Professional Documents
Culture Documents
SCADA System Component and Function
SCADA System Component and Function
PSTI\SDP\AD
Supervisory Control and Data
Acquisition (SCADA)
General Definition
PSTI\SDP\AD
Secure SCADA and beyond
v We think that there is a great deal to be done in
terms of operationalizing secure versions of
SCADA (Supervisory Control And Data
Acquisition) and DCS (Digital Control Systems) for
the infrastructures considered, especially power,
natural gas, chemical and process control, etc.
v However, the sense was that this infrastructure was
going to be gradually replaced by networked
embedded devices (possibly wireless) as
computing and communication devices become
more user friendly and prevalent. Thus, the major
research recommendations were for an area that
we named Secure Networked Embedded
Systems (SENSE).
PSTI\SDP\AD
SCADA of the Future
® Current SCADA
® Closed systems, limited coordination, unprotected
cyber-infrastructure
® Local, limited adaptation (parametric), manual control
® Static, centralized structure
® Future requirements
® Decentralized, secure open systems (peer-to-peer,
mutable hierarchies of operation)
® Direct support for coordinated control, authority
restriction
® Trusted, automated reconfiguration
® Isolate drop-outs, limit cascading failure, manage
regions under attack
® Enable re-entry upon recovery to normal
operation
® Coordinate degraded, recovery modes
PSTI\SDP\AD
Layers of Secure Network Embedded Systems
® Network and Routing Layer
® Attacks: neglect and greed, homing, misdirection, black
holes
® Defenses: redundancy, probing, encryption, egress
filtering, authorization, monitoring, authorization,
monitoring, redundancy
® Transport Layer
® Attacks: flooding, desynchronization
® Defenses: client puzzles, authentication
® Embedded System/Application Layer
® Attacks: insider misuse, unprotected operations,
resource overload attacks, distributed service
disruption
® Defenses: authority management (operator
authentication, role-based control authorization),
secure resource management, secure application
distribution services
PSTI\SDP\AD
Is the SCADA Cyber threat
real?
The threat is real and proven:
® A disgruntled ex-employee used a port scan and ping-sweep program to
identify active system ports and network IP addresses belonging to an
oil company. On finding an active connection and an open port, he
initiated communication using various software tools downloaded from
the Internet. He subsequently issued instructions to the remote system
and deleted sensitive system related to process control flow.
PSTI\SDP\AD
Is the SCADA Cyber threat
real?
In August 2003, the Nuclear Regulatory
Commission confirmed that in January
2003, the Microsoft SQL Server worm
known as Slammer—infected a private
computer network at the Davis-Besse
nuclear power plant in Oak Harbor, Ohio,
disabling a safety monitoring system for
nearly 5 hours. – Note: the plant was off-
line at the time.
PSTI\SDP\AD
The Bad News
Difficulty in
Time & Money
Hacking a
System
PSTI\SDP\AD
Source : http://standeyo.com/News_Files/NBC/Terrorist_cells.html
Terrorist Cells in
the US
Updated September 3, 2003
PSTI\SDP\AD
Cyber Trends
Overview of Attack Trends
firewalls
IPP (the Internet Printing Protocol) and
WebDAV (Web-based Distributed
Authoring and Versioning)
· ActiveX controls, Java, and JavaScript .
SCADA is susceptible to all the IT threats because of enterprise integration
(See
http://www.cert.org/reports/activeX_report.pd
f.)
PSTI\SDP\AD
Policy vs. Cyber Attacks
® “Sound policy is a core element of the cyber security management
system. Without it, extensive implementations of routers, firewalls
and intrusion detection systems are misguided..”
® 80% of attacks show weakness in internal processes
® Unauthorized modems
® Disgruntled employee
® You hired a terrorist
® Unauthorized access
® In-sufficient attention to security (leave the door open)
® Security assessment is viewed as a one-time-event that lacks a
metric to allow comparison over time nor assess readiness
® Initial vigilance degrades over time
® Doesn’t keep up with changing cyber threats
PSTI\SDP\AD
Needed SCADA R&D
Modeling and Analysis:
PSTI\SDP\AD
Thank You
By
SANJAY D. PATIL
Assistant Director
NPTI
PSTI\SDP\AD