1 / 39

Ulf Lindqvist SRI International ulf@sri Trust Seminar at UC Berkeley Nov. 17, 2005

Securing Control Systems in the Oil and Gas Infrastructure The I3P SCADA Security Research Project. Ulf Lindqvist SRI International ulf@sri.com Trust Seminar at UC Berkeley Nov. 17, 2005.

jaegar
Download Presentation

Ulf Lindqvist SRI International ulf@sri Trust Seminar at UC Berkeley Nov. 17, 2005

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Securing Control Systems in the Oil and Gas InfrastructureThe I3P SCADA Security Research Project Ulf Lindqvist SRI International ulf@sri.com Trust Seminar at UC BerkeleyNov. 17, 2005 This work was supported under Award number 2003-TK-TX-0003 from the U.S. Department of Homeland Security, Science and Technology Directorate. Points of view in this document are those of the authors and do not necessarily represent the official position of the U.S. Department of Homeland Security or the Science and Technology Directorate. The I3P is managed by Dartmouth College.

  2. What Is The I3P?The Institute for Information Infrastructure Protection • Funded by Congress, managed by Dartmouth College with oversight from DHS • Established in 2001 to identify and address critical research problems facing our nation’s information infrastructure • Consortium of 27 universities, non-profit research institutions, and federal labs

  3. What Is This Research Project? • Two-year applied research effort to improve cyber security for control systems/SCADA • Specific focus on oil & gas industry • Help industry better manage risk by • providing risk characterization • developing and demonstrating new cyber security tools and technologies • enhancing sustainable security practices for control systems

  4. An Important Problem • Oil and gas processing is controlled by computer systems • Trend toward general-purpose platforms and universal connectivity • These systems are vulnerable to cyber attack • An attack could have severe consequences for • Human lives • The environment • The economy

  5. Example:Pipelines • June 10, 1999 • In Bellingham, Washington, a gasoline pipeline operated by Olympic Pipeline Company ruptured • 237,000 gallons of gasoline was released into Whatcom Creek • The gasoline ignited, sending a fireball racing down the creek • Two 10-year old boys and an 18-year old man were killed • SCADA system problems partial cause

  6. Control system side Top priority is reliability and availability, not security Traditionally relied on obscurity and isolation Trend: using general hardware and OS Owner/operator companies are in the hands of vendors Vendors often have backdoor modem lines Default passwords IT side Traditional security tools may not work for control systems IT people do not know control systems Enterprise networks are being connected to control systems Control systems are overlooked because they are not managed by IT Why Is There A Problem?

  7. Goals • Demonstrated improved cyber security in the Oil & Gas infrastructure sector • New research findings • New technologies • Significantly increased awareness of • Security challenges and solutions • The capabilities of the I3P and its members

  8. Approach • Build upon ongoing cyber security research to apply to the process control arena • Develop tools and technology which could enhance the robustness of critical infrastructure process control systems • Focus on the oil and gas sector by partnering with industry • Develop research collaborations with other institutions with cyber security domain expertise • Communicate and demonstrate results of the research

  9. Project Overview Oil and Gas Industry Requirements, Technology Transfer Information Workshops, Demonstrations Research Team Risk CharacterizationSNL Topic 1 Topic 2 Inter- dependenciesUVa MetricsPNNL Topic 3 Security ToolsMIT/LL Topic 4 InformationSharingMITRE Topic 5 Topic 6 Tech TransferSRI

  10. Topic 1 – Risk Characterization • Problem: What is the risk to infrastructure caused by potential vulnerabilities of the process control systems? • Approach: • Year 1 and 2 SCADA risk workshops focused on oil and gas sector to collect data for all tasks in the plan • Aggregate information from owners, operators, and domain experts • Analysis of the data to determine classes of SCADA systems to include vulnerabilities, threats, consequences, and risks for SCADA security • Development of attack taxonomy and mitigation strategy analysis • Profiles of security situations, generalized threats, classes of consequences • Best Practices handbook information

  11. Topic 1 – First Year Workshop • The workshop was held in Houston, Texas, on June 2-3, 2005 • Sample highlights from industry breakout sessions: • On-site contractors present a major vulnerability to facility and IT/SCADA security • Attackers can use easily accessible emergency response plans and identification of key personnel to amplify attacks • Vendors are only able to provide the products (including security) demanded by their clients • Cost and certification of security measures are a concern • Systems in the oil & gas industry represent wide range of maturation levels from beginner to advanced • Need to include consideration of all systems: legacy, modern, and heterogeneous • Most control systems in use today are insecure by design

