210 likes | 371 Views
A project under the 7th Framework Programme. VIKING. CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator. A Security Project for the Protection of Vital Infrastructures. Society is dependent on electricity. The Power Network. SCADA. SCADA Security.
E N D
A project under the 7th Framework Programme VIKING CPS Workshop Stockholm12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection of Vital Infrastructures
Why could SCADA be targeted? • SCADA systems monitor and control production and distribution of i.e. electricity, gas and heat. • SCADA systems were traditionally physically separated from the office IT network, using proprietary protocols and OS • SCADA systems was not in the scope of IT • SCADA systems develops today on a standard platform with standard protocols • SCADA systems are normally not patched and have a life-cycle of 20 year • SCADA systems have today direct access to the office IT networks and systems
SCADA system and security ? • From the GAO report, May 2008, security study regarding TVA. • Remote access system was not securely configured • System and clients was not security patched • Lack of security security settings for key programs • Firewalls were bypassed or inadequately configured • Passwords were not effectively implemented • Logging was limited • No antivirus protection • Lack in security in the connections between Process and Office IT network • Etc….. • Conclusion “TVA Needs to Address Weaknesses in Control Systems and Networks
Potential Consequences • Northeast Blackout 2003, US and Canada • 50 million people without electricity • Financial losses estimated to 6-10 billion USD • Railway system interrupted • Airports shut down (passenger screening, electronic tickets) • Gas stations unable to pump gas • Disrupted cellular communication • Disrupted television (cable tv) • Internet traffic disrupted • Water system lost pressure: boil water advisories, closing of restaurants • Sewage spills CIA senior analyst Tom Donahue: “We have information that cyber attacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities.”
Strategic objectives of the VIKING project The VIKING project will concentrate on cyber attacks on SCADA systems for the Transmission and Distribution of electricity. The project has the following objectives: • Provide a holistic framework for identification and assessment of vulnerabilities for SCADA systems. The framework should provide computational support for the prediction of system failure impacts and security risks. • Provide a reference model of potential consequences of misbehaving control systems in the power transmission and distribution network that can be used as abase for evaluating control system design solutions. • Develop and demonstrate new technical security and robustness solutions able to meet the specific operational requirements that are posed on control systems for our target area. • Increase the awareness of the dependencies and vulnerabilities of cyber-physical systems in the power industry.
Members Industrial Partners ABB AG (Germany) E.ON AG (Germany) Astron (Hungary) MML Analysis & Strategy (Sweden) Academic Partners Royal Institute of Technology (Sweden) ETH Zurich (Switzerland) University of Maryland (USA)
From security requirements to social costs Attack SCADA system Power network Societalcost
Modelling Approach Network Control Center Substation commands Power Grid Actuators Operator actions Society commands attack Substation Automation Transmission decision-support power power Distribution Cost Applications measurements measurements Sensors state information commands
Models Network Control Center Substation commands Power Grid System Architecture Models Power System Models Actuators Society Models Operator CyberphysicalModels actions Attack Inventory Society commands attack Substation Automation Transmission decision-support power power Distribution Cost Applications measurements measurements Sensors state information commands
Example attack tree Cause societaldamage ($$$) Initiateloadshedding Decrease power supply from transmission grid … Destroy transformer TD223 Open breaker GT435 ... Gainwrite access to actuator GT435 Deceive operator in sendingOpen Breakercommand … Present false system state to operator Bypassstateestimator bad data detection Gainwrite access to sensors TR45, YR47 and FE322
Society Models Society Models Cause societaldamage ($$$) Initiateloadshedding Power System Models Decrease power supply from transmission grid Destroy transformer TD223 Open breaker GT435 … CyberphysicalModels Grain write access to actuator GT435 Deceive operator in sending Open Breakercommand … Present false system state to operator Bypassstateestimator bad data detection System ArchitectureModels Gainwrite access to sensors TR45, YR47 and FE322
What characterizes the VIKING approach? • Previous work has been focused on testing attacks on physical SCADA system • Viking will do a model based approach • Integrated analysis chain of models from attacks to societal cost • Previous work has been focused on the central system, e.g. firewalls • Viking looks on the complete SCADA system including substation and communication systems • Development of new methodologies • Use of power applications to detect manipulated data, i.e. higher level of Intrusion Detection System • Use of security enhanced communication structures • Coupling between physical process and IT systems models to study security issues • Etc.
Potential Research Results of VIKING • Estimates of the security risk (in terms of monetory loss for the society) based on threats trees, graphical system architecture and society models • Comparable, quantitative results for cyber security for different control system solutions • Use of existing model based application as application level Intrusion Detection Systems to detect manipulation of data • Use of innovative and existing communication solutions to secure power system communication • Help with identifying ”weak spots” and how to mitigate them • An environment for performing what-if analyses of the security risk impact of different architecture solutions
Summary VIKING will investigate the vulnerability of SCADA systems and the cost of cyber attacks on society VIKING will propose and test strategies and technologies to counteract these weaknesses VIKING will increase the awareness for the importance of critical infrastructures and the need to protect them
Contact • Project Coordinator Gunnar Björkman • gunnar.bjoerkman@de.abb.com • Technical Coordinator Pontus Johnson • pj101@ics.kth.se