Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security metrics in SCADA system Master of Computer and Information Science Student: Nguyen Duc Nam Supervisor: Elena Sitnikova.

Similar presentations

Presentation on theme: "Security metrics in SCADA system Master of Computer and Information Science Student: Nguyen Duc Nam Supervisor: Elena Sitnikova."— Presentation transcript:

1 Security metrics in SCADA system Master of Computer and Information Science Student: Nguyen Duc Nam Supervisor: Elena Sitnikova

2 2 Introduction Thesis question SCADA system  Structure  Challenges Security metrics  Definition  Broad classes of metrics  Security metrics in SCADA Conclusion

3 3 Thesis question How can the security of SCADA systems be measured?  Definition of SCADA system  Why we concern about security in SCADA system?  How?

4 SCADA system Supervisory control and data acquisition (SCADA) system SCADA system are widely used in:  Monitor and control industrial systems  Oil and gas  Air traffic and railways  Power generation and transmission  Water management  Manufacturing  Production plants 4

5 5 SCADA Structure Figure 1: SCADA System General Layout (Stouffer et al. 2008)

6 Challenges of SCADA system Number of attacks on SCADA increasing  330 reported attacks on oil and gas in 30 countries from 1990 to 2004.  70% of their clients had at least one major attack in the first six months of 2002 and it is 57% in the last six months of 2001 (Riptech)  Attack on Maroochy Shire Council’s sewage control system 2000  Slammer worm 2003  Zotob 2005  Center of Strategic and International Studies: 2009 less than 50% respondents > 2010 more than 80% 6

7 Security metrics “metrics” describes a broad category of tools used by decision makers to evaluate data in many different areas of an organization.  No more than 1% untrained Security metrics cannot always be applied directly to systems  Use strong user passwords with limited lifetime and account lockout >< during critical event make confusion 7

8 Three broad classes of metrics Organizational metrics: describe and track the effectiveness of organizational programs and processes Operational metrics: describe and manage risks to operational environments including as-used systems and operating practices Technical metrics: describe and compare technical objects such as algorithms, specifications, architectures and alternative designs, products and implemented systems. 8

9 Organizational metrics Assessing the adequacy of the standards, policies and procedures adopted by the organization to enhance security  Answer:  Has an industry standard for security been adopted by the organization?  Is there a policy that calls for an annual cyber security?  Is there a policy that requires operators and maintenance personnel to receive periodic cyber security training?  Is there a procedure that needs to be followed? 9

10 Operational metrics Assessing how well the organization’s formal policies and procedures are implemented by the responsible staff member Answer:  Are cyber security inspections conducted by personnel who have received specialized training in cyber security?  If so, was the certified training course meets industry standards?  Is each inspection carried out by personnel who are independent of technical group that is responsible for day to day operations?  Are the results of each inspection documented and saved into an inspection database? 10

11 Technical metrics Assessing the adequacy of security being imposed to protect specific components of system. Answer:  How many attempts have been made this week to access the system from internet? Does this represent a 50% increase above the normal usage level?  What is the ratio between the number of unsuccessful and successful attempts to access the system? Does this ratio exceed the criteria for concern?  Is the modem cable (link system and verdors) kept disconnected and stored the appropriate distance away from the modem when not in actual and approved use? 11

12 Technical metrics (continued) Antivirus and antispyware software installed on machines Updated machines Vulnerabilities per machines Host uptime Downtime Application vulnerability Number of attacks Probability of attacks Shortest length of attacks 12

13 Recommendations for developing metrics Bottom up versus top down  Bottom up: identifying existing data as starting point  Top down: starting with the goals and questions of the end user Product and system design metrics Return on investment Metrics based on compliance with security standards or best practices Real-time monitoring metrics 13

14 14 Conclusion Big overview of SCADA system and security metrics Metrics are used in many industries but the metrics for evaluation and analysis of security are not widely available due to lack of focus on cyber security and limited security technologies specifically designed for PC Number of security metrics tools are growing but some of them can applied directly to SCADA system Out next step is based on this thesis, develop a metric that meet the needs of a specific industry. We highly encourage industry supports and feedback on future work

15 Thanks 15

Download ppt "Security metrics in SCADA system Master of Computer and Information Science Student: Nguyen Duc Nam Supervisor: Elena Sitnikova."

Similar presentations

Ads by Google