Upload
triage
View
99
Download
6
Tags:
Embed Size (px)
DESCRIPTION
Cyber Security of SCADA Systems. Team: Anthony Gedwillo (EE) James Parrott (CPrE) David Ryan (CPrE) Client: Dr. Govindarasu, Iowa State University. What is a SCADA System?. SCADA stands for “Supervisory Control and Data Acquisition” - PowerPoint PPT Presentation
Citation preview
Cyber Security of SCADA Systems
TEAM:ANTHONY GEDWILLO (EE)JAMES PARROTT (CPRE)DAVID RYAN (CPRE)
CLIENT:DR. GOVINDARASU, IOWA STATE UNIVERSITY
What is a SCADA System?• SCADA stands for “Supervisory
Control and Data Acquisition”
• SCADA systems control our nation’s vital infrastructure, including Power Transmission and Distribution, Oil , Gas, and Water
• SCADA Systems act as the brain and nerves for the systems they control. They sense, process (think), and send commands
Problem Statement• Supervisory control and data
acquisition (SCADA) systems are vital parts of our nation’s infrastructure, and the security of these systems is a top priority. However, there is a shortage of adequate research environments for modeling and testing SCADA systems.
Our Solution
Test Bed FunctionalitySCADA
System with Poor Security
Improvement Cycle
SCADA System with
Improved Security
System Configuration
and Improvement
Vulnerability AssessmentAttack Scenario
Concept Diagram
Operating Environment/Intended Usage
• Coover Hall – Room 3042
• Demonstrations
• Research
Functional Requirements-Virtualization
• Create a virtualized platform that allows network stack inspection.
• Create virtualized machines for RTUs and Relays
• Virtualized system should be scalable to provide more realistic scenarios
Functional Requirements-Cyber Security
• Vulnerability assessment / Report
• Cyber attack implementation
• Denial of Service• Invalid Data• Information Theft
Functional Requirements-Power System Integration
• Integrate DIgSILENT PowerFactory into current test bed
• Configure DIgSILENT for real time power flow simulation
Non-Functional Requirements• Minimal configuration on virtual
image deployment
• Images should have backups to prevent loss
• Attack scenarios can be demonstrated without requiring detailed information on attack functionality
• Power flow system should be easily interpreted
Implemented Design - Virtualization
Implememted Design – Power Flow
Google Earth
Cyber Security Vulnerability Assessment
• Validate the system
• Document running services
• Document well-known software vulnerabilities
• Search for implementation vulnerabilities
• Attack Implementation
• Produce Report
Attack Implementation• Man in the Middle attacks
• Intercept and drop command packets
• Ettercap Issues
• Modified packet sniffer
• Intercept and return fake confirmation
• Denial of Service attacks
Virtualization /Power Flow / Cyber Security Testing
Current Test Bed Status
Questions?
Technical Approach Consideration and Results
• Virtual hypervisor software selection• VmWare Server• VmWare ESX• Citrix XenServer• Microsoft HyperV
• Relay Virtualization software selection• Delphin-Informatika IEC 61850 Simulator• SISCO AX-S4 MMS• SystemCORP IEC61850 DLL• Matrikon OPC Server
Technical Approach Consideration and Results
• Power system simulation software selection• Siemens Spectrum Power TG (DTS)• DIgSILENT PowerFactory• Power World
• Cyber attack/security software selection• Nessus Security Scanner• Various open-source tools