Cyber Security of SCADA Systems

TEAM:ANTHONY GEDWILLO (EE)JAMES PARROTT (CPRE)DAVID RYAN (CPRE)

CLIENT:DR. GOVINDARASU, IOWA STATE UNIVERSITY

What is a SCADA System?• SCADA stands for “Supervisory

Control and Data Acquisition”

• SCADA systems control our nation’s vital infrastructure, including Power Transmission and Distribution, Oil , Gas, and Water

• SCADA Systems act as the brain and nerves for the systems they control. They sense, process (think), and send commands

Problem Statement• Supervisory control and data

acquisition (SCADA) systems are vital parts of our nation’s infrastructure, and the security of these systems is a top priority. However, there is a shortage of adequate research environments for modeling and testing SCADA systems.

Our Solution

Test Bed FunctionalitySCADA

System with Poor Security

Improvement Cycle

SCADA System with

Improved Security

System Configuration

and Improvement

Vulnerability AssessmentAttack Scenario

Concept Diagram

Operating Environment/Intended Usage

• Coover Hall – Room 3042

• Demonstrations

• Research

Functional Requirements-Virtualization

• Create a virtualized platform that allows network stack inspection.

• Create virtualized machines for RTUs and Relays

• Virtualized system should be scalable to provide more realistic scenarios

Functional Requirements-Cyber Security

• Vulnerability assessment / Report

• Cyber attack implementation

• Denial of Service• Invalid Data• Information Theft

Functional Requirements-Power System Integration

• Integrate DIgSILENT PowerFactory into current test bed

• Configure DIgSILENT for real time power flow simulation

Non-Functional Requirements• Minimal configuration on virtual

image deployment

• Images should have backups to prevent loss

• Attack scenarios can be demonstrated without requiring detailed information on attack functionality

• Power flow system should be easily interpreted

Implemented Design - Virtualization

Implememted Design – Power Flow

Google Earth

Cyber Security Vulnerability Assessment

• Validate the system

• Document running services

• Document well-known software vulnerabilities

• Search for implementation vulnerabilities

• Attack Implementation

• Produce Report

Attack Implementation• Man in the Middle attacks

• Intercept and drop command packets

• Ettercap Issues

• Modified packet sniffer

• Intercept and return fake confirmation

• Denial of Service attacks

Virtualization /Power Flow / Cyber Security Testing

Current Test Bed Status

Questions?

Technical Approach Consideration and Results

• Virtual hypervisor software selection• VmWare Server• VmWare ESX• Citrix XenServer• Microsoft HyperV

• Relay Virtualization software selection• Delphin-Informatika IEC 61850 Simulator• SISCO AX-S4 MMS• SystemCORP IEC61850 DLL• Matrikon OPC Server

Technical Approach Consideration and Results

• Power system simulation software selection• Siemens Spectrum Power TG (DTS)• DIgSILENT PowerFactory• Power World

• Cyber attack/security software selection• Nessus Security Scanner• Various open-source tools