Presentation on theme: "A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection."— Presentation transcript:
A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection of Vital Infrastructures
VIKING - 2 VIKING Society is dependent on electricity
VIKING - 6 VIKING Why could SCADA be targeted? SCADA systems monitor and control production and distribution of i.e. electricity, gas and heat. SCADA systems were traditionally physically separated from the office IT network, using proprietary protocols and OS SCADA systems was not in the scope of IT SCADA systems develops today on a standard platform with standard protocols SCADA systems are normally not patched and have a life-cycle of 20 year SCADA systems have today direct access to the office IT networks and systems
VIKING - 7 VIKING SCADA system and security ? From the GAO report, May 2008, security study regarding TVA. Remote access system was not securely configured System and clients was not security patched Lack of security security settings for key programs Firewalls were bypassed or inadequately configured Passwords were not effectively implemented Logging was limited No antivirus protection Lack in security in the connections between Process and Office IT network Etc….. Conclusion “TVA Needs to Address Weaknesses in Control Systems and Networks
VIKING - 9 VIKING Potential Consequences Northeast Blackout 2003, US and Canada 50 million people without electricity Financial losses estimated to 6-10 billion USD Railway system interrupted Airports shut down (passenger screening, electronic tickets) Gas stations unable to pump gas Disrupted cellular communication Disrupted television (cable tv) Internet traffic disrupted Water system lost pressure: boil water advisories, closing of restaurants Sewage spills CIA senior analyst Tom Donahue: “We have information that cyber attacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities.”
VIKING - 10 VIKING This is what we want to avoid!
VIKING - 11 VIKING Strategic objectives of the VIKING project The VIKING project will concentrate on cyber attacks on SCADA systems for the Transmission and Distribution of electricity. The project has the following objectives: Provide a holistic framework for identification and assessment of vulnerabilities for SCADA systems. The framework should provide computational support for the prediction of system failure impacts and security risks. Provide a reference model of potential consequences of misbehaving control systems in the power transmission and distribution network that can be used as abase for evaluating control system design solutions. Develop and demonstrate new technical security and robustness solutions able to meet the specific operational requirements that are posed on control systems for our target area. Increase the awareness of the dependencies and vulnerabilities of cyber-physical systems in the power industry.
VIKING - 12 VIKING Industrial Partners ABB AG (Germany) E.ON AG (Germany) Astron (Hungary) MML Analysis & Strategy (Sweden) Academic Partners Royal Institute of Technology (Sweden) ETH Zurich (Switzerland) University of Maryland (USA) Members
VIKING - 13 VIKING From security requirements to social costs Attack SCADA system Power network Societal cost
VIKING - 14 VIKING Modelling Approach Substation Power Grid Control Center Sensors Transmission Society Applications Actuators Operator Distribution state measurements commands actions commands decision- support information power Cost Substation Automation measurements commands Network attack
VIKING - 15 VIKING Substation Power Grid Control Center Sensors Transmission Society Applications Actuators Operator Distribution state measurements commands actions commands decision- support information power Cost Substation Automation measurements commands Network attack Power System Models Society Models Cyberphysical Models System Architecture Models Attack Inventory Models
VIKING - 17 VIKING Society Models Destroy transformer TD223… Grain write access to actuator GT435…
VIKING - 18 VIKING What characterizes the VIKING approach? Previous work has been focused on testing attacks on physical SCADA system Viking will do a model based approach Integrated analysis chain of models from attacks to societal cost Previous work has been focused on the central system, e.g. firewalls Viking looks on the complete SCADA system including substation and communication systems Development of new methodologies Use of power applications to detect manipulated data, i.e. higher level of Intrusion Detection System Use of security enhanced communication structures Coupling between physical process and IT systems models to study security issues Etc.
VIKING - 19 VIKING Potential Research Results of VIKING Estimates of the security risk (in terms of monetory loss for the society) based on threats trees, graphical system architecture and society models Comparable, quantitative results for cyber security for different control system solutions Use of existing model based application as application level Intrusion Detection Systems to detect manipulation of data Use of innovative and existing communication solutions to secure power system communication Help with identifying ”weak spots” and how to mitigate them An environment for performing what-if analyses of the security risk impact of different architecture solutions
VIKING - 20 VIKING Summary VIKING will investigate the vulnerability of SCADA systems and the cost of cyber attacks on society VIKING will propose and test strategies and technologies to counteract these weaknesses VIKING will increase the awareness for the importance of critical infrastructures and the need to protect them
VIKING - 21 VIKING Contact Project Coordinator Gunnar Björkman firstname.lastname@example.org Technical Coordinator Pontus Johnson email@example.com