Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA
Page
Paper 1:
Page
Type of Paper
Expository
Page
The Problem:
Page
The Problem
SCADA systems need to be secure since a
Page
The Problem
Risks come from insiders as well as new access points opened by connecting the SCADA system to corporate networks, engineers, contractors, vendors, etc. These risks have been somewhat mitigated by firewalls and Demilitarized Zones (DMZs)
Risks also come from use of standardized protocols, hardware and software Communication protocols are becoming more standardized to allow different hardware to communicate
Page 6
The Solution
The objective of the VIKING project is to develop, test and evaluate methodologies for the analysis, design and operation of resilient and secure industrial control systems for critical infrastructure.
Page
Background
Structure of a SCADA System
Sensors Remote Terminal Units (RTUs) Station Control Systems Central Control System
Page
The Solution
The VIKING project aims to take a holistic
Page
2. society model
- used to gauge economic consequences of an attack
Page 11
The Assumptions
Page 12
Paper 2:
Page 13
Type of Paper
Best-practices paper
Page 14
The Problem
in mind
Organizations using SCADA networks need to
Page 15
The Solution
2 Categories:
1. Actions to Take to Increase Security 2. Management Actions to Establish Effective
Security Program
Page 16
Page 17
hours-a-day
Page 18
vulnerabilities
10. Check physical security of all remote sites that
Page 19
organization personnel
13.Document the information security architecture
principle
Page 20
delineated requirements
17.Establish configuration management processes 18.Conduct routine self-assessments 19.Create system backups and disaster recovery
plans
Page 21
Page 22
The Assumptions
Page 23
Paper 3:
Page 24
Type of Paper
Survey paper
Page 25
The Problem
Page 26
The Problem
Specific Vulnerabilities Listed:
HMI controller: Can falsify what operator sees sensor-HMI link: Can spy on what operator sees actuator-controller link: Can see what actuators are told to do sensor threshold values and settings: Can modify settings actuator settings: Can modify settings
Page 27
The Problem
Security research on SCADA systems is lacking
Unrealistic testing environments Poorly analyzed threat models IDS implementations specific to different SCADA environments Lack of analysis of false positives/false negatives of IDSs
Page 28
The Problem
100% prevention of attacks is impossible
Must combine prevention with detection
The Solution
Create SCADA-specific IDS and security metrics Ideal system should be able to:
detect and block intrusions in real time do so without interrupting performance do so without extra burdens due to false positives do so despite normal noise
Page 30
The Solution
Types of IDS:
signature detection approach anomaly detection approach probabilistic approach specification-based approach behavioral detection approach
Page 31
The Solution
Page 33
communication channels
kind of like a firewall
Page 35
unauthorized access
store settings and details of each SCADA device
Page 36
Page 37
Page 38
network layers)
combine anomaly-, behavioral-, and
Page 40
SHARP
uses authentication and privilege escalation
Page 41
The Assumptions
Page 42