Wi-fi at Power Plant
• Oil production network not separate from
corporate network
• Backend network is connected to Internet
• Product information available on Internet
• No Audit trails (common user accounts)
• Modems
![Page 11: Security of SCADA Systems and Challenges to National Critical … · 2016-11-05 · Introduction SCADA Security Concerns Facts & Figures Incidents & Scenarios Solutions, Controls](https://reader034.vdocument.in/reader034/viewer/2022042804/5f5110f63f2aa508fa762a5d/html5/thumbnails/11.jpg)
Incidents • In 2006, hacker seized control of water treatment facility SCADA
system in Australia
• In June 2010, VirusBlokAda attacks SCADA (Siemens WinCC/PCS7
systems) on Windows
• Called Stuxnet, logs in to the SCADA's database and steals design
and control files
• The malware is also capable of changing the control system and
hiding those changes.
• Flame
• Dragon Fly – Russian hackers targeted European
• June 2014 – Havex (stuxnet type) targeted European power systems
![Page 12: Security of SCADA Systems and Challenges to National Critical … · 2016-11-05 · Introduction SCADA Security Concerns Facts & Figures Incidents & Scenarios Solutions, Controls](https://reader034.vdocument.in/reader034/viewer/2022042804/5f5110f63f2aa508fa762a5d/html5/thumbnails/12.jpg)
Legacy Hardware/Software/Protocols.
Challenges
01
02
03
04
05
Complex Systems
Multiple/Diverse Access
Points
Need to connect Corporate N/W
Lack of concern about security and
authentication.
![Page 13: Security of SCADA Systems and Challenges to National Critical … · 2016-11-05 · Introduction SCADA Security Concerns Facts & Figures Incidents & Scenarios Solutions, Controls](https://reader034.vdocument.in/reader034/viewer/2022042804/5f5110f63f2aa508fa762a5d/html5/thumbnails/13.jpg)
![Page 14: Security of SCADA Systems and Challenges to National Critical … · 2016-11-05 · Introduction SCADA Security Concerns Facts & Figures Incidents & Scenarios Solutions, Controls](https://reader034.vdocument.in/reader034/viewer/2022042804/5f5110f63f2aa508fa762a5d/html5/thumbnails/14.jpg)
GOALS
Availability Authenticity Confidentiality Integrity
![Page 15: Security of SCADA Systems and Challenges to National Critical … · 2016-11-05 · Introduction SCADA Security Concerns Facts & Figures Incidents & Scenarios Solutions, Controls](https://reader034.vdocument.in/reader034/viewer/2022042804/5f5110f63f2aa508fa762a5d/html5/thumbnails/15.jpg)
Standards/Best Practices
• ISO 27001
• NIST
• ISF (Information Security Forum)
• ADSIC
• Dubai Govt. Information Security Std.
![Page 16: Security of SCADA Systems and Challenges to National Critical … · 2016-11-05 · Introduction SCADA Security Concerns Facts & Figures Incidents & Scenarios Solutions, Controls](https://reader034.vdocument.in/reader034/viewer/2022042804/5f5110f63f2aa508fa762a5d/html5/thumbnails/16.jpg)
Adopt a Framework
ISO 27001, NIST, etc.
Carry Out a Risk Assessment
Identify the threats, vulnerabilities,
risks etc.
Determine the controls required in
terms of technical, process, people
elements
Implement the Controls
Design and Implement the relevant
controls based on priorities, that are
defined as per the criticality.
Monitor and Improve
Ensure the continuous monitoring
of the SCADA/ICS systems &
security
Identify and implement relevant
improvements.
