13 Nov 2007
National & Homeland Security Critical Infrastructure Protection/ResilienceNational Association of Regulatory Utility Commissioners Annual Meeting
Critical Infrastructure Protection & Resilience
Rita Wells
INL Critical Infrastructure Protection Test Beds
Power Grid Test Bed
Physical Security Test Bed
Training and ExercisesWireless Test Bed
Protecting the Nation’s Infrastructure
Contraband Test Bed
SCADA Test Bed
UAV Test Bed
2
Cyber Test Bed
Multi-laboratory-INL involved with NSTB since FY04
Vision Work with industry to make control
system security an integral part of business operations
NSTB ProductsAssessment reports to vendors or asset
owners Outreach and Training – 1,600 trained
NERC Certified CoursesInput into DHS NCSD CSSP productsUpdate status on Roadmap to Secure
Control Systems in the Energy SectorSanitized assessment results
National SCADA Test Bed – Office of Electricity Delivery and Energy Reliability (DOE-OE)
www.inl.gov/scada
Control System Security ProgramDepartment of Homeland SecurityCyber Security & Telecommunications National Cyber Security Division
Reduce Cyber Risk to Critical Infrastructure Control Systems
Goal
Key Objectives
Situational Awareness
Risk Reduction Products
Government
Industry
Academia
Outreach and Awareness
Technology Assessments
Scenario Development
Vulnerability and Threat
InternationalIncident Analysisand Response
Provide Guidance
Develop Partnerships
Prepare and Respond
Established June 04
www.us-cert.gov/control_systems/
Example of Control System Functions
CONTROL
DATA
Control valve actuator
System outputs Manual /
automatic
Data fed to control algorithms
Performance monitoring
Digital and analog
Many of the processes controlled by computerized control systems have advanced to the point that they can no longer be operated without the control system.
Differences: IT Security vs. Control System Security
TOPIC INFORMATION TECHNOLOGY
CONTROL SYSTEMS
Anti-virus/Mobile Code Common/widely used Uncommon/impossible to deploy
Support Technology Lifetime
3-5 years Up to 20 years
Outsourcing Common/widely used Becoming more common
Application of Patches Regular/scheduled Slow (vendor specific)
Change Management Regular/scheduled Rare
Time Critical Content Generally delays accepted Critical due to safety
Availability Generally delays accepted 24 x 7 x 365 x forever
Security Awareness Good in both private and public sector
Poor except for physical
Security Testing/Audit Scheduled and mandated Occasional testing for outages
Physical Security Secure Remote and unmanned
© 2002 PA Knowledge Limited
• Threat is ever changing• Vulnerabilities are known• Consequences are being analyzed
Interdependencies/Interconnections are the risk multiplier
The Risk Equation
Threat
ConsequenceVulnerability
Threat: Any person, circumstance or event with the potential to cause loss or damage - includes motivation, actor, intent and capabilities
Vulnerability: Any weakness that can be exploited by an adversary or through accident.
Ease of exploit, exposure, impact, deployment Consequence: The amount
of loss or damage that can be expected from a successful attack. Cost of consequence minus the ability to defend
Threat: Capabilities
Presented at Blackhat USA 2005 by the Shmoo Group
Toorcon 2005 RootWars
Presented at ToorCon 2005 by the Mark Grimes
1. Clear Text Communications
10. Web Services
6. Coding Practices
2. Network Addressing
3. Account Management
4. Authentication
8. Unused Services
7. Perimeter Protection
5. System Integration
9. Unpatched Components
Vulnerabilities: Known
www.inl.gov/scada
Consequences• Davis-Besse Nuclear Power
• Australian Sewage Release
• Worcester Airport
• Farewell Dossier
Duping the Sovietshttps://www.cia.gov/csi/studies/96unclass/farewell.htm
The Farewell DossierGus W. WeissDuring the Cold War, and especially in the 1970s, Soviet intelligence carried out a
substantial and successful clandestine effort to obtain technical and scientific knowledge from the West. This effort was suspected by a few US Government officials but not documented until 1981, when French intelligence obtained the services of Col. Vladimir I. Vetrov, "Farewell," who photographed and supplied 4,000 KGB documents on the program. In the summer of 1981, President Mitterrand told President Reagan of the source, and, when the material was supplied, it led to a potent counterintelligence response by CIA and the NATO intelligence services. President Nixon and Secretary of State Kissinger conceived of détente as the search for ways of easing chronic strains in US-Soviet relations. They sought to engage the USSR in arrangements