A project under the
7th Framework Programme
CPS Workshop
Stockholm
12/04/2010
Gunnar Björkman
Project Coordinator
A Security Project for
the Protection of
Vital Infrastructures
Offic e LA N
Workstation for operators
D MZ LA N
Advanced Workstations
Firewall
SC A D A LA N
Firewall
Historic
B
A
Webserver
ICCP
Communication
Equipment (Front-End)
SCADA Server
(Online/Standby)
Application Servers
Modem
Communication Networks
Firewall
Firewall
System Vendors
CLARiiON
Automation Systems
for Substations
RTU /
PLC
CLARiiON
RTU /
PLC
Geographically distributed process
Other
Control Centers
CLARiiON
RTU /
PLC
IN TER N ET WA N
VIKING - 2
VIKING
Society is dependent on electricity
VIKING
VIKING - 3
The Power Network
VIKING
SCADA
Workstation for operators
Advanced Workstations
Office LAN
SCADA LAN
Firewall
A
SCADA Server
(Online/Standby)
B
Communication
Equipment (Front-End)
Application Servers
Modem
Communication Networks
System Vendors
Front-End
Substation LAN
Front-End
Firewall
Substation LAN
INTERNET WAN
CLARiiON
CLARiiON
VIKING - 4
IED
IED
CLARiiON
IED
Modem
SCADA Security
VIKING
Workstation for operators
Advanced Workstations
Office LAN
SCADA LAN
Firewall
A
SCADA Server
(Online/Standby)
B
Communication
Equipment (Front-End)
Application Servers
Modem
Communication Networks
System Vendors
Front-End
Substation LAN
Front-End
Firewall
Substation LAN
INTERNET WAN
CLARiiON
CLARiiON
VIKING - 5
IED
IED
CLARiiON
IED
Modem
VIKING - 6
VIKING
Why could SCADA be targeted?

SCADA systems monitor and control production and
distribution of i.e. electricity, gas and heat.

SCADA systems were traditionally physically
separated from the office IT network, using
proprietary protocols and OS

SCADA systems was not in the scope of IT

SCADA systems develops today on a standard
platform with standard protocols

SCADA systems are normally not patched and have
a life-cycle of 20 year

SCADA systems have today direct access to the
office IT networks and systems
VIKING - 7
VIKING
SCADA system and security ?

From the GAO report, May 2008, security study regarding TVA.

Remote access system was not securely configured

System and clients was not security patched

Lack of security security settings for key programs

Firewalls were bypassed or inadequately configured

Passwords were not effectively implemented

Logging was limited

No antivirus protection

Lack in security in the connections between Process and Office
IT network

Etc…..

Conclusion “TVA Needs to Address Weaknesses in Control
Systems and Networks
VIKING
VIKING - 8
Consequences of Cyber Security
Incidents… (?)
VIKING
Potential Consequences
VIKING - 9

Northeast Blackout 2003, US and Canada

50 million people without electricity

Financial losses estimated to 6-10 billion USD

Railway system interrupted

Airports shut down (passenger screening, electronic tickets)

Gas stations unable to pump gas

Disrupted cellular communication

Disrupted television (cable tv)

Internet traffic disrupted

Water system lost pressure: boil water advisories, closing of restaurants

Sewage spills
CIA senior analyst Tom Donahue: “We have information that cyber attacks
have been used to disrupt power equipment in several regions outside the
United States. In at least one case, the disruption caused a power outage
affecting multiple cities.”
VIKING - 10
VIKING
This is what we want to avoid!
VIKING
Strategic objectives of the VIKING project
VIKING - 11
The VIKING project will concentrate on cyber attacks on SCADA
systems for the Transmission and Distribution of electricity. The
project has the following objectives:

Provide a holistic framework for identification and assessment of
vulnerabilities for SCADA systems. The framework should provide
computational support for the prediction of system failure impacts and
security risks.

Provide a reference model of potential consequences of misbehaving
control systems in the power transmission and distribution network that
can be used as abase for evaluating control system design solutions.

Develop and demonstrate new technical security and robustness
solutions able to meet the specific operational requirements that are
posed on control systems for our target area.

Increase the awareness of the dependencies and vulnerabilities of
cyber-physical systems in the power industry.
VIKING
Members
Industrial Partners
ABB AG (Germany)
E.ON AG (Germany)
Astron (Hungary)
MML Analysis & Strategy (Sweden)
Academic Partners
Royal Institute of Technology (Sweden)
ETH Zurich (Switzerland)
VIKING - 12
University of Maryland (USA)
VIKING
From security requirements to social costs
Attack
SCADA system
Power network
VIKING - 13
Societal cost
VIKING
Modelling Approach
Network
Control Center
commands
Substation
Actuators
Power Grid
actions
Applications
Substation
Automation
measurements
measurements
Sensors
information
VIKING - 14
commands
state
power
attack
Distribution
decisionsupport
Transmission
commands
power
Operator
Society
Cost
VIKING
Models
Network
Applications
Actuators
commands
attack
Attack
Inventory
measurements
Substation
Automation
Power System
Models
measurements
Sensors
information
commands
VIKING - 15
actions
state
power
System
Architecture
Models
Power Grid
Distribution
decisionsupport
Substation
power
Cyberphysical
Models
Operator
commands
Transmission
Control Center
Society
Society
Models
Cost
VIKING - 16
VIKING
Example attack tree
VIKING
Destroy transformer TD223
VIKING - 17
Grain write access to actuator GT435
Society Models
…
…
VIKING


Previous work has been focused on testing attacks on physical
SCADA system

Viking will do a model based approach

Integrated analysis chain of models from attacks to societal cost
Previous work has been focused on the central system, e.g.
firewalls

VIKING - 18

What characterizes the VIKING approach?
Viking looks on the complete SCADA system including substation and
communication systems
Development of new methodologies

Use of power applications to detect manipulated data, i.e. higher level
of Intrusion Detection System

Use of security enhanced communication structures

Coupling between physical process and IT systems models to study
security issues

Etc.
VIKING - 19
VIKING
Potential Research Results of VIKING

Estimates of the security risk (in terms of monetory loss for the
society) based on threats trees, graphical system architecture and
society models

Comparable, quantitative results for cyber security for different
control system solutions

Use of existing model based application as application level
Intrusion Detection Systems to detect manipulation of data

Use of innovative and existing communication solutions to secure
power system communication

Help with identifying ”weak spots” and how to mitigate them

An environment for performing what-if analyses of the security risk
impact of different architecture solutions
VIKING
Summary
VIKING will investigate the vulnerability of
SCADA systems and the cost of cyber
attacks on society
VIKING will propose and test strategies
and technologies to counteract these
weaknesses
VIKING - 20
VIKING will increase the awareness for the
importance of critical infrastructures and
the need to protect them
VIKING

Project Coordinator Gunnar Björkman


gunnar.bjoerkman@de.abb.com
Technical Coordinator Pontus Johnson

VIKING - 21
Contact
pj101@ics.kth.se