Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Security of SCADA Systems Remote Terminal Units (RTU)

Published byAgustín Quiroga Modified over 5 years ago

Similar presentations

Presentation on theme: "Cyber Security of SCADA Systems Remote Terminal Units (RTU)"— Presentation transcript:

1 Cyber Security of SCADA Systems Remote Terminal Units (RTU)
May 1013 Problem SCADA systems are designed to provide an efficient solution to monitoring, regulation and control of various utilities. With many of the SCADA systems being significantly dated, security was little concern prior to today’s internet age. For this reason most control systems are open to attack from the outside. Design and implementation of SCADA test beds for use in security evaluation, testing and simulations is necessary to guarantee the safety of our critical infrastructure and utilities. Overview Critical infrastructure systems, such as electric power grid and water distribution systems, use SCADA (Supervisory Control and Data Acquisition) systems for a variety of sensing, decision making and control associated with real-time operation of the infrastructure systems. Our testbed will be used to conduct attack-defense exercises to study the various vulnerabilities of SCADA systems and their potential impacts on the performance and stability of the power system. The goal of the project is to integrate real-time power system simulation capabilities into the SCADA testbed, and conduct cyber attack-defense evaluations on the integrated system. The SCADA network consists of three major components and levels of abstraction Control Center Remote Terminal Unit (RTUs) Field devices (Relays) Functional Requirements Establish an operational SCADA test bed Incorporate security features into the SCADA test bed Integrate a live resistive current load Conduct simulations and analysis on the test bed Conduct attack scenarios for the test bed System Diagram Scalance Remote Terminal Units (RTU) Communication Communication Control Center Instruction Instruction These devices live between the control center and sensory relay devices. SICAM PAS (Power Automation System) is a piece of software that runs on and acts as a Remote Terminal Unit (RTU) which is responsible for interpreting sensory data about a process and communicating this data to a control center running the Spectrum Power TG software. This SCALANCE S612 device is designed to provide point-to-point data protection between SCALANCE cells, located upstream from the devices to be protected. The SCALANCE device encrypts and sends data in real-time, while allowing for remote access through internet gateways. Additionally, communication is only possible between authenticated and authorized devices. The Control Center is the main Human-to-Machine Interface (HMI) device for our test bed which allows a human user to monitor and control multiple sub-station hubs from a single control center. The HMI software, Spectrum Power TG, for the control center allows the user to navigate the database items using a helpful and detailed GUI. This interface can be accessed locally or remotely using secure network connections. From this hub administrators can analyze current/voltage levels, trip breakers. Control center redundancy is provided in the form of control terminal hot-swapping and multiple databases. Communication Instruction The SIPROTEC 4 7SJ61 relay devices represent the sensor component of each remote substation. The purpose of these relays within our system is to measure and capture real-time transient current data. Additionally, the relays act as a circuit-breaker that allows an operator to remotely open and close the relay connection as well as tripping in the event of overcurrent. These relays are operated, automated and managed by the Siemens DIGSI 4 software, which supports the relays in the retrieval of “processed information.” Testing The testing of our SCADA system was progressive over the course of our project as we completed each goal or “phase.” Our first goal after setting up and configuring our network was to be able to open and close a circuit breaker from the control center. Correct operation of the switching command was confirmed by an LED light on the relay that indicates the relay circuit as being open or closed. The next objective was to integrate a resistive load into the system. Attaching a load to a relay allowed us to observe live, real-time current on the system. We could then observe the amperage value sensed by the relay. When this was achieved, we set up overcurrent tripping on the relays. The goal was to configure the relays to break their circuit or “trip” in the event of current passing through the relay surpassing a set threshold. We tested this by attaching a variable resistive load to the. Correct operation was verified by noting whether a relay “tripped” when subjected to an overcurrent. Our last exercise was to attempt to disrupt communication between the control center and the remote “sub-stations” (RTU and relay). Using the technique of ARP poisoning we were able to execute a Man-in-the-Middle attack by inserting a computer between the control center and a sub-station RTU. We filtered out command requests to open and close the relay circuit. To test this attack we attempted to open and close the relay from the control center but the relay reported no change in the status of the circuit. Network Layout Relays Wireshark Analysis Summary Our senior design team successfully met all of our goals for implementing and configuring our SCADA network testbed for use in attack-defense testing and impact analysis. During the course of our project we were successful in accomplishing all of our goals. First, we successfully set up and configured our SCADA network so that all devices and systems were able to communicate with each other. Second, we integrated the SCALANCE S612 security cells into our network to provide an encrypted point-to-point VPN connection between security cells. Third, we were able to remotely open and close our relay circuit breakers. Fourth, we successfully integrated an actual resistive load into our SCADA system along with implementing circuit breaker tripping in the event of an overcurrent detection. Lastly, we were able to compromise the operation of the SCADA system using a Denial of Service attack and a Man-in-the-Middle attack. The scope of our project was limited to simple attacks performed local to the SCADA network. Further work could be done to develop more sophisticated attacks and attacks that can be carried out remotely. Better understanding and management of the software systems and devices within the system would benefit not only the operation of the system but also allow for a more in depth security evaluation. Team Members: Justin Fitzpatrick (EE) Ben Kregel (EE) Faculty Advisor / Client : Manimaran Govandarinsu Website: Michael Higdon (CprE) Rafi Adnan (EE)

