Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Security of SCADA Systems Testbed Development May1013 Group Members: Ben Kregel Justin Fitzpatrick Michael Higdon Rafi Adnan Adviser: Dr. Manimaran.

Published byBranden Pope Modified over 7 years ago

Similar presentations

Presentation on theme: "Cyber Security of SCADA Systems Testbed Development May1013 Group Members: Ben Kregel Justin Fitzpatrick Michael Higdon Rafi Adnan Adviser: Dr. Manimaran."— Presentation transcript:

1 Cyber Security of SCADA Systems Testbed Development May1013 Group Members: Ben Kregel Justin Fitzpatrick Michael Higdon Rafi Adnan Adviser: Dr. Manimaran

2 What is SCADA? Supervisory Control and Data Acquisition ► Use in critical infrastructures, utilities ► Sensing, decision making and control associated with real-time operation

3 WWW Sensor 1 Sensor 2 RTU 1 RTU 2 Scalance Host 1Host 2...217...213...210...218...195...193...194...201...203 Control Center Scalance Substation 2Substation 1 SCADA Network Topology

4 Problem & Solution ► Problem  Significantly dated SCADA systems  Security concerns in the past  Security risks in today’s internet age  Open to attacks from the outside ► Solution  Design and implementation of SCADA test beds for use in security evaluation, testing and simulations.

5 ► The National SCADA Test Bed (NSTB) with DOE  Primary goals: ► Industry awareness and collaboration ► Developing solutions and risk mitigation strategies ► Developing intelligent, inherently secure and dependable control systems and infrastructures ► National standards and guidelines for secure control systems ► Research goals geared toward answering and satisfying the problem and need statement of this project as well as industry needs. Project Need

6 ► FR01. Establish an operational SCADA test bed. ► FR02. Incorporate security features into the SCADA test bed. ► FR03. Integrate a live resistive current load ► FR04. Conduct simulations and analysis on the test bed. ► FR05. Conduct attack scenarios for the test bed. Functional Requirements

7 ► NFR01. Users shall be able to try to hack into the system with any means necessary. ► NFR02. Users shall be able to run software with no problems. ► NFR03. Users shall be able to change settings on relays for testing. ► NFR04. The software shall be updated by Siemens. ► NFR05. All our research shall be fully documented. ► NFR06. Maintain proper communication between network hardware. Non-Functional Requirements

8 ► Develop system software fluency  Individual program operations ► Develop SCADA test bed  Establish functionality between all devices  Incorporate security practices ► Integrate hardware simulation  Develop a simulated load  Configure current protection methods  Manual control and telemetry from control center ► Cyber security evaluation and testing Goals

9 ► Complete report on the simulation system used ► Reports on vulnerabilities from attack simulations ► Documentation on how to reproduce and combat said vulnerabilities Deliverables

10 ► Personnel  Research and development dependent project  High level of software and device complexity  Extremely high learning curve for the software ► Software and Facilities  Software programs provided by Siemens  Teleconferencing session with representatives from Siemens  Necessary training and skills  Efficient operation of the software ► Assistance of two grad students  Test bed setup  Security testing Resource Requirements

11 Schedule ► Establish a software model  Substations and generation  October 2009 ► Integrate hardware into software  Establish a full test bed  December 2009 ► Test vulnerabilities and holes in system  Fixing broken elements of the system  Jan-May 2010

12 Project Schedule

13 Work Breakdown

14 Risks ► Lack of proper training:  SCADA test bed operation is crucial  Proper software and device training  Training sessions ► Malfunctioning software or test bed equipment:  Sensitive and expensive devices  Improper use could result in breakdown  Corruption in the system database  Nature of our work is to test the vulnerability of the system  Being careful not to damage any of the equipment

15 Implementation

16 ► Control Center ► Remote Terminal Unit (RTU) ► Sensors High Level Components

17 WWW Sensor 1 Sensor 2 RTU 1 RTU 2 Scalance Host 1Host 2...217...213...210...218...195...193...194...201...203 Control Center Scalance Substation 2Substation 1 SCADA Network Topology

18 Functional Testing ► Progressive testing of the SCADA system  Separate “phases” ► Remotely open and close a circuit breaker ► Integrate a resistive load ► Observe real-time current on the system ► Over-current tripping on the relays

19 WWW Sensor 1 Sensor 2 RTU 1 RTU 2 Scalance Host 1Host 2...217...213...210...218...195...193...194...201...203 Control Center Scalance Substation 2Substation 1 SCADA Network Topology

20 Control Center  Spectrum Power TG  Managing databases  Establishing communications  Monitoring current or voltage levels, trip breakers.  Analog telemetry from relays  Binary statuses for breakers

21 WWW Sensor 1 Sensor 2 RTU 1 RTU 2 Scalance Host 1Host 2...217...213...210...218...195...193...194...201...203 Control Center Scalance Substation 2Substation 1 SCADA Network Topology

22 ► Point-to-point data protection between SCALANCE cells ► Real-time data encryption ► Remote access through gateways SCALANCE

23 WWW Sensor 1 Sensor 2 RTU 1 RTU 2 Scalance Host 1Host 2...217...213...210...218...195...193...194...201...203 Control Center Scalance Substation 2Substation 1 SCADA Network Topology

24 ► SICAM PAS (Power Automation System) ► Operates between the control center and sensory relay devices ► Responsible for interpreting sensory data and communicating this data to a control center Remote Terminal Units (RTU)

