210 likes | 223 Views
Annarita Giani, UC Berkeley Bruno Sinopoli & Aakash Shah, Carnegie Mellon University Gabor Karsai & Jon Wiley, Vanderbilt University TRUST 2008 Autumn Conference, Nashville Tennessee. The TRUST-SCADA Experimental Testbed : Design and Experiments. Outline. SCADA Systems and Security
E N D
Annarita Giani, UC Berkeley Bruno Sinopoli & Aakash Shah, Carnegie Mellon University Gabor Karsai & Jon Wiley, Vanderbilt University TRUST 2008 Autumn Conference, Nashville Tennessee The TRUST-SCADA Experimental Testbed: Design and Experiments
Outline • SCADA Systems and Security • The TRUST-SCADA Experimental Testbed • Current Implementation • Future Directions
Outline • SCADA Systems and Security • The TRUST-SCADA Experimental Testbed • Current Implementation • Future Directions
What is SCADA? • Supervisory Control And Data Acquisition systems are computer-based monitoring tools that are used to manage and control critical infrastructure functions in real time. • Control Gas Utilities, Power Plants, Oil Refineries, Power Utilities, Chemical Plants, Water Management, Traffic Control Systems, etc.
Typical SCADA Hardware • SCADA Master • Provides overall monitoring and control SCADA system • SCADA Network • Provides communication between SCADA master and RTUs • Remote Terminal Units (RTUs) • Local controllers that take commands from SCADA masters • Can perform simple PID control • Sensors and Actuators • Provide means of measuring infrastructure parameters and adjusting them
SCADA Systems Security Overview • SCADA systems have significant lifetimes • Most were designed without security in mind • Most are now connected to new infrastructure • SCADA Systems are difficult to upgrade • Adding security often means downtime • SCADA systems contain embedded components • SCADA networks are customized for each system • Need flexible, robust solutions that secure legacy SCADA systems and shape the design of the next generation
Outline • SCADA Systems and Security • The TRUST-SCADA Experimental Testbed • Current Implementation • Future Directions
The TRUST-SCADA Experimental Testbed Goals • Assess vulnerabilities of current SCADA implementations • Provide and test solutions to address such vulnerabilities • Test innovative architectural and technological solutions for next generation SCADA • Provide an openly-documented, affordable, and highly flexible testbed for the TRUST community
SCADA Testbed Requirements • Modularity: • Must be able to model several SCADA • Processes • Network architectures • Communications topologies, media, and protocols • Reconfigurability: • Needs to be easily reconfigurable to test new attack scenarios, solutions • Remote access: • Should be available to remote users • Accurate modeling: • Should be a realistic model of a real world process
SCADA Testbed Hardware/Software • Hardware • Servers • SCADA Master Controller • Communications Equipment • RTUs • Software • SCADA Master Software • Communication Simulation • RTU Software • Hardware Simulation • Plant Simulation
Outline • SCADA Systems and Security • The TRUST-SCADA Experimental Testbed • Current Implementation • Future Directions
SCADA Testbed Implementation Gumstix/Linux Computer setpoints sensor readings Robostix Microcontroller 12-bits of parallel digital data 8 channels of 12-bit analog data High Speed I/O Interface Simulink RTW Plant Model Simulation on xPC
Tennessee-Eastman Chemical Plant • An adaptation of a publically available chemical plant model • Runs on xPC Target • 4 processes • 16 control loops • 12 input variables • 8 measured outputs • Simulates 1 hour in one second (controllable simulation speed)
Remote Terminal Unit (RTU) • Atmel ATMega128 Microcontroller • 8 channels of 10-bit A/D • Used for measuring analog sensor data • Up to 54 channels of digital I/O • Used for sending actuator setpoints to plant simulation • SCI, IIC • Can run simplePID control loops
SCADA Master • Gumstix 400MHz Linux Computer • Runs SCADA Master software • Receives sensor and actuator information from RTUs • Sends setpoints to RTUs • SCI, IIC, Ethernet, Wifi
Implemented Control Architectures • Locally controlled process • Remotely controlled process Gumstix/Linux Computer setpoints (over Modbus) sensor readings (over Modbus) Robostix Microcontroller Robostix Microcontroller 12-bits of parallel digital data 8 channels of 12-bit analog data 12-bits of parallel digital data 8 channels of 12-bit analog data High Speed I/O Interface High Speed I/O Interface Simulink RTW Plant Model Simulation on xPC Simulink RTW Plant Model Simulation on xPC
Current Work Distributed control using Modbus Distributed control using Ethernet Gumstix Computer Gumstix Computer Gumstix Computer Robostix Robostix Robostix Robostix High Speed I/O Interface High Speed I/O Interface Simulink RTW Plant Model Simulation on xPC Simulink RTW Plant Model Simulation on xPC
Outline • SCADA Systems and Security • The TRUST-SCADA Experimental Testbed • Current Implementation • Future Directions
Future Directions • Finish modular SCADA Testbed • Develop modeling tool for easy configuration of testbed • Model systems and demonstrate vulnerabilities of current SCADA systems • Test solutions to address current vulnerabilities • Test new architectural solutions