1 / 20

Cyber Security of SCADA Systems

Cyber Security of SCADA Systems. Team: Anthony Gedwillo (EE) James Parrott (CPrE) David Ryan (CPrE) Client: Dr. Govindarasu, Iowa State University. What is a SCADA System?. SCADA stands for “Supervisory Control and Data Acquisition”

triage
Download Presentation

Cyber Security of SCADA Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber Security of SCADA Systems Team: Anthony Gedwillo (EE) James Parrott (CPrE) David Ryan (CPrE) Client:Dr. Govindarasu, Iowa State University

  2. What is a SCADA System? • SCADA stands for “Supervisory Control and Data Acquisition” • SCADA systems control our nation’s vital infrastructure, including Power Transmission and Distribution, Oil, Gas, and Water • SCADA Systems act as the brain and nerves for the systems they control. They sense, process (think), and send commands

  3. Problem Statement • Supervisory control and data acquisition (SCADA) systems are vital parts of our nation’s infrastructure, and the security of these systems is a top priority. However, there is a shortage of adequate research environments for modeling and testing SCADA systems.

  4. Our Solution

  5. Test Bed Functionality

  6. Concept Diagram

  7. Operating Environment/Intended Usage • Coover Hall – Room 3042 • Demonstrations • Research

  8. Functional Requirements-Virtualization • Create a virtualized platform that allows network stack inspection. • Create virtualized machines for RTUs and Relays • Virtualized system should be scalable to provide more realistic scenarios

  9. Functional Requirements-Cyber Security • Vulnerability assessment / Report • Cyber attack implementation • Denial of Service • Invalid Data • Information Theft

  10. Functional Requirements-Power System Integration • Integrate DIgSILENT PowerFactory into current test bed • Configure DIgSILENT for real time power flow simulation

  11. Non-Functional Requirements • Minimal configuration on virtual image deployment • Images should have backups to prevent loss • Attack scenarios can be demonstrated without requiring detailed information on attack functionality • Power flow system should be easily interpreted

  12. Implemented Design - Virtualization

  13. Implememted Design – Power Flow Google Earth

  14. Cyber Security Vulnerability Assessment • Validate the system • Document running services • Document well-known software vulnerabilities • Search for implementation vulnerabilities • Attack Implementation • Produce Report

  15. Attack Implementation • Man in the Middle attacks • Intercept and drop command packets • Ettercap Issues • Modified packet sniffer • Intercept and return fake confirmation • Denial of Service attacks

  16. Virtualization /Power Flow / Cyber Security Testing

  17. Current Test Bed Status

  18. Questions?

  19. Technical Approach Consideration and Results • Virtual hypervisor software selection • VmWare Server • VmWare ESX • Citrix XenServer • Microsoft HyperV • Relay Virtualization software selection • Delphin-Informatika IEC 61850 Simulator • SISCO AX-S4 MMS • SystemCORPIEC61850 DLL • MatrikonOPC Server

  20. Technical Approach Consideration and Results • Power system simulation software selection • Siemens Spectrum Power TG (DTS) • DIgSILENTPowerFactory • Power World • Cyber attack/security software selection • Nessus Security Scanner • Various open-source tools

More Related