![References and Additional Reading
[1] SCADA Security Research Tools
http://www.digitalbond.com/tools/
[2] Security Assessment Toolset
http://www.scadahacker.com/tools.html
[3] Getting Started on ICS and SCADA
Security
Part(1): http://www.tofinosecurity.com/blog/getting-
started-ics-and-scada-security-part-1-2
Part(2): http://www.tofinosecurity.com/blog/getting-
started-ics-and-scada-security-part-2-2
18](https://image.slidesharecdn.com/qatest10th-ali-pdf-170919074040/85/Critical-Infrastructure-Assessment-Techniques-to-Prevent-Threats-and-Vulnerabilities-18-320.jpg)
![ [4] Security Advisories and Exploits
http://www.digitalbond.com/scadapedia/vulnerability-
notes/
http://aluigi.altervista.org/adv.htm
http://www.scadahacker.com/vulndb/ics-vuln-ref-
list.html
[5] Jyostna, K., PADMAJA, V. (2011). Secure
Embedded System Networking: An Advanced
Security Perspective. International Journal of
Engineering Science and Technology (IJEST).
3 (5), 3854.
19](https://image.slidesharecdn.com/qatest10th-ali-pdf-170919074040/85/Critical-Infrastructure-Assessment-Techniques-to-Prevent-Threats-and-Vulnerabilities-19-320.jpg)
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerabilities
- 1. Critical Infrastructure Assessment Techniques to Prevent Threats & Vulnerabilities MR. SHAKEEL ALI 10th International Conference on Software QA and Testing on Embedded Systems
- 2. Short Biography Security Enthusiast, Evangelist, and Researcher Founder - Cipher Storm Ltd, UK Founder - Ethical-Hacker.Net BackBox Linux Contributor - A next-generation penetration testing platform Web Application Security Consortium (WASC) Project - Threat Classification TC v2 Book Publications: BackTrack 4: Assuring Security by Penetration Testing (April 2011), Packt Publishing, ISBN: 1849513945 Cyber Security Standards, Practices and Industrial Applications: Systems and Methodologies (August 2011), IGI Global Publishing, ISBN: 1609608518 2
- 3. Agenda Embedded System Applications In ICS Historic Incidents - What we have learned? ICS Network Architecture - Possible Attack Vectors Vulnerabilities - Broad View Threats - Who is targeting ICS? Prevention Strategies and Recommendations Risk Management Checklist ICS Evaluation Criteria References and Additional Reading 3
- 4. Embedded System Applications In ICS Several types of Embedded Systems : Supervisory control and data acquisition (SCADA) Distributed control systems (DCS) Programmable logic controllers (PLC) Human Machine Interface (HMI) Remote Terminal Units (RTU) Common Use: Electrical power generation and distribution, Chemical plant, Water management, Manufacturing facility, Transportation, Telecommunication, Oil and gas production, Nuclear power plant, Pharmaceutical, Defense systems, Wind energy, etc. 4
- 5. Historic Incidents - What we have learned? January 2003, Davis-Besse Nuclear Power Plant, Ohio, Slammer worm infected the whole network and disabled the safety monitoring systems. January 2005, a cyber attack knocked out power supply in three cities in the North of Rio De Janeiro, Brazil affecting tens of thousands of people. September 2007, a cyber attack caused major disruptions affecting more than 3 million people in dozens of cities in the Brazilian state of Espírito Santo. July 2010, a computer worm “Stuxnet” has targeted Siemens industrial platforms (Siemens PCS7, WinCC and STEP7) running on Windows OS. First of its kind included with Programmable Logic Controller (PLC) rootkit. 5
- 6. 6
- 7. Vulnerabilities - Broad View Easy to carry sophisticated/multi-layered attacks Confidence in commercial software Interconnected, web-enabled systems on distributed networks Competitive energy market High performance & reliability requirements Control Systems are inherently insecure Developed without security in mind Mostly with no firewall and intrusion detection capabilities Improper authentication controls 7
- 8. Use of open protocols (ICCP / CIM / DNP3 / Modbus / Profibus), increased use of intelligent devices, and lack of encryption. Insecure real-time OS at the control-processor level Remote access to these systems (dial-in modems, PC-Anywhere, FTP, etc) Default vendor passwords (sometimes hardcoded into the firmware) Host machines that control SCADA/DCS systems (XWindows or ActiveX controls) 8
