SCADA Security

1
SCADA Security
Prepared for SECA XVI Conference Brooklyn Park,
Minnesota October 9, 2000 Prepared by Jeff
Dagle Pacific Northwest National
Laboratory Richland, Washington (509)
375-3629 jeff.dagle_at_pnl.gov
2
Outline

• Context Current Trends in Industry
• Information Technology
• Implications of Restructuring
• Federal Perspective
• Critical Infrastructure Protection Initiative
• DOE Vulnerability Assessment Activity
• SCADA Security
• Trends and Implications
• Vulnerability Demonstration
• Mitigation Strategies

3
Information Technology Trends

• Increasing
• enterprise dependence on IT
• connectivity and standardization
• access to information assets
• dependencies on other infrastructures
• Role of the Internet
• E-Biz projected increase from 8B (97) to 320B
  (02)
• Utility E-Biz projection 2B (97) to 10B
  (02)
• Information technologies are becoming inseparable
  from the core business of businesses

4
Information Technology Anecdotes

• Hacker Trends
• First computer virus conceived in 1987 -- today
  there are 30,000 (10 more each day)
• Hacker software and sophistication increasing
  exponentially
• More than 1/2 of the 50 largest banks report
  significant
• network attacks in 98
• Gas/electric utility reports over 100,000 scans
  per month
• Distributed denial of service attacks against
  e-commerce sites
• Response
• FBI computer caseload 200 cases to 800 cases in
  last two years -- number of cases now agent
  limited
• IT security gaining increased attention in
  auditing, insurance and underwriting communities
• 1.6 trillion forecast world wide to deal with
  cyber challenges. 6.7 billion in first 5 days
  of response to I Love You

5
Information Age Threat Spectrum
6
Energy Incidents and Anecdotes

• DOE database reports 20,000 attacks on lines,
  substations, and power plants from 1987 to 1996
  many attacks continue
• 1997 San Francisco outage probably an insider
• June 1999 Bellingham pipeline explosion
  accompanied by SCADA failure
• Belgium US (Mudge) hackers threaten to shut
  down electric grid (Fall 99)
• Hacker controls Gazprom natural gas in Russia
  (Spring 2000)
• Potential plot to attack nuclear plant during
  Sydney Olympics

7
Trends - Restructuring

• Industry downsizing
• 20 or more reductions of staff over last five
  years
• Physical and IT security implications Doing
  more with less
• Mergers
• Increased 4x between 1990 and 1997
• Keeping staff trained and updated
• New business players
• Open access and open architecture systems
• Mandated by regulation
• Maintainability and low cost security
  implications?

8
Outline

• Context Current Trends in Industry
• Information Technology
• Implications of Restructuring
• Federal Perspective
• Critical Infrastructure Protection Initiative
• DOE Vulnerability Assessment Activity
• SCADA Security
• Trends and Implications
• Vulnerability Demonstration
• Mitigation Strategies

9
(No Transcript)
10
National Action
Certain national infrastructures are so vital
that their incapacitation or destruction would
have a debilitating impact on the defense or
economic security of the United States
11
(No Transcript)
12
The Department of Energys Infrastructure
Assurance Outreach Program (IAOP)
Energy Infrastructures

• Utilize DOE expertise to assist in enhancing
  energy infrastructure security.
• Awareness - vulnerabilities risks
• Assistance - assessment to identify and correct
  vulnerabilities
• Partnership- teaming with industry to
  collectively advance critical infrastructure
  protection
• Voluntary participation conducted under strict
  terms of confidentiality

Electric power
Oil
Natural Gas
13
IAOP Scope

• IAOP Assessments
• Electric power infrastructure (started in FY
  1998)
• Primarily cyber, includes physical security and
  risk management
• Approximately 10 electric utilities received
  voluntary assessments
• Natural gas (started in FY 2000)
• Physical and cyber
• Expertise from multiple national laboratories and
  other Federal agencies
• Assessment, not audit
• IAOP Outreach
• Conferences, meetings, information sharing
• Support industry groups (NERC, NPC, EPRI, )
• Engagement with other Federal agencies (FBI, NSA,
  NRC ...)

14
Project Outline

• Task I - Project Planning Pre-Assessment
• Project Planning and Scoping
• Pre-Assessment -- Critical asset definition
• Task II - Assessment
• Threat Environment
• Network Architecture
• Network Penetration
• Physical Security, Operations Security
• Administrative Policies, Procedures
• Energy System Influence
• Risk Analysis
• Optional Task III - Methodology Prudent
  Practices
• Methodology Handbook
• Prudent Practices
• Awareness (Closed forums and workshops)

15
Risk ManagementSpectrum of Action
16
Outline

• Context Current Trends in Industry
• Information Technology
• Implications of Restructuring
• Federal Perspective
• Critical Infrastructure Protection Initiative
• DOE Vulnerability Assessment Activity
• SCADA Security
• Trends and Implications
• Vulnerability Demonstration
• Mitigation Strategies

17
SCADA Trends

• Open protocols
• Open industry standard protocols are replacing
  vendor-specific proprietary communication
  protocols
• Interconnected to other systems
• Connections to business and administrative
  networks to obtain productivity improvements and
  mandated open access information sharing
• Reliance on public information systems
• Increasing use of public telecommunication
  systems and the internet for portions of the
  control system

18
SCADA Concerns

• Integrity
• Assuring valid data and control functions
• Most important due to impact
• Availability
• Continuity of operations
• Historically addressed with redundancy
• Confidentiality
• Protection from unauthorized access
• Important for market value, not reliability

19
SCADA Vulnerability Demonstration
Field Device (RTU, IED or PLC)
20
Operator Interface

• Simulated display of electrical substation
• Circuit breaker status information read from
  field device

21
SCADA Message Strings
Repeating easily decipherable format
Captured by RTU test set
22
Attack Scenarios

• Denial of service
• Block operators ability to observe and/or
  respond to changing system conditions
• Operator spoofing
• Trick operator into taking imprudent action based
  on spurious or false signals
• Direct manipulation of field devices
• Send unauthorized control actions to field
  device(s)
• Combinations of above

23
Mitigation Strategies

• Security through obscurity
• Poor defense against structured adversary
• Isolated network
• Communication encryption
• Concerns over latency, reliability,
  interoperability
• Vendors waiting for customer demand
• Signal authentication
• May provide good defense without the concerns
  associated with full signal encryption

24
Value Proposition

• Expectations
• The government and industry will collaboratively
  develop technologies consistent with shared
  infrastructure assurance objectives
• Public sector funding necessary to initiate
  development of new technologies

• Industry
• Proactive in protecting customers stockholder
  interests
• Insights into vulnerability and risk assessment
  techniques
• Due diligence

• Government
• Proactive in protecting public interests and
  national security
• Insights into industry risk management
  perspectives
• Facilitate long-term research and development,
  best practices

25
Conclusions

• SCADA is becoming more vulnerable
• Standard, open protocols
• Interconnected to other systems and networks
• Industry in transition
• Focus countermeasures to protect
• Integrity
• Availability
• Confidentiality