ICS/SCADA Security
Roadmap
![Page 17: Security of SCADA Systems and Challenges to National Critical … · 2016-11-05 · Introduction SCADA Security Concerns Facts & Figures Incidents & Scenarios Solutions, Controls](https://reader034.vdocument.in/reader034/viewer/2022042804/5f5110f63f2aa508fa762a5d/html5/thumbnails/17.jpg)
Security in Total Data – Encryption, Access Control
Physical – Locks, Physical access controls
Applications – WAF, Strong Architecture
Perimeter – F/W, IPS/IDS, Data Diodes
Host – Whitelists, HIDS, Central Logs
Internal N/W – VLANs, IDS
![Page 18: Security of SCADA Systems and Challenges to National Critical … · 2016-11-05 · Introduction SCADA Security Concerns Facts & Figures Incidents & Scenarios Solutions, Controls](https://reader034.vdocument.in/reader034/viewer/2022042804/5f5110f63f2aa508fa762a5d/html5/thumbnails/18.jpg)
Security Levels
![Page 19: Security of SCADA Systems and Challenges to National Critical … · 2016-11-05 · Introduction SCADA Security Concerns Facts & Figures Incidents & Scenarios Solutions, Controls](https://reader034.vdocument.in/reader034/viewer/2022042804/5f5110f63f2aa508fa762a5d/html5/thumbnails/19.jpg)
Framework
• Information Security Strategy
• Security policy
• Organization of information security
• Asset management
• Human resources security –
awareness, compliance
• Physical and environmental security
![Page 20: Security of SCADA Systems and Challenges to National Critical … · 2016-11-05 · Introduction SCADA Security Concerns Facts & Figures Incidents & Scenarios Solutions, Controls](https://reader034.vdocument.in/reader034/viewer/2022042804/5f5110f63f2aa508fa762a5d/html5/thumbnails/20.jpg)
Framework – Contd.
• Communications and operations management
• Access control
• Information systems acquisition, development
and maintenance
• Information security incident management
• Business continuity management, and
• Regulatory compliance
![Page 21: Security of SCADA Systems and Challenges to National Critical … · 2016-11-05 · Introduction SCADA Security Concerns Facts & Figures Incidents & Scenarios Solutions, Controls](https://reader034.vdocument.in/reader034/viewer/2022042804/5f5110f63f2aa508fa762a5d/html5/thumbnails/21.jpg)
Control Details
• Holistic Approach
• Good Governance
• Control of SCADA Infrastructure
• Tools to allow them to identify threats, respond and
expedite forensic analysis in real time.
• Continuous monitoring of all log data generated by
IT system – base line and anomalies
![Page 22: Security of SCADA Systems and Challenges to National Critical … · 2016-11-05 · Introduction SCADA Security Concerns Facts & Figures Incidents & Scenarios Solutions, Controls](https://reader034.vdocument.in/reader034/viewer/2022042804/5f5110f63f2aa508fa762a5d/html5/thumbnails/22.jpg)
Control Details
• Network Access Control
• Timely intelligence of a cyber attack
– From discovery to full remediation
• Ensure granular controls
• Protect un-patchable critical assets from cyber threats
• Reduce incident reporting time and corrective actions
![Page 23: Security of SCADA Systems and Challenges to National Critical … · 2016-11-05 · Introduction SCADA Security Concerns Facts & Figures Incidents & Scenarios Solutions, Controls](https://reader034.vdocument.in/reader034/viewer/2022042804/5f5110f63f2aa508fa762a5d/html5/thumbnails/23.jpg)
Control Details
• Link redundancy also important for communication
continuity.
• Security of the data over the links/modems
• PCs used for monitoring and control and with
Internet access and external drive access – virus,
leakage of information.
• SCADA protocol security.
• Ensure security in Polling data from Remote Unit
by the master station.
![Page 24: Security of SCADA Systems and Challenges to National Critical … · 2016-11-05 · Introduction SCADA Security Concerns Facts & Figures Incidents & Scenarios Solutions, Controls](https://reader034.vdocument.in/reader034/viewer/2022042804/5f5110f63f2aa508fa762a5d/html5/thumbnails/24.jpg)
Control Details
• SCADA protocols are extended to work
even over TCP/IP- So Internet?
• Integrate Security Plan the infrastructure
development stage
• Endpoint-to-endpoint authentication and
authorization -SSL or other cryptographic
techniques.
![Page 25: Security of SCADA Systems and Challenges to National Critical … · 2016-11-05 · Introduction SCADA Security Concerns Facts & Figures Incidents & Scenarios Solutions, Controls](https://reader034.vdocument.in/reader034/viewer/2022042804/5f5110f63f2aa508fa762a5d/html5/thumbnails/25.jpg)
Control Details
• Network Level Monitoring
• IDS (Intrusion Detection System)
• Integration of cyber and physical security responses
• Design/Configuration that enables digital evidence
retention
• Complementing the existing status with ex-post analysis
experiences
![Page 26: Security of SCADA Systems and Challenges to National Critical … · 2016-11-05 · Introduction SCADA Security Concerns Facts & Figures Incidents & Scenarios Solutions, Controls](https://reader034.vdocument.in/reader034/viewer/2022042804/5f5110f63f2aa508fa762a5d/html5/thumbnails/26.jpg)
Control Details
• Role based access Control
• Review of access rights
• Good design of the network from beginning - including
physical & environmental
• Secure coding practice
• Co-operation of all the business sections by projecting
security as a business enabler
• Address proactively and based on root cause analysis
![Page 27: Security of SCADA Systems and Challenges to National Critical … · 2016-11-05 · Introduction SCADA Security Concerns Facts & Figures Incidents & Scenarios Solutions, Controls](https://reader034.vdocument.in/reader034/viewer/2022042804/5f5110f63f2aa508fa762a5d/html5/thumbnails/27.jpg)
Control Details
• Specialized industrial firewall and VPN solutions for
TCP/IP-based SCADA networks.