  12. Topic 1 – Results • One page summary of workshop • Workshop analysis report being prepared • Industry perspectives • Profiles of security situations • Technological profiles • Understanding the threat • Consequences and measures • Industry risk trends • Future Work • Attack taxonomy • Interim and final risk characterization reports • Risk characterization to quantify security impact and improve business case • 2nd workshop focused on technical demonstrations • June 8, 2006 in La Jolla, CA

  13. Topic 2 – Interdependencies • Assess the degree of SCADA dependence and associated risk exhibited by interlinked critical infrastructures • Understand the indirect risk to the U.S. Economy resulting from Oil & Gas SCADA system vulnerability and cyber threat potential • Develop risk management practices that reduce the risk of cascading effects resulting from system interdependencies and cyber attacks

  14. Productivity Loss (%) Recovery Dynamics SCADA- Infrastructure Response Model Inoperability Input-Output Model (IIM) Attack time Econ. Loss ($) Topic 2 – General Response Model Overview Purpose: 1) Map cyber intrusion events to macro-economic inoperability effects 2) Integrate System Dynamics model with the Inoperability Input-Output Model (IIM) for comprehensive and tractable impact analysis 3) Use scenarios of cyber attack, information security, infrastructure resilience and emergency management systems to derive supply- and demand-side perturbations for IIM economic and inoperability impact analysis 4) Understand the role of public response to industry events in shaping, amplifying and dampening economic impact 5) Develop means by which the efficacy of candidate risk management strategies can be quantitatively evaluated

  15. SCADA-Infrastructure Response Model Cyber Attack on SCADA System Demand Perturbation Intrusion Dynamics Process Disruption Product Disruption Public Response IIM Process Control Manipulation Physical Coupling Sector Inoperability Supply Perturbation Cyber Risk Scenarios Physical Effects Propagation Economic Inoperability Risk Management Network Security Strategies Recovery Dynamics Management Regional Risk Management Recovery Dynamics Topic 2 – General Response Model Framework

  16. Topic 3 – Security Metrics • Problem: How can the security of control systems be measured and related to business and functional requirements? • Security metrics provide tools that enable decisions based on quantitative or qualitative assessments rather than hunches or best guesses. • Lead – Pacific Northwest National Laboratory – Martin Stoddard (martin.stoddard@pnl.gov) • Team Members – Sandia National Laboratory, University of Virginia, The MITRE Corp.

  17. Topic 3 – A Few Sample Metrics • Adversary work factor • Capability Maturity Model (CMM) • Security Scorecard • Assurance Levels/Categories • Risk Analysis/Security Vulnerability Assessments • Readiness Levels

  18. Topic 3 – Approach • Phase I: Survey existing security metrics and provide a high-level view of metrics tools and their application to PCS. • Phase II: Develop detailed requirements for process control metrics. Apply existing technologies where applicable and identify gaps requiring further development. • Phase III: Prioritize the gaps from Phase II and apply research to develop the highest-priority metrics tools.

  19. Topic 4 – Inherently Secure SCADA Systems • Problem: How do you design, verify, install and monitor secure process control systems? • Deliverables: Tools and techniques to • Support Secure Operations • Risk management for configuration and deployment • Assess architectural security vulnerabilities • Model and monitor correct behavior • Enable Secure Components • Application software • Protocols and protocol stacks • Operating systems

  20. Topic 4 – Team Members • Topic Lead – MIT/LL – Rob Cunningham • Support Secure Operations • Risk management for configuration and deployment - MITRE • Assess architectural security vulnerabilities - University of Illinois • Model and monitor correct behavior - SRI • Enable Secure Components • Application software - MIT/LL • Protocols and protocol stacks - University of Tulsa • Operating systems - PNNL

  21. Topic 4 – Research Strategy • Pull: Expand operator awareness of approaches to improved security • Develop prototype tools to suggest, verify implementation, monitor systems • Push: Enable more secure vendor solutions • Develop prototypes to improve application software, protocols, underlying operating system Research to support market conditions for more secure components and systems

  22. Topic 4 – Reference Refinery Network Architecture

  23. Topic 4 – Architecture With I3P Security Components The Traffic Assessment Tool (TAT) analyzes how well the system of firewall rules adheres to global traffic policy. The JSST is a SCADA protocol policy-aware network monitor. The HSMTU (High Security MTU) is an architecture that hardens the master control functions from. The HIDS (host intrusion detection system) and NIDS (network intrusion detection system) look for misbehavior, reported to the SIM (security incident manager).

