250 likes | 818 Views
Cyber Security of SCADA Systems. Team: Anthony Gedwillo (EE) James Parrott ( CPrE ) David Ryan ( CPrE ) Client: Dr. Govindarasu , Iowa State University. Problem Statement.
E N D
Cyber Security of SCADA Systems Team: Anthony Gedwillo (EE) James Parrott (CPrE) David Ryan (CPrE) Client:Dr. Govindarasu, Iowa State University
Problem Statement “Since the mid-1990’s, security experts have become increasingly concerned about the threat of malicious cyber attacks on the vital supervisory control and data acquisition (SCADA) systems used to monitor and manage our energy systems. Most SCADA system designs did not anticipate the security threats posed by today’s reliance on common software and operating systems, public telecommunication networks, and the Internet.”
Operating Environment Our testbed will operate in a permanent location: Coover 3042. User Interface Description • Siemens Spectrum Power TG • This software will function as our Human-Machine Interface (HMI) for our SCADA Testbed
Functional Requirements • Virtualization • Create a virtualized platform that allows network stack inspection. • Create virtualized images for RTUs, Control Center, firewalls and Relays • Virtualized system should be scalable to provide more realistic scenarios • Cyber Security • Produce report detailing security vulnerabilities of the system • Implement attacks discovered during the vulnerability assessment • Power System Integration • Integrate DIgSILENTPowerFactory with SCADA test bed • Power Simulation should represent real world scenario
Non-Functional Requirements • Minimal configuration on virtual image deployment • Images should have backups to prevent loss • Attack scenarios can be demonstrated without requiring detailed information on attack functionality • Assessment shall function as comprehensive documentation on the security state of the system • All test equipment should function correctly • Power system should be represented in a manner that is easy to understand
Market Literature Survey • National SCADA Test Bed (NSTB) • North American Electricity and Reliability Corporation (NERC) • Critical Infrastructure Protection (CIP) • United States Computer Emergency and Response Team (US-CERT)
Deliverables • A test bed that can be used both for demonstrations • and for development of cyber security attacks. • At least 15 nodes (Virtual and Physical Mixed) • Cyber attacks we have created to demonstrate vulnerabilities
Risks and Mitigation • Risks • Equipment Malfunction • Breaking the testbed:-Improper Usage-Successful Attack • Mitigation: • Read the provided manuals • System Configuration Back-Up
Functional Decomposition • Our goal is to improve the cyber security of Supervisory Control and Data Acquisition (SCADA) systems • We will construct a testbed that mimics a SCADA system • We will be able to run “Improvement Cycles” on the system so a better understanding of its cyber security flaws can be gained
Virtualization Design Virtual RTUs and virtual relays will be installed on the virtual machines. These virtual machines will reside on the VmWare Server These virtual machines will be connected to the SCADA testbed The virtual RTUs will communicate with the control center over ethernet behind a physical SCALANCE or virtual firewall
Power Flow Simulation Design Virtualized and Real Relays Siemens Spectrum Power TG (HMI) Virtal and Real SICAM PAS (OPC DA Server) OPC := OLE for Process Control OLE := Object Linking and Embedding DIgSilentPowerFactory (OPC Client)
Cyber Security Design • Will use vulnerability scanners to scan for potential vulnerabilities • Document and assess this vulnerabilities for potential attack • Implement an attack to exploit vulnerability, documenting outcomes • Write a report with detail about vulnerabilities, attacks and potential fixes.
Software and Hardware Used • Our SCADA network test bed consists of a few key pieces of hardware and software: • Hardware • Siemens SCALANCE S612 Security Module • Siemens SIPROTEC 4 7SJ61 Relay (Sensor) • Software • Siemens Spectrum Power TG SCADA/EMS (HMI) • Siemens SICAM PAS v6.00 (RTU) • Siemens DIGSI (Software for SIPROTEC Protection Relays) • VmWareESXi 4.1 • Nessus • Other Vulnerability Assessment Software
Vulnerability Assessment Test Plan • Validate the System • Eliminate any incorrect assumptions • Document Running Services • Evaluate possible network entry point into each device • Check for glaring security holes (Open webserver, mail server, etc.) • Document Well-Known Vulnerabilities • Check for popular exploit opportunities (Windows, Adobe Reader, Flash)
Vulnerability Assessment Test Plan • Document Implementation Specific Vulnerabilities • Vulnerabilities specific lab equipment and software • Attack Implementation • Implement Attack • Document Attack Procedure • Produce Report • Existing Vulnerabilities • Possible Impact • Possible Countermeasures
Prototype Implementations and Results • Delphin-Informatika IEC 61850 Simulator • Software Solution for use a virtual relay • Design for use with SICAM PAS and SIPROTEC Relays • Trial license; limited functionality; expensive • End result: chose to use another software solution • Siemens Spectrum Power TG DTS • Dispatcher Training Simulator • Desired to have DTS read real time data points and update power flow solution in real time • Siemens support period expired, bad/no documentation • End Result: Chose to use DIgSILENTPowerFactory instead
Current Project Status • Power Flow Simulation • Tony • Create 9-Bus test case on DIgSilent (NOV 2010) • Configure DIgSilent with OPC connectivity (FEB 2011) • Expand Power System to 15 Busses (MAR 2011) • Develop Display for testbed (OPTIONAL) • Virtualization • James • Setup virtual host and install virtual machines • Setup a virtual RTU and connect to HMI • Setup a virtual relay that can connect to RTU (FEB 2011) • Create multiple substations in testbed (MAR 2011) • Cyber Attacks • David • Port scan all devices • Document services running on each port • Search for well-known network/server side vulnerabilities • Search for well-known client software vulnerabilities • Search for lab-specific vulnerabilities (CONTINUAL) • Create attacks for significant vulnerabilities (CONTINUAL) • Analyze impact of attacks on system (CONTINUAL)
Plan for Next Semester • Virtualization • Need to finish implementing the virtual relay simulator and connect it to system. • Work on implementing multiple virtual substations into system • Create easy deployments for substations • Power Flow Simulation • Configure DigSilent to integrate with testbed • Test out real world scenarios • Cyber Attacks • Implement attacks against vulnerabilities • Document findings