• Application white listing solutions
• Also, the ISA Security Compliance Institute (ISCI) is
emerging to formalize SCADA security testing starting
soon.
![Page 28: Security of SCADA Systems and Challenges to National Critical … · 2016-11-05 · Introduction SCADA Security Concerns Facts & Figures Incidents & Scenarios Solutions, Controls](https://reader034.vdocument.in/reader034/viewer/2022042804/5f5110f63f2aa508fa762a5d/html5/thumbnails/28.jpg)
Control Details
• Ex-Post Incident analysis
– Identify the actual target
– Actual goal
– Vulnerabilities
– Possible data theft
![Page 29: Security of SCADA Systems and Challenges to National Critical … · 2016-11-05 · Introduction SCADA Security Concerns Facts & Figures Incidents & Scenarios Solutions, Controls](https://reader034.vdocument.in/reader034/viewer/2022042804/5f5110f63f2aa508fa762a5d/html5/thumbnails/29.jpg)
Why things go Wrong Still? • No Planning of security from beginning
• New targeted attacks
• Reactive Controls instead of Proactive
• Lack of commitment – Management & Staff, Human error
• Not enough coordination between organizations,
government agencies, ISPs – Lack of TEAM WORK?
![Page 30: Security of SCADA Systems and Challenges to National Critical … · 2016-11-05 · Introduction SCADA Security Concerns Facts & Figures Incidents & Scenarios Solutions, Controls](https://reader034.vdocument.in/reader034/viewer/2022042804/5f5110f63f2aa508fa762a5d/html5/thumbnails/30.jpg)
Can we achieve 100% security?
• Opportunity and number of cases can be reduce
• Impact could be contained, limited – Minimize losses.
• Save Reputation, by effective and quick actions.
• Business can be continued at the earliest!
![Page 31: Security of SCADA Systems and Challenges to National Critical … · 2016-11-05 · Introduction SCADA Security Concerns Facts & Figures Incidents & Scenarios Solutions, Controls](https://reader034.vdocument.in/reader034/viewer/2022042804/5f5110f63f2aa508fa762a5d/html5/thumbnails/31.jpg)
In Short! • Comprehensive policy framework with
adequate compliance
• Regular Risk Assessment & Treatment
• Penetration test with business relevant
threat (Extrusion testing)
• Effective Security awareness programs
![Page 32: Security of SCADA Systems and Challenges to National Critical … · 2016-11-05 · Introduction SCADA Security Concerns Facts & Figures Incidents & Scenarios Solutions, Controls](https://reader034.vdocument.in/reader034/viewer/2022042804/5f5110f63f2aa508fa762a5d/html5/thumbnails/32.jpg)
Summary
Final Word Consider the security of SCADA – Not less
but more than corporate network
Trends
SANS Survey 2014 - increase in
vulnerabilities and threats
Problem
• Connectivity of Critical infrastructure/SCADA to
Corporate network/Internet
• Targeted attacks
• Financial gains
• Politics, terrorism
Future
• Secure Operating System for SCADA
• Considering SCADA network like any
other network – in security aspect
• Back doors should be completed
controlled
• DMZ between SCADA network and
Corporate network
Solutions
• Adopt a Frame work
• Carry out risk assessment
• Ensure right processes
• Deploy adequate technology
• Enhance the awareness
![Page 33: Security of SCADA Systems and Challenges to National Critical … · 2016-11-05 · Introduction SCADA Security Concerns Facts & Figures Incidents & Scenarios Solutions, Controls](https://reader034.vdocument.in/reader034/viewer/2022042804/5f5110f63f2aa508fa762a5d/html5/thumbnails/33.jpg)
Thank You !