• 320 likes • 931 Views
SCADA Security. Prepared for SECA XVI Conference Brooklyn Park, Minnesota October 9, 2000 Prepared by Jeff Dagle Pacific Northwest National Laboratory Richland, Washington (509) 375-3629 jeff.dagle@pnl.gov. Outline. Context: Current Trends in Industry Information Technology
E N D
SCADA Security Prepared for SECA XVI Conference Brooklyn Park, Minnesota October 9, 2000 Prepared by Jeff Dagle Pacific Northwest National Laboratory Richland, Washington (509) 375-3629 jeff.dagle@pnl.gov
Outline • Context: Current Trends in Industry • Information Technology • Implications of Restructuring • Federal Perspective • Critical Infrastructure Protection Initiative • DOE Vulnerability Assessment Activity • SCADA Security • Trends and Implications • Vulnerability Demonstration • Mitigation Strategies
Risk Dependency Information Technology Trends • Increasing: • enterprise dependence on IT • connectivity and standardization • access to information assets • dependencies on other infrastructures • Role of the Internet • E-Biz projected increase from $8B (‘97) to $320B (‘02) • Utility E-Biz projection: $2B (‘97) to $10B (‘02) • Information technologies are becoming inseparable from the core business of businesses
Information Technology Anecdotes Hacker Trends • First computer virus conceived in 1987 -- today there are 30,000 (10 more each day) • Hacker software and sophistication increasing exponentially • More than 1/2 of the 50 largest banks report significant network attacks in ‘98 • Gas/electric utility reports over 100,000 scans per month • Distributed denial of service attacks against e-commerce sites Response • FBI computer caseload: 200 cases to 800 cases in last two years -- number of cases now agent limited • IT security gaining increased attention in auditing, insurance and underwriting communities • $1.6 trillion forecast world wide to deal with cyber challenges. $6.7 billion in first 5 days of response to “I Love You”
Info Warrior Reduce U.S. Decision Space, Strategic Advantage, Chaos, Target Damage National Security Threats National Intelligence Information for Political, Military, Economic Advantage Terrorist Visibility, Publicity, Chaos, Political Change Shared Threats Industrial Espionage Competitive Advantage Intimidation Organized Crime Revenge, Retribution, Financial Gain, Institutional Change Institutional Hacker Monetary Gain Thrill, Challenge, Prestige Local Threats Recreational Hacker Thrill, Challenge Information Age Threat Spectrum
Energy Incidents and Anecdotes • DOE database reports 20,000 attacks on lines, substations, and power plants from 1987 to 1996 – many attacks continue • 1997 San Francisco outage – probably an insider • June 1999 Bellingham pipeline explosion accompanied by SCADA failure • Belgium & US (Mudge) hackers threaten to shut down electric grid (Fall ‘99) • Hacker controls Gazprom natural gas in Russia (Spring 2000) • Potential plot to attack nuclear plant during Sydney Olympics
Trends - Restructuring • Industry downsizing • 20% or more reductions of staff over last five years • Physical and IT security implications – “Doing more with less” • Mergers • Increased 4x between 1990 and 1997 • Keeping staff trained and updated • New business & players • Open access and open architecture systems • Mandated by regulation • Maintainability and low cost – security implications?
