180 likes | 629 Views
SCADA SYSTEM INCIDENT ON HATCH NUCLEAR POWER PLANT. Presenter: Eric Owusu Final Presentation IA 672, Fall 2010. Abstract. Explain what Supervisory Control and Data Acquisition (SCADA) systems are. Risks and vulnerabilities to SCADA systems. Recent incidents on SCADA systems.
E N D
SCADA SYSTEM INCIDENT ON HATCH NUCLEAR POWER PLANT Presenter: Eric Owusu Final Presentation IA 672, Fall 2010
Abstract Explain what Supervisory Control and Data Acquisition (SCADA) systems are. Risks and vulnerabilities to SCADA systems. Recent incidents on SCADA systems. SCADA attack incident on Hatch Nuclear Power Plant resulting in its shutdown. Reasons for Hatch SCADA incident and SCADA attacks in general. Suggestions to Control SCADA incidents in the future.
Introduction Supervisory Control and Data Acquisition (SCADA) systems. Industrial control systems . Monitor and control industrial infrastructure and facility based processes. Industry based: Large communication systems, oil and gas pipelines, nuclear power transmissions and electrical power transmission. Facility based: Heating ventilation and air conditioning (HVAC)
Vulnerabilities Of SCADA Systems External connectivity. Computer-controlled controllers. Commodity software and hardware solutions instead of proprietary software. Difficulty in using standard intrusion detection techniques. SCADA protocols do not support authentication techniques. Increasing size and functionality.
SCADA System SCADA
SCADA System SCADA
Hatch Nuclear Power Plant Shutdown Nuclear Plant emergency shutdown for 48 hours. Incident occurred on March 7th 2008. Software update on a computer on the plants business network. Business network was in two way communication with plants SCADA network. Software was installed by engineer who manages operations for the plant.
Hatch Nuclear Power Plant Shutdown Update on business network synchronized information on both plant and business network. SCADA system reset and reboot after update. SCADA safety systems detected lack of data after reboot. Safety systems signaled that the water level in cooling system has dropped. Resulted in automatic shutdown of the plant.
Impact Of Incident. Power plant was forced to purchase power from other plants. Costs of about a million dollars a day ($1,000,000). Retuning/redesign the nuclear systems. Physical damage to equipment in the SCADA system. Substantial expense (millions) in getting the plant back to work.
Control of Future Incidents Establishing standards for the operation of SCADA systems. Enforcing compliance to these standards. Severing physical connections between SCADA and business networks. Training of Engineers on the architecture of networks. Disconnecting SCADA systems from the internet. Design of more fault tolerant SCADA systems. Use of proprietary software for SCADA systems.
Conclusion Failure of a SCADA system can result in the catastrophic failure in important utility systems. Cyber attack resulted in the close down Hatch Power plant for 48 hours. Security measures should be put in place to mitigate such attacks. Standards should be established to and enforced.
References http://www.mcafee.com/us/local_content/white_papers/wp_cor_scada_001_0407.pdf http://www.washingtonpost.com/wp-dyn/content/article/2008/06/05/AR2008060501958.html http://www.google.com/images?