Presentation on theme: "Web site: Is your Plant Vulnerable to Cyber- Attack?"— Presentation transcript:
Web site: www.InduSoft.comwww.InduSoft.com email: email@example.com Is your Plant Vulnerable to Cyber- Attack?
Reported Incidents DCS sampling data sampling experiment interrupts DCS/PLC communications Password Hacked angry employee uses Ethernet to change passwords on PLCs in another department Massive sewage spill SCADA system hacked through wireless links by former contractor Virus crashed nuke plant SCADA system is hit with a virus that penetrated a private computer network at a nuclear power plant and disabled a safety monitoring system Insiders cause most security breaches
“Have you already tried launching a DOS attack against an Allen Bradley PLC? I only have Siematic PLC's here with me to play with.” Security Consultant on Pen-test Mailing List (9/28/2001)
Where do vulnerabilities occur in products, protocols, and systems? Definition & Design –Inadequate or unrealistic security requirements –Lack of security features (i.e. encryption authentication authorization) Implementation –Insecure coding practices –Narrow focus on functionality testing Configuration & Deployment –Insecure features enabled by default –Failure to configure devices and applications properly Information courtesy of CISCO System
Known Vulnerabilities in Control System Networks 802.11 Defaults Weak/default passwords Inadequate filtering on router/firewall OS defaults TCP/IP stack issues? Protocol flaws? OS/App flaws? Windows HMI BO WEP Flaws Network infrastructure device DoS Insecure comm links Insecure devices & protocols Less than weak authentication in devices and protocols Cleartext passwords Insecure remote access Undocumented commands/backdoors ConfigurationImplementationDesign Security Testing Code Audits Product Evaluation (CC) Vulnerability Assessments Information courtesy of CISCO System
Privacy - You can’t read a message Integrity - You can’t change a check amount Authenticity - You can’t forge a signature Security has three aspects
Someone stealing my data Virus infecting my system Someone impersonating me Someone modifying my data Standard Security Concerns
Inadequate or non-existent security policy Security is typically not a fundamental design requirement Root cause of most system vulnerabilities Passwords Poorly chosen, default, or none Simple perimeter security model Spectrum of security policy No policy Formal policy and procedures Policy and procedure implemented Policy enforced and audited Common Security Issues
Spectrum of Security Policy - Threats from Within PhysicalAccessOnly SomeKnowledgeNoAuthorizedAccess BasicUser Power User, No Special Privileges OperatorKnowledgewithPrivileges DomainKnowledgewithPrivileges Security Breeches from this Group may may not necessarily be Intentinal, but they could be...
Spectrum of Security Policy - Threats from Outside External Connectivity Paths Direct Access For Support Services (3rd party or staff) Fixed & Dial-in Communication Lines (RTU Comm) IP Based Communications (Private or Public Nets) Web Services provided by Control Center E-mail on Control Center Network (especially MS client) Operating System and Hardware If it is easy for your IT Department to manage, it is most likely easy for an outside party to infiltrate.
All Systems Have Weaknesses!! …But How Much Can We Reasonably Tighten System Security Without Impeding the System’s Ability to Perform Its Primary Function??... Security Issues
The question of countermeasures Security cannot be added everywhere So assuming we understand the system requirements, threats, and vulnerabilities–where do we deploy countermeasures??? –End devices – device authentication and authorization –Protocol – message integrity and authorization –Applications – user authentication and authorization –Network Devices – protocol awareness, integrity, traffic encryption, user/traffic authentication Assuming we can address performance, but how do we address complexity?
Make a secure server Use firewall to restrict access to server Encrypt all communications Authenticate Server to Client Audit Server: logs, tripwires, etc. Restrict physical access to server Stay current with operating system and application updates Documented and practiced disaster recovery procedure Run virus-protection software Client/Server Security Fundamentals
Each computer is untrusted Peers probably don’t have trusted relations Capacity for rapid spread of trouble Decentralization can make audit difficult Except Web Applications are Harder to Secure
Security Policies and Remedies Security Policies Firewalls and Gateways Additional Protective Measures User Authentication
Security Policies An effective Security Policy includes: Acceptable Use Statement Network Access Restrictins (Internal & External) Privacy Statement Can specify that all connectivy, E-mail, Web Access, etc. is subject to monitoring at Company’s discreation Password Requirements Strong content, structure and expiration Enforcement Statement Remedies for policy violations, as well as reporting guideliens (routine monitoring) External Server Access and Software Download Policies Security Audits and Assocated Security Alterations Information courtesy of UTSI International
IP Related Protection A Firewall/Gateway Is Your First Line Of Defense Against Unwanted IP Based Access. There Should Be A Firewall Present At Every IP Based Entry Point Into The System/Network, Even Internal Network Connection Points Important Features To Implement Include IP Address Blocking or Disabling IP Port Disabling Protocol Blocking – Inbound And/Or Outbound If The Internal Network Is Rogue Provides IP Address Translation Information courtesy of UTSI International
Other Protective Measures Use Secure RTU Protocol Techniques That Inhibit Easy Access To Remote Site Automation Systems. Digitally Signed Messages Encrypted Messages Eliminate Dependency on Simple Protocols Unless Encapsulated with Secure Messaging Techniques Eliminate As Many Direct Access Paths To Critical Systems As Possible Reduce Dependency On Homogeneous Systems Information courtesy of UTSI International
Authenticate Users With A Primary Domain Controller. The Following Guidelines Are Important To Ensure That Only Authorized Users Are Permitted Access: Remove All Dormant Accounts Rename/Replace Default Accounts And Passwords Require Users To Change Passwords Frequently Through Time Based Expiration Enforce The Use of Strong Password Encoding Authenticated Users Are Only Granted Access To System Resources Based On Their Profiles User Authentication Information courtesy of UTSI International
Generate event logs, allowing traceability of actions and access to data. Implement document encryption for record confidentiality, as appropriate. Use digital signature (encrypted) for record authenticity and integrity. Periodic check of identification code and password (password aging). Detect and immediately report any unauthorized attempt to use identification codes and passwords. Event Logger for audit trail. SCADA/HMI Tools to Improve Security
Web Solution – Security System Server controls access to the application Transactions are encrypted
Develop a security policy specify goals, responsibilities, and accepted behaviors Design a network architecture multi-level network Place firewalls between the levels Implement intrusion detection systems Design security methodology inside your SCADA/HMI system Develop exception logging procedures Create an incident response plan Recommendations
Good Security is an ongoing process, not just a one time project.