25 WWW Sensor 1 Sensor 2 RTU 1 RTU 2 Scalance Host 1Host 2...217...213...210...218...195...193...194...201...203 Control Center Scalance Substation 2Substation 1 SCADA Network Topology

26 ► Siemens DIGSI 4 ► Sensor components at remote substations ► Measure and capture real-time transient current data ► Act as a circuit-breaker and trip in the event of over-current Relays

27 Security Testing ► Nmap  Port scanning  Communication Port ► Wireshark  Packet capture  DNP 3.0 Protocol  Relay Open/Close request packet ► Attack Development  Disrupt operation of SCADA system

28 Security Testing ► Disrupt communication between the control center and the remote substations ► ARP poisoning  Man-in-the-Middle attack  Filtered out original command requests  Replicated commands from the control center but the relay reported no change in the status of the circuit ► Results  Successfully filters command request  Control center command lockout

29 Accomplishments ► Attack-defense testing and impact analysis: 1.Successful setup and configuration of our SCADA network 2.Incorporation of SCALANCE devices in VPN mode 3.Remote control of relay circuit breakers 4.Integration of an actual resistive load 5.Implementation of circuit breaker tripping in the event of an over- current detection 6.Compromising the operation of the SCADA system 1. Denial of Service attacks 2. Man-in-the-Middle attacks

30 Conclusions & Lessons Learned ► Scope of the project  Simple attacks  Local SCADA network ► Possibility of more sophisticated attacks ► Better understanding and management of the software and devices  More efficient operation of the system  Allows for more in-depth security evaluations

31 Discussion

Download ppt "Cyber Security of SCADA Systems Testbed Development May1013 Group Members: Ben Kregel Justin Fitzpatrick Michael Higdon Rafi Adnan Adviser: Dr. Manimaran."

Similar presentations

Team Dec13_11: Cole Hoven Jared Pixley Derek Reiser Rick Sutton Adviser/Client: Prof. Manimaran Govindarasu Graduate Assistant: Aditya Ashok PowerCyber.

Team Dec13_11: Cole Hoven Jared Pixley Derek Reiser Rick Sutton Adviser/Client: Prof. Manimaran Govindarasu Graduate Assistant: Aditya Ashok PowerCyber.
© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Copyright (c) 2008, All Rights Reserved. Iowa State University G. Manimaran & Chen-Ching LiuCPS-Energy Workshop-2009Page  1 SCADA control network.

Copyright (c) 2008, All Rights Reserved. Iowa State University G. Manimaran & Chen-Ching LiuCPS-Energy Workshop-2009Page  1 SCADA control network.
Physical and Cyber Attacks1. 2 Inspirational Quote Country in which there are precipitous cliffs with torrents running between, deep natural hollows,

Physical and Cyber Attacks1. 2 Inspirational Quote Country in which there are precipitous cliffs with torrents running between, deep natural hollows,
Upgrading Remote Access to the Analog Model Power System Amrit Dahal Ryan Litzko Client: Dr. Brian Johnson, ECE Dept. ECE 544: Control Systems and Critical.

Upgrading Remote Access to the Analog Model Power System Amrit Dahal Ryan Litzko Client: Dr. Brian Johnson, ECE Dept. ECE 544: Control Systems and Critical.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Personnel 500-600 hours$10,000-$12,000 Hardware Virtualization Server(?)$3000-$10,000 SIPROTEC 4 7SJ61 Relay s$0 SCALANCE S612 Security.

Personnel hours$10,000-$12,000 Hardware Virtualization Server(?)$3000-$10,000 SIPROTEC 4 7SJ61 Relay s$0 SCALANCE S612 Security.
K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.

K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.
A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.

A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.
Cyber Security of SCADA Systems Testbed Testbed Development Group Members: Justin Fitzpatrick Rafi Adnan Michael Higdon Ben Kregel Adviser: Dr. Manimaran.

Cyber Security of SCADA Systems Testbed Testbed Development Group Members: Justin Fitzpatrick Rafi Adnan Michael Higdon Ben Kregel Adviser: Dr. Manimaran.
1 Kyung Hee University Prof. Choong Seon HONG Network Control.

1 Kyung Hee University Prof. Choong Seon HONG Network Control.
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
11 SECURITY TEMPLATES AND PLANNING Chapter 7. Chapter 7: SECURITY TEMPLATES AND PLANNING2 OVERVIEW  Understand the uses of security templates  Explain.

11 SECURITY TEMPLATES AND PLANNING Chapter 7. Chapter 7: SECURITY TEMPLATES AND PLANNING2 OVERVIEW  Understand the uses of security templates  Explain.
1 ● Plant Automation Security Review of Cyber Security Attack at Maroochy Water Services ● Bradley Yager ● National Business Development Manager – Telemetry.

1 ● Plant Automation Security Review of Cyber Security Attack at Maroochy Water Services ● Bradley Yager ● National Business Development Manager – Telemetry.
Summary Device protocols tied intimately to applications. A need to significantly reduce critical data update times. Current network bandwidth consumption.

Summary Device protocols tied intimately to applications. A need to significantly reduce critical data update times. Current network bandwidth consumption.
IT Infrastructure Chap 1: Definition

IT Infrastructure Chap 1: Definition
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Certification and Accreditation CS-7493-01 Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

Similar presentations

Ads by Google