  24. Topic 4 – Risk Management

  25. Topic 4 – Architectural Vulnerabilities

  26. Topic 4 – Modeling and Monitoring

  27. Topic 4 – Application Software

  28. Topic 4 – Protocols

  29. Topic 4 – Operating Systems

  30. I/O Orders Orders RTU Owner Internet Business LAN Control Center LAN Gov’tAgency Flaws Events Vendor Owner First Responders Trade Associations Events Topic 5 – Cross Domain Information Sharing (CDIS) • Domain: A collection of individuals, resources, and information owned by one organization that requires protection from other domains • Cross Domain Information Sharing: Exchange of information between two or more domains

  31. Topic 5 – Research Plan • Prioritize the information sharing needs within the Gas & Oil sector • What information sharing is taking place, but at a risk? • What necessary information sharing is not taking place, and why not? • What information sharing will be necessary to support new business processes? • What information sharing would be beneficial, if properly constrained? (e.g., non-attribution) • Identify where existing solutions do not meet critical needs • Research, develop, and demonstrate CDIS solutions to address high priority needs • Feed Technology Transfer

  32. Topic 5 – Use Cases • Business LAN - Control Center LAN • Database queries against financial databases that reside on the Business LAN • Email containing product orders or inventory levels • Fixed formatted messages containing product nominations or sampling results • Asset Owner - Asset Owner • Use collaborative environment to share IDS scan results, raw log data, reconnaissance activities, attack techniques (including social engineering), forensic information, system vulnerabilities, system status information • Asset Owner - Government Agencies • Submit formal reports of incidents to appropriate government agencies • Coordinate with first responders and law enforcement in the event of a crisis as well as to share after action reports • Asset Owner - Vendor • Push/pull product updates and security patches • Discuss product features and their operational use

  33. Owner Owner Owner Owner Owner Owner Owner Vendor Vendor Vendor Industry Site Gov Site Topic 5 –One Solution • Industry site is accessible by authenticated members • Owners report problems to vendors • Vendors and owners report problems and solutions anonymously to industry site • Industry site analyzes anonymous data • Industry site reports analysis to government site

  34. Topic 6 – Technology and Knowledge Transfer • We are not doing “blue sky” basic research • Transition of our results into the infrastructure is essential for success • If what we are doing is not relevant to industry cyber security needs, then we shouldn’t be doing it • In this project, we are actively working to organize and speed up the transfer process

  35. SCADA Red Team Labat Sandia National Labs Topic 6 – Technology Transfer Mechanisms • Technology Transition Taskforce • Partnerships • Evaluations and Experiments • Technology demonstration programs • Structured Process for Value Creation

  36. Topic 6 – Knowledge Transfer • Knowledge transfer is bidirectional • Researchers Industry • Workshops • Site visits • Technical papers • Project books will be published by ISA • Training class offered to industry • Working with industry groups – API, NPRA

  37. CSSTC CSSTC Research Development Test Evaluation Demonstration Transition Deployment Energy:Electric power NSTB SCADA SBIRs PCSF I3P SCADA LOGI2C Energy:Oil and Gas Chemical Water andWastewater Telecom Transportation(rail)) Related Efforts

  38. Summary • This is the only large government-funded research effort for control system security for the oil and gas infrastructure • Focused on industry needs • 6 topic areas, 11 institutions, hundreds of stakeholders, thousands of lives at risk in a major cyber attack on oil & gas systems…

  39. Ulf Lindqvist, Ph.D. Program Director Computer Science Laboratory 333 Ravenswood Avenue Menlo Park, California 94025-3493 650.859.2000 www.sri.com Direct: 650.859.2351 Fax: 650.859.2844 ulf.lindqvist@sri.com ulf@sri.com Contact Information

More Related