Add to collection(s) Add to saved
  1. Business
  2. Finance

How Secure is Your SCADA System?

advertisement 
How Secure is Your
SCADA System?
Charles Drobny
Gl b L i IInc.
GlobaLogix,
Houston, TX, USA
Our Industry
Ou
dust y is
s a Target
a get
•
•
•
40% of cyber attacks on Critical Infrastructure targets are aimed at
the Energy Industry
The potential to disrupt commerce and generate catastrophic events
is real.
Oil & Gas companies are vulnerable and attractive targets. SCADA
is a point of concern.
– SCADA (Supervisory Control And Data Acquisition)
– Supervisory Control of pipeline operations, plant operations,
platform operations and well site operations.
– Data Acquired includes strategic information on
production, deliveries, operating efficiencies that
offer competitive
p
advantage
g and can impact
p
p
product
pricing and shareholder value if it falls in the wrong
hands.
Cyber Attacks on Critical Infrastructure
T
Targets
t are Under-reported
U d
t d
Media reports in the past year include:
•
•
•
In 2012 Saudi Aramco was crippled by malware (possibly the
Shamoon Worm) from 15 Aug to 10 Sept.
A Major SCADA software provider was hacked in late August early
September of 2012
Chevron announced in 2012 that the Stuxnet virus had been
introduced into the Chevron networks.
There are many more anecdotal reports spread by word of mouth and
rumor.
Whyy are attacks under reported?
p
Four Major Risks
1. The Safety Risk – Targeting a SCADA
system
y
in order to g
gain control of the
operating system brings to mind the worst
case scenarios.
•
•
•
Deliberate Malicious Interference
Catastrophic Results
Life Threatening
Four Major Risks
2. Meeting Regulatory Requirements
•
•
Failure to act now – waiting to see what may
be required – is a poor plan.
Failure to meet regulatory
g
y steps
p can result in
interruption of business and fines.
Four Major Risks
3. Lost Production & Lost or Damaged
Major
j Assets
•
•
•
Impact to production
Interruption of trade
Disastrous to a company’s reputation and
p
profitability.
y
Four Major Risks
4. Impacts to Share Holder Value
•
•
The damage to a company’s
company s reputation from
a catastrophic incident caused by the cyber
attack on a SCADA system can drive down
stock prices.
The shareholder value will be effected by
physical events such as explosions, pipeline
ruptures, fires and the release of
production into the environment
environment.
SCADA Vulnerabilities
At the end point in a SCADA system the devices
can be access points to a SCADA system. Many
are IP addressed locations. Some have USB
ports or Ethernet connections. There are
managed switches in these remote locations
locations.
All are entry points for the hacker or a
site where malware can be introduced.
SCADA Vulnerabilities
At local controllers, RTUs, EFMs, Panels etc,
communication connection points exist for
maintenance and programming. In some cases
these locations have wireless connectivity.
Often these boxes and devices have no physical
security.
SCADA Vulnerabilities
The Local Area Networks and Wide Area Networks
are potentially vulnerable to attacks and
incursions. These WiFi, LTE, Radio, Microwave
and Satellite points offer targets to the hacker.
SCADA Vulnerabilities
The SCADA Server room, control room,
engineering desks offer the most easily
understood
d t d access ttargett for
f a cyber
b attack.
tt k
The separation of the Process Control Network
from the Enterprise
p
Networks do not insure full
protection from incursions. The Stuxnet
virus was introduced at this level with a
USB thumb drive.
drive
SCADA Vulnerabilities
The back office where the SCADA data is
converted into actionable information is often
times the entry point via the connections
between the enterprise networks and the
process control network
network.
Typical Architecture of SCADA
systems
More than one door and one window to lock.
What can/should be done by Oil &
G companies?
Gas
i ?
•
•
•
•
To put a cyber security strategy in place and in
action, today’s executive needs to know:
How can critical infrastructures such as SCADA
be compromised?
How can they insure the information they report
is accurate?
What regulations apply and are coming in 2014?
What tactics must be in place to
address
dd
risks?
i k ?
How to address these issues
Prevention & Defense
Assessment
&
Evaluation
Detection &
Response
Monitoring
Assessment & Evaluation
Assessment
&
Evaluation
• Conduct “Regular Evaluations” of
SCADA security
• Plan to Defend against an attack
• How will the company Respond to an
Attack
• Plan to Report the Attack
• Plan for Litigation Defense
• Plan to Comply
• Plan to Reassess and
Re
Reevaluate
Prevention
Prevention &
Defense
The Defense Strategy
• Firewalls*
Firewalls
• Packet Filtering Firewalls
• Stateful Inspection Firewalls
• Application-Proxy Gateway Firewalls
• Software Approaches
• Server Room Approaches
* NIST Special Publication 800-82 rev 1 5
5.1
1
Monitoring
Monitoring
• What is monitored?
– Comparing normal traffic to abnormal
t ffi on network
traffic
t
k
– Using Firewall reporting of attempts to
identify patterns
– Compare data patterns
– Compare alarm events for patterns
– Comparing remote user
traffic patterns
Detection & Response
Detection &
Response
• Identify what does an attack look
like
• Identify the response plan
– Redeploy alternative systems
– Manual intervention
– Respond at multiple levels
• Practice
– Test
T
& Drill
D ill
Strategy Assessment
• Assessment – These may be overdue or inadequate
• Standards Writing – These are organic living
documents that need to be maintained and updated.
• Response Plans - These ma
may be o
overdue
erd e or
inadequate. These may need to change.
• Intrusion Defense – These are typically considered
after the attack has occurred.
• Recovery
y Defense – If a company
p y waits
until the attack they are too late.
IA is not IT
IA (Information Assurance) is an independent
role from IT.
IT is typically an internal role. IA is not
necessarilyy an internal role.
Are you allowed to perform your financial audits
internally?
y Consider a q
qualified 3rd p
party
y
professional for IA audits.
Alternative Approaches
The hacker’s friend is the standard approach.
Consider
C
id alternatives
lt
ti
which
hi h may offer
ff b
better
tt
security.
Example: Is the server room the best place for
the SCADA application
pp
software & data
bases?
Distributed Cloud Platform
A Distributed Cloud Platform spreads your
application and data across multiple data
centers each with different security layers.
Don’t p
put all yyour eggs
gg in one basket.
Many use exclusively tier 3 and tier 4 Data
Centers offering
g superior
p
security.
y 2048 bit
encryption is often an option.
Thiss option
op o offers
o e s eco
economic
o c
advantages as well.
What is at stake?
Can any executive afford to not address the risks:
• Human Life
• Lost Production
• Damaged or Lost Assets
• Environmental Disaster
• Reputation
• Shareholder
Sh h ld value
l
There are steps that can be taken now.
Is your SCADA system as secure as it
should be?
Is
Related documents
– Check the SCADA Worksheet 1 Complete the following details:
– Check the SCADA Worksheet 1 Complete the following details:
– Check the SCADA Worksheet 1 Complete the following details:
– Check the SCADA Worksheet 1 Complete the following details:
MODERN CONTROL SOLUTIONS
MODERN CONTROL SOLUTIONS
Document12995137 12995137
Document12995137 12995137
SCADA Resilience via Autonomous Cyber-Physical Agents Joseph A. Giampapa
SCADA Resilience via Autonomous Cyber-Physical Agents Joseph A. Giampapa
Ozan Cakmak
Ozan Cakmak
Download
advertisement