Professional Documents
Culture Documents
Operating SCADA Systems in Potential Risk Intrusion Network Environment and Risk Management
Operating SCADA Systems in Potential Risk Intrusion Network Environment and Risk Management
Operating SCADA Systems in Potential Risk Intrusion Network Environment and Risk Management
STANKOVSKI Mile,
Instruments in the field for sensing conditions such as water level, temperature,
pressure, power level , flow rate...
Field equipment such as motors, pumps, valves and conveyors
Remote terminal units or Programmable logic controllers
Wireless communication
GPRS
Radio communication
Optical cables
Cupper wires
Ethernet
ADSL
Host computers that act as the central point of monitoring and control.
supervise the process,
receive alarms,
review data and
exercise control.
This opening of SCADA systems to the internet has broth new treats like
internet intrusion, hacking, malware and so on.
◊ Ohio Davis-Besse Nuclear power plant safety monitoring system was offline
for 5-hours due to Slammer Worm in January 2003.
◊ In 2000, former employee Vitek Boden release a million litters of water into
the coastal waters of Queensland, Australia.
◊ In 2003, the east coast of America experienced a blackout, while not the
cause, many of the related systems were infected by the Blaster worm
◊ In 1997, a teenager breaks into NYNEX and cuts off Worcester Airport in
Massachusetts for 6 hours, affecting both air and ground
communications.
◊ The worm is designed to target only Siemens SCADA systems that are configured to
control and monitor specific industrial processes
◊ Israel and the United States or other Western nations, China, Jordan, and France are
other possibilities, and Siemens may have also participated
◊ There are speculation that the infection may have spread from USB drives belonging
to Russian contractors
Overview of Stuxnet hijacking communication between Step 7 software and a Siemens PLC
Affected countries
There are still discussions about who is responsible for this worm, specially of its origin
SCADA systems are no only system for control industrial and commercial
operations.
There are attractive targets for different kinds of attacks
Authorities are still reluctant to admit that the SCADA systems are becoming
attractive targets for:
malicious individuals,
belligerent nations,
terrorist groups,
curious hackers,
organization’s competitors.
Engineers still design these systems more towards proper functioning and
user friendly interface rather than to high level integrated security.
That is why the SCADA design engineers in recent years integrate the
security in the primary design of the SCADA systems.
Insider – The disgruntled worker who knows the system can be one of
the largest threats.
Hacker – Here the individual is an outsider who may be interested in
probing, intruding, or controlling a system because of the challenge.
Terrorist – This is the threat that distinguishes critical infrastructure
systems from most IT systems.
Pump Station
Redundant Gigabit Ethernet
Intake Fiber Optic Ring
1
WTP
Kratovo Intake 3
Pipeline
Lozovo
GPRS
Pipeline
Main SCADA center - Probistip Karbinci
WTP Probistip
Power Station
Zletovo 1
WTP Stip
Power Station
Zletovo 2
WTP Sv. Nikole
Power Station
Zletovo 3 WTP Lozovo
3U
Storage
Supervisory Display
MONITORING CENTER
ADSL
GPRS
Switch 1 Switch 2
Router
Firewall
Gigabit Ethernet Fiber Optic Ring 2 (WAN) Primary Control Center structure
Fiber-optic / Gigabit
Ethernet ring GPRS
Router/Firewall
As standard SIEMENS software for such systems in this case SIMATIC STEP 7,
WinCC and PCS 7 are used.
Main security risks that treat the normal operating of the Hydro-system
Zletovica SCADA are:
cyber treat,
hacker intrusion,
terrorist attack and
natural disaster.
We can group the cyber terrorism and the hacker treats in the same area
and design mechanisms that will prevent intrusion into the system from an
outsider.
The servers are password protected, known only by the administrator and
external access, such as DVDs, USB, is not allowed.
The work stations are also password protected with no external access
and uses logging and tracking of the users that access data into the system
An issue with firewalls applied to SCADA systems is that most firewalls do not
support handling of SCADA protocols.
Sending critical and crucial data through a public service is not safe at all!
The specifications for the configurations and types of encryption for the
Hydro-system Zletovica SCADA system cannot be presented due to
security reasons.
There is Security System integrated into the existing SCADA system, enabling
the security control of the control sites.
The security system monitors the doors, windows, presence of the people on
the control sites, as well as fire detection.
The PIR movement detectors, the door and windows sensors and fire alarm
sensors are used for the monitoring of the doors and windows on the
control sites, as well as the presence of the people in the monitored
premises.
Using the SCADA System for security reasons gives the possibility of real
time monitoring of the security issues.
The logs created and recorded on the SCADA Server enable the further
analysis of the security events, if necessary.
Card readers are installed on the control points sites, enabling the higher
level security and identification of the persons allowed to have access to
the control equipment installed in the control point buildings.
For integrated security in the SCADA systems, worst case scenario must
be implemented due to terrorist attack or natural catastrophes.
In the case of the SCADA system for the Hydro-system Zletovica, there
exists independent warning and alarm system.
Thanks…