Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Security of SCADA Systems Testbed Testbed Development Group Members: Justin Fitzpatrick Rafi Adnan Michael Higdon Ben Kregel Adviser: Dr. Manimaran.

Published byThomasine Payne Modified over 8 years ago

Similar presentations

Presentation on theme: "Cyber Security of SCADA Systems Testbed Testbed Development Group Members: Justin Fitzpatrick Rafi Adnan Michael Higdon Ben Kregel Adviser: Dr. Manimaran."— Presentation transcript:

1 Cyber Security of SCADA Systems Testbed Testbed Development Group Members: Justin Fitzpatrick Rafi Adnan Michael Higdon Ben Kregel Adviser: Dr. Manimaran

2 What is SCADA? Supervisory Control and Data Acquisition

3 High Level Components Human Machine Interface Human Machine Interface Remote Terminal Unit Remote Terminal Unit Sensors Sensors

4 SCADA Network Topology WWW Sub 1Sub 2 Relay 1 Relay 2 Sicam 1 Sicam 2 Control Host 1Host 2...217...213...210...218 129.186.5.195...193...194...201...203

5 Motivation Reliability Reliability Protection against attack Protection against attack Proactive development of security compliance solutions Proactive development of security compliance solutions

6 Requirements and Goals Develop system software fluency Develop system software fluency Power TG Power TG Develop SCADA testbed Develop SCADA testbed Configure network communication Configure network communication Integrate hardware simulation Integrate hardware simulation Relays Relays SCADA system security evaluation and testing SCADA system security evaluation and testing

7 Constraints Time and scheduling resources Time and scheduling resources Homeland security protocols Homeland security protocols Learning curve for equipment Learning curve for equipment Limited test equipment Limited test equipment 2 relays 2 relays 3 scalance units 3 scalance units

8 Large project scope Large project scope One piece at a time One piece at a time Small “experiments” Small “experiments” Project Design

9 Schedule Establish a software model Establish a software model Substations and generation Substations and generation October 2009 October 2009 Integrate hardware into software Integrate hardware into software Establishes a full test bed Establishes a full test bed December 2009 December 2009 Test vulnerabilities and holes in system Test vulnerabilities and holes in system Jan-May 2010 Jan-May 2010

10 Purpose Purpose Understand software and devices Understand software and devices Deliverables Deliverables Software guides and explanations Software guides and explanations Testing Testing Set-up/configuration of software and devices Set-up/configuration of software and devices Experiment 1

11 Software Software PowerTG PowerTG DNP server DNP server SICAM PAS SICAM PAS DIGSI DIGSI SCALANCE configuration software SCALANCE configuration software Devices Devices SCALANCE SCALANCE Relays Relays Software and Devices

12

13 Purpose Purpose Connectivity within SCADA network Connectivity within SCADA network Deliverables Deliverables Network hardware setup (switches, Ethernet) Network hardware setup (switches, Ethernet) PowerTG can communicate with SICAM RTUs PowerTG can communicate with SICAM RTUs Testing Testing RTUs connect to DNP server RTUs connect to DNP server Ability to trip (on/off) specific RTU relay Ability to trip (on/off) specific RTU relay Experiment 2

14 SCADA Network Topology WWW Sub 1Sub 2 Relay 1 Relay 2 Sicam 1 Sicam 2 Control Host 1Host 2...217...213...210...218 129.186.5.195...193...194...201...203

15 DNP Server Connection

16 Tripping a Relay

17 Purpose Purpose Implementation of SCALANCE units Implementation of SCALANCE units Deliverables Deliverables Insertion SCALANCE devices into Network as gatekeepers Insertion SCALANCE devices into Network as gatekeepers Testing Testing RTUs connect to DNP server RTUs connect to DNP server Ability to trip (on/off) specific RTU relay Ability to trip (on/off) specific RTU relay Block unauthorized connections Block unauthorized connections Inability to create connections to the outside Inability to create connections to the outside Experiment 3

18 Will be primarily used for firewall and IPsec tunnel (VPN) Will be primarily used for firewall and IPsec tunnel (VPN) Protocol Independent Protocol Independent No repercussions when included in flat networks No repercussions when included in flat networks Protection for devices and network segments Protection for devices and network segments SCALANCE Modules