Outline • Context: Current Trends in Industry • Information Technology • Implications of Restructuring • Federal Perspective • Critical Infrastructure Protection Initiative • DOE Vulnerability Assessment Activity • SCADA Security • Trends and Implications • Vulnerability Demonstration • Mitigation Strategies
July 1996 - President’s Commission on Critical Infrastructure Protection (PCCIP) October 1997 - PCCIP report (Critical Foundations: Protecting America’s Infrastructures) “Waiting for disaster is a dangerous strategy. Now is the time to act to protect our future.” May 1998 - Presidential Decision Directive 63: Policy on Critical Infrastructure Protection National Action “Certain national infrastructures are so vital that their incapacitation or destruction would have a debilitating impact on the defense or economic security of the United States”
National Organizational Structure Proposed by Critical Infrastructure Protection PDD Policy & Program Management Crisis Management EOP President National Security Advisor National Infrastructure Assurance Council OSTP (R&D) National Coordinator Critical Infrastructure Assurance Office DoD/DOC Special Function Agencies Critical Infrastructure Coordinating Group SECTOR LEAD AGENCY Financial Services Dept. of Treasury DOJ Law Enforcement DoD National Defense Transportation Dept. of Transportation Private Sector CIA Intelligence DOS Foreign Affairs Dept. of Energy Electric, Gas & Oil Information Sharing and Analysis Center Information/Comms Dept. of Commerce National Infrastructure Protection Center Law Enforcement Dept. of Justice Continuity of Gov’t. FEMA Fire FEMA Emerg. Health Svcs. HHS Legend Water EPA New Organization
The Department of Energy’s Infrastructure Assurance Outreach Program (IAOP) Energy Infrastructures • Utilize DOE expertise to assist in enhancing energy infrastructure security. • Awareness - vulnerabilities & risks • Assistance - assessment to identify and correct vulnerabilities • Partnership- teaming with industry to collectively advance critical infrastructure protection • Voluntary participation conducted under strict terms of confidentiality Electric power Oil Natural Gas
IAOP Scope • IAOP Assessments: • Electric power infrastructure (started in FY 1998) • Primarily cyber, includes physical security and risk management • Approximately 10 electric utilities received voluntary assessments • Natural gas (started in FY 2000) • Physical and cyber • Expertise from multiple national laboratories and other Federal agencies • Assessment, not audit • IAOP Outreach • Conferences, meetings, information sharing • Support industry groups (NERC, NPC, EPRI, …) • Engagement with other Federal agencies (FBI, NSA, NRC ...)
Project Outline • Task I - Project Planning & Pre-Assessment • Project Planning and Scoping • Pre-Assessment -- Critical asset definition • Task II - Assessment • Threat Environment • Network Architecture • Network Penetration • Physical Security, Operations Security • Administrative Policies, Procedures • Energy System Influence • Risk Analysis • Optional Task III - Methodology & Prudent Practices • Methodology Handbook • Prudent Practices • Awareness (Closed forums and workshops)
Armored Resilient Manage Crisis Deterence Prevention Restoration Mitigation Risk ManagementSpectrum of Action
Outline • Context: Current Trends in Industry • Information Technology • Implications of Restructuring • Federal Perspective • Critical Infrastructure Protection Initiative • DOE Vulnerability Assessment Activity • SCADA Security • Trends and Implications • Vulnerability Demonstration • Mitigation Strategies
SCADA Trends • Open protocols • Open industry standard protocols are replacing vendor-specific proprietary communication protocols • Interconnected to other systems • Connections to business and administrative networks to obtain productivity improvements and mandated open access information sharing • Reliance on public information systems • Increasing use of public telecommunication systems and the internet for portions of the control system
SCADA Concerns • Integrity • Assuring valid data and control functions • Most important due to impact • Availability • Continuity of operations • Historically addressed with redundancy • Confidentiality • Protection from unauthorized access • Important for market value, not reliability
Operator Interface RTU Test Set (Intruder) SCADA Vulnerability Demonstration Field Device (RTU, IED or PLC)
Operator Interface • Simulated display of electrical substation • Circuit breaker status information read from field device
SCADA Message Strings Repeating easily decipherable format Captured by RTU test set
Attack Scenarios • Denial of service • Block operator’s ability to observe and/or respond to changing system conditions • Operator spoofing • Trick operator into taking imprudent action based on spurious or false signals • Direct manipulation of field devices • Send unauthorized control actions to field device(s) • Combinations of above
Mitigation Strategies • Security through obscurity • Poor defense against “structured adversary” • Isolated network • Communication encryption • Concerns over latency, reliability, interoperability • Vendors waiting for customer demand • Signal authentication • May provide good defense without the concerns associated with full signal encryption
Expectations The government and industry will collaboratively develop technologies consistent with shared infrastructure assurance objectives Public sector funding necessary to initiate development of new technologies Value Proposition • Industry • Proactive in protecting customers stockholder interests • Insights into vulnerability and risk assessment techniques • Due diligence • Government • Proactive in protecting public interests and national security • Insights into industry risk management perspectives • Facilitate long-term research and development, best practices
Conclusions • SCADA is becoming more vulnerable • Standard, open protocols • Interconnected to other systems and networks • Industry in transition • Focus countermeasures to protect – • Integrity • Availability • Confidentiality