Upload
horatio-harmon
View
216
Download
0
Tags:
Embed Size (px)
Citation preview
Cyber Security of SCADA Systems
TEAM:ANTHONY GEDWILLO (EE)JAMES PARROTT (CPRE)DAVID RYAN (CPRE)
CLIENT:DR. GOVINDARASU, IOWA STATE UNIVERSITY
Problem Statement
“Since the mid-1990’s, security experts have become increasingly concerned about the threat of malicious cyber att acks on the vital supervisory control and data acquisiti on (SCADA) systems used to monitor and manage our energy systems. Most SCADA system designs did not anti cipate the security threats posed by today ’s reliance on common soft ware and operati ng systems, public telecommunicati on networks, and the Internet.”
Operating Environment
User Interface Description
Our testbed will operate in a permanent locati on: Coover 3042.
Siemens Spectrum Power TG• This soft ware wil l
functi on as our Human-Machine Interface (HMI) for our SCADA Testbed
Functional RequirementsVirtualizati on
• Create a virtual ized platf orm that al lows network stack inspecti on.
• Create virtual ized images for RTUs, Control Center, fi rewal ls and Relays
• Virtual ized system should be scalable to provide more real isti c scenarios
Cyber Security• Produce report detai l ing security
vulnerabi l iti es of the system• Implement att acks discovered
during the vulnerabi l i ty assessmentPower System Integrati on
• Integrate DIgSILENT PowerFactory with SCADA test bed
• Power Simulati on should represent real world scenario
Non-Functional Requirements• Minimal confi gurati on on virtual image
deployment
• Images should have backups to prevent loss
• Att ack scenarios can be demonstrated without requiring detai led informati on on att ack functi onal ity
• Assessment shal l functi on as comprehensive documentati on on the security state of the system
• • All test equipment should functi on
correctly
• Power system should be represented in a manner that is easy to understand
Market Literature Survey
• Nati onal SCADA Test Bed (NSTB)
• North American Electricity and Reliabil ity Corporati on (NERC)• Criti cal Infrastructure Protecti on (CIP)
• United States Computer Emergency and Response Team (US-CERT)
Deliverables
A test bed that can be used both for demonstrati ons and for development of cyber security att acks.
• At least 15 nodes (Virtual and Physical Mixed)
• Cyber att acks we have created to demonstrate vulnerabil iti es
Resource Requirements
Personnel 500-600 hours $10,000-$12,000 Hardware Virtualization Server(?) $3000-$10,000SIPROTEC 4 7SJ61 Relay s $0SCALANCE S612 Security Module $0 Software Spectrum Power TG SCADA/EMS (HMI) $0SICAM PAS v6.00 (RTU) $0DIGSI (Relay Configuration) $0DIgSILENT PowerFactory (Power Flow) $0VmWare ESXi $0NMap $0Wireshark $0BackTrack Linux $0 Total $13,100-$22,200
Risks and Mitigation
Risks• Equipment Malfuncti on• Breaking the testbed:
- Improper Usage -Successful Att ack
Miti gati on:• Read the provided manuals• System Confi gurati on Back-Up
SCADA System with
Poor SecurityImprovement
Cycle
SCADA System with
Improved Security
System Configuration and Improvement
Vulnerability AssessmentAttack Scenario
Functional Decomposition•Our goal is to improve the cyber security of Supervisory Control and Data Acquisiti on (SCADA) systems
•We will construct a testbed that mimics a SCADA system
•We will be able to run “Improvement Cycles” on the system so a bett er understanding of its cyber security fl aws can be gained
Virtualization Design• Virtual RTUs and virtual relays will be installed on the
virtual machines.• These virtual machines will reside on the VmWare Server• These virtual machines will be connected to the SCADA
testbed• The virtual RTUs will communicate with the control center
over ethernet behind a physical SCALANCE or virtual firewall
Power Flow Simulation Design
DIgSilent PowerFactory
(OPC Client)
Virtal and Real SICAM PAS
(OPC DA Server)
Virtualized and Real Relays
Siemens Spectrum Power
TG (HMI)
OPC := OLE for Process ControlOLE := Object Linking and Embedding
Cyber Security Design• Will use vulnerability scanners to scan for potential
vulnerabilities• Document and assess this vulnerabilities for potential
attack• Implement an attack to exploit vulnerability,
documenting outcomes• Write a report with detail about vulnerabilities,
attacks and potential fixes.
Our SCADA network test bed consists of a few key pieces of hardware and software: • Hardware • Siemens SCALANCE S612 Security Module • Siemens SIPROTEC 4 7SJ61 Relay (Sensor)
• Software • Siemens Spectrum Power TG SCADA/EMS (HMI) • Siemens SICAM PAS v6.00 (RTU) • Siemens DIGSI (Software for SIPROTEC Protection
Relays) • VmWare ESXi 4.1• Nessus • Other Vulnerability Assessment Software
Software and Hardware Used
1. Validate the System– Eliminate any incorrect assumptions
2. Document Running Services– Evaluate possible network entry point into each
device– Check for glaring security holes (Open webserver,
mail server, etc.)3. Document Well-Known Vulnerabilities– Check for popular exploit opportunities (Windows,
Adobe Reader, Flash)
Vulnerability Assessment Test Plan
4. Document Implementation Specific Vulnerabilities– Vulnerabilities specific lab equipment and software
5. Attack Implementation– Implement Attack– Document Attack Procedure
6. Produce Report– Existing Vulnerabilities– Possible Impact– Possible Countermeasures
Vulnerability Assessment Test Plan
Prototype Implementations and Results• Delphin-Informatika IEC 61850 Simulator– Software Solution for use a virtual relay– Design for use with SICAM PAS and SIPROTEC Relays– Trial license; limited functionality; expensive– End result: chose to use another software solution
• Siemens Spectrum Power TG DTS– Dispatcher Training Simulator– Desired to have DTS read real time data points and update power flow
solution in real time– Siemens support period expired, bad/no documentation– End Result: Chose to use DIgSILENT PowerFactory instead
Current Project Status
Power Flow Simulation
Tony
• Create 9-Bus test case on DIgSilent (NOV 2010)
• Configure DIgSilent with OPC connectivity (FEB
2011)
• Expand Power System to 15 Busses (MAR 2011)
• Develop Display for testbed (OPTIONAL)
VirtualizationJames
• Setup virtual host and install virtual machines
• Setup a virtual RTU and connect to HMI
• Setup a virtual relay that can connect to RTU (FEB
2011)
• Create multiple substations in testbed
(MAR 2011)
Cyber AttacksDavid
• Port scan all devices
• Document services running on each port
• Search for well-known network/server side vulnerabilities
• Search for well-known client software vulnerabilities
• Search for lab-specific vulnerabilities (CONTINUAL)
• Create attacks for significant vulnerabilities (CONTINUAL)
• Analyze impact of attacks on system (CONTINUAL)
Plan for Next Semester• Virtualization• Need to finish implementing the virtual relay
simulator and connect it to system.• Work on implementing multiple virtual substations
into system• Create easy deployments for substations
• Power Flow Simulation• Configure DigSilent to integrate with testbed• Test out real world scenarios
• Cyber Attacks• Implement attacks against vulnerabilities• Document findings