- 9. Communications systems are used to send control signals (wired and wireless) could be jammed or manipulated via spoofing and DoS attacks. Proprietary operating systems (Windows, Unix, QNX, RTX, VxWorks) Access through corporate networks (application and network level attacks) Lack of communication within an operational organization 9
- 10. Threats - Who is targeting ICS? Hackers Hackers come in many forms Technically cognizant hackers with detailed knowledge of energy systems Cyber-terrorists No known/public example of cyber-terrorism to date Terrorist groups are constantly developing cyber attack capabilities Insiders Employee with detailed knowledge Disgruntled employees or ex-employees 10
- 11. State-sponsored cyber warfare activists Nation-states are actively developing cyber warfare capabilities Resources, capabilities, knowledge, and competences of the control systems and technologies 11
- 12. Prevention Strategies and Recommendations Identifying Critical Risks Develop business strategies to address control system vulnerabilities, threats, technology limitations, etc. Information sharing platform for cross-sector attacks Develop and implement strong encryption mechanism Regular assessment through SCADA Test Bed Legacy Systems Security Developing security solutions Long-term plan for legacy system development life cycle Implement secure connection best practices Security plan for incident response and recovery Security Tools Develop automated system for managing security alerts 12
- 13. Measurable security through metrics/standards Identifying effective perimeter security solutions System Architecture An integrated intrusion detection and prevention solution Security test harness Secure architecture with plug-and-play compatibility Staff Security Awareness Decisions that may introduce vulnerabilities into management and control system Background Checks Regular checks on current employees, new hires, and contractors Establish a security perimeter 13
- 14. Secure and minimize remote connections to control networks Secure and minimize local connections between corporate networks and control systems Implement strong access control Develop control system security policies and procedures Encrypt communications channels (SSL VPNs, SSH, PKI) Use one-way connections (diode firewall) Use dial-back modems, token-based authentication (e.g. RSA SecurID) 14
- 15. Disable all the unnecessary applications, services, and ports Remove or change all default/vendor-supplied passwords (e.g. SNMP community strings) Develop security tools and technologies for real- time OS suitable for your control systems environment Conduct an in-depth control systems cyber security audit Embedded systems quality assurance through formal verification and validation Develop and maintain BC/DR plan 15
- 16. Risk Management Checklist Identify critical functions and assets, and the impacts of their loss Identify what protects and supports the critical assets Evaluate and rank the potential threats and vulnerabilities Assess risk and determine priorities for asset protection Identify best mitigation strategies and their costs Initiate a security enhancement program Assist plant operators in identifying priorities for protecting energy infrastructure 16
- 18. References and Additional Reading [1] SCADA Security Research Tools http://www.digitalbond.com/tools/ [2] Security Assessment Toolset http://www.scadahacker.com/tools.html [3] Getting Started on ICS and SCADA Security Part(1): http://www.tofinosecurity.com/blog/getting- started-ics-and-scada-security-part-1-2 Part(2): http://www.tofinosecurity.com/blog/getting- started-ics-and-scada-security-part-2-2 18
- 19. [4] Security Advisories and Exploits http://www.digitalbond.com/scadapedia/vulnerability- notes/ http://aluigi.altervista.org/adv.htm http://www.scadahacker.com/vulndb/ics-vuln-ref- list.html [5] Jyostna, K., PADMAJA, V. (2011). Secure Embedded System Networking: An Advanced Security Perspective. International Journal of Engineering Science and Technology (IJEST). 3 (5), 3854. 19