Download ppt "Cyber Security of SCADA Systems Remote Terminal Units (RTU)"

Similar presentations

Performance Testing - Kanwalpreet Singh.

Performance Testing - Kanwalpreet Singh.
Team Dec13_11: Cole Hoven Jared Pixley Derek Reiser Rick Sutton Adviser/Client: Prof. Manimaran Govindarasu Graduate Assistant: Aditya Ashok PowerCyber.

Team Dec13_11: Cole Hoven Jared Pixley Derek Reiser Rick Sutton Adviser/Client: Prof. Manimaran Govindarasu Graduate Assistant: Aditya Ashok PowerCyber.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Toward Open Source Intrusion Tolerant SCADA Trevor Aron JR Charles Akshay Srivatsan Mentor: Marco Platania.

Toward Open Source Intrusion Tolerant SCADA Trevor Aron JR Charles Akshay Srivatsan Mentor: Marco Platania.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Upgrading Remote Access to the Analog Model Power System Amrit Dahal Ryan Litzko Client: Dr. Brian Johnson, ECE Dept. ECE 544: Control Systems and Critical.

Upgrading Remote Access to the Analog Model Power System Amrit Dahal Ryan Litzko Client: Dr. Brian Johnson, ECE Dept. ECE 544: Control Systems and Critical.
Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.

Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.
Personnel 500-600 hours$10,000-$12,000 Hardware Virtualization Server(?)$3000-$10,000 SIPROTEC 4 7SJ61 Relay s$0 SCALANCE S612 Security.

Personnel hours$10,000-$12,000 Hardware Virtualization Server(?)$3000-$10,000 SIPROTEC 4 7SJ61 Relay s$0 SCALANCE S612 Security.
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.

A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.
SCADA and Telemetry Presented By:.

SCADA and Telemetry Presented By:.
Cyber Security of SCADA Systems Testbed Testbed Development Group Members: Justin Fitzpatrick Rafi Adnan Michael Higdon Ben Kregel Adviser: Dr. Manimaran.

Cyber Security of SCADA Systems Testbed Testbed Development Group Members: Justin Fitzpatrick Rafi Adnan Michael Higdon Ben Kregel Adviser: Dr. Manimaran.
2015-09-111 These materials are prepared only for the students enrolled in the course Distributed Software Development (DSD) at the Department of Computer.

These materials are prepared only for the students enrolled in the course Distributed Software Development (DSD) at the Department of Computer.
DEC0905 Remote Control of Home Appliances ABSTRACT The objective of this project is to enable users to remotely control home appliances and systems over.

DEC0905 Remote Control of Home Appliances ABSTRACT The objective of this project is to enable users to remotely control home appliances and systems over.
IT Infrastructure Chap 1: Definition

IT Infrastructure Chap 1: Definition
Abstract Other Resources Financial Resources Project Schedule Personnel Efforts Item DescriptionCost STK300 Microcontrollerdonated (Kanda) GM28 Cellular.

Abstract Other Resources Financial Resources Project Schedule Personnel Efforts Item DescriptionCost STK300 Microcontrollerdonated (Kanda) GM28 Cellular.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.
WELCOME TO SEMINAR ON SCADA WELCOME TO SEMINAR ON SCADA Presented by: ANIL KUMAR RAUT Adm No:33IE/2k.

WELCOME TO SEMINAR ON SCADA WELCOME TO SEMINAR ON SCADA Presented by: ANIL KUMAR RAUT Adm No:33IE/2k.
Unit 5 CONTROL CENTERS AND POWER SYSTEM SECURITY.

Unit 5 CONTROL CENTERS AND POWER SYSTEM SECURITY.
WebCast 5 May 2003 Proposed NERC Cyber Security Standard Presentation to IT Standing Committee Stuart Brindley, IMO May 26, 2003.

WebCast 5 May 2003 Proposed NERC Cyber Security Standard Presentation to IT Standing Committee Stuart Brindley, IMO May 26, 2003.

Similar presentations

Ads by Google