19

20 Need to set up all rules for ingoing, outgoing packets via IP addresses Need to set up all rules for ingoing, outgoing packets via IP addresses Does not let anything else in our out Does not let anything else in our out Effectively the same as tunneling Effectively the same as tunneling Very inconvenient Very inconvenient Secured by Firewall

21 Security Topologies

22 Only communication between SCALANCE devices allowed. Only communication between SCALANCE devices allowed. All nodes behind SCALANCE can talk to other nodes behind SCALANCE devices. All nodes behind SCALANCE can talk to other nodes behind SCALANCE devices. Dashed green lines on next slide Dashed green lines on next slide No additional rules required. Add to group and automatically part of tunnel. No additional rules required. Add to group and automatically part of tunnel. Secured by IPsec Tunnels

23 Security Topologies

24 All internal nodes send packets to the external network and keep their IP addresses hidden by the NAT functionality All internal nodes send packets to the external network and keep their IP addresses hidden by the NAT functionality Used to protect IP address of each node behind SCALANCE device Used to protect IP address of each node behind SCALANCE device NAT Router Mode

25 Experiment 4 Purpose Purpose Implementation of adjustable load on relay Implementation of adjustable load on relay Deliverable Deliverable Adjustable load connection to RTU relay Adjustable load connection to RTU relay PowerTG automatically trips relay if load exceeds a pre-set threshold PowerTG automatically trips relay if load exceeds a pre-set threshold Testing Testing Relay trips when load exceeds threshold Relay trips when load exceeds threshold

26 SCADA Network Topology WWW Sub 1Sub 2 Relay 1 Relay 2 Sicam 1 Sicam 2 Control Host 1Host 2...217...213...210...218 129.186.5.195...193...194...201...203

27 Plan for Load Testing Develop a variable load Develop a variable load Run load through relays Run load through relays Monitor load data with PowerTG Monitor load data with PowerTG Define low and high constraints Define low and high constraints Dependent upon observed load Dependent upon observed load Operate relays Operate relays Open circuits Open circuits

28

29 Experiment 5 Purpose Purpose Security evaluation Security evaluation Deliverable Deliverable Look for vulnerabilities Look for vulnerabilities Development of attacks to penetrate SCADA network to perform malicious actions Development of attacks to penetrate SCADA network to perform malicious actions Testing Testing Play-out and determine if attacks are effective Play-out and determine if attacks are effective

30 Try and come up with attack scenarios Try and come up with attack scenarios Packet flooding Packet flooding Compromising VPN security? Compromising VPN security? Physical intrusion Physical intrusion Run attack/defense simulations Run attack/defense simulations Use CSET to verify CIP compliance Use CSET to verify CIP compliance Security Test Plan

31 Questions?

Download ppt "Cyber Security of SCADA Systems Testbed Testbed Development Group Members: Justin Fitzpatrick Rafi Adnan Michael Higdon Ben Kregel Adviser: Dr. Manimaran."

Similar presentations

Network Security Essentials Chapter 11

Network Security Essentials Chapter 11
Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Team Dec13_11: Cole Hoven Jared Pixley Derek Reiser Rick Sutton Adviser/Client: Prof. Manimaran Govindarasu Graduate Assistant: Aditya Ashok PowerCyber.

Team Dec13_11: Cole Hoven Jared Pixley Derek Reiser Rick Sutton Adviser/Client: Prof. Manimaran Govindarasu Graduate Assistant: Aditya Ashok PowerCyber.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Firewall Configuration Strategies

Firewall Configuration Strategies
Presented by Serge Kpan LTEC 4550.020 Network Systems Administration 1.

Presented by Serge Kpan LTEC Network Systems Administration 1.
1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.

1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Beth Johnson April 27, 1998. What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.

Beth Johnson April 27, What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.
Toward Open Source Intrusion Tolerant SCADA Trevor Aron JR Charles Akshay Srivatsan Mentor: Marco Platania.

Toward Open Source Intrusion Tolerant SCADA Trevor Aron JR Charles Akshay Srivatsan Mentor: Marco Platania.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
A Guide to major network components

A Guide to major network components
Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.

Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.

Similar presentations

Ads by Google