Securing Control Systems in the Oil and Gas Infrastructure - PowerPoint PPT Presentation

1 / 38
About This Presentation

Securing Control Systems in the Oil and Gas Infrastructure


... then we shouldn t be doing it In this project, ... The HSMTU (High Security MTU) is an architecture that hardens the master control functions from. – PowerPoint PPT presentation

Number of Views:179
Avg rating:3.0/5.0
Slides: 39
Provided by: UlfLin


Transcript and Presenter's Notes

Title: Securing Control Systems in the Oil and Gas Infrastructure

Securing Control Systems in the Oil and Gas
What Is The I3P?The Institute for Information
Infrastructure Protection
  • Funded by Congress, managed by Dartmouth College
    with oversight from DHS
  • Established in 2001 to identify and address
    critical research problems facing our nations
    information infrastructure
  • Consortium of 27 universities, non-profit
    research institutions, and federal labs

What Is This Research Project?
  • Two-year applied research effort to improve cyber
    security for control systems/SCADA
  • Specific focus on oil gas industry
  • Help industry better manage risk by
  • providing risk characterization
  • developing and demonstrating new cyber security
    tools and technologies
  • enhancing sustainable security practices for
    control systems

An Important Problem
  • Oil and gas processing is controlled by computer
  • Trend toward general-purpose platforms and
    universal connectivity
  • These systems are vulnerable to cyber attack
  • An attack could have severe consequences for
  • Human lives
  • The environment
  • The economy

  • June 10, 1999
  • In Bellingham, Washington, a gasoline pipeline
    operated by Olympic Pipeline Company ruptured
  • 237,000 gallons of gasoline was released into
    Whatcom Creek
  • The gasoline ignited, sending a fireball racing
    down the creek
  • Two 10-year old boys and an 18-year old man were
  • SCADA system problems partial cause

Why Is There A Problem?
  • Control system side
  • Top priority is reliability and availability, not
  • Traditionally relied on obscurity and isolation
  • Trend using general hardware and OS
  • Owner/operator companies are in the hands of
  • Vendors often have backdoor modem lines
  • Default passwords
  • IT side
  • Traditional security tools may not work for
    control systems
  • IT people do not know control systems
  • Enterprise networks are being connected to
    control systems
  • Control systems are overlooked because they are
    not managed by IT

  • Demonstrated improved cyber security in the Oil
    Gas infrastructure sector
  • New research findings
  • New technologies
  • Significantly increased awareness of
  • Security challenges and solutions
  • The capabilities of the I3P and its members

  • Build upon ongoing cyber security research to
    apply to the process control arena
  • Develop tools and technology which could enhance
    the robustness of critical infrastructure process
    control systems
  • Focus on the oil and gas sector by partnering
    with industry
  • Develop research collaborations with other
    institutions with cyber security domain expertise
  • Communicate and demonstrate results of the

Project Overview
Oil and Gas Industry
Workshops, Demonstrations
Research Team
Risk CharacterizationSNL
Topic 1
Inter- dependenciesUVa
Security ToolsMIT/LL
Tech TransferSRI
Topic 2
Topic 3
Topic 4
Topic 5
Topic 6
Topic 1 Risk Characterization
  • Problem What is the risk to infrastructure
    caused by potential vulnerabilities of the
    process control systems?
  • Approach
  • Year 1 and 2 SCADA risk workshops focused on oil
    and gas sector to collect data for all tasks in
    the plan
  • Aggregate information from owners, operators, and
    domain experts
  • Analysis of the data to determine classes of
    SCADA systems to include vulnerabilities,
    threats, consequences, and risks for SCADA
  • Development of attack taxonomy and mitigation
    strategy analysis
  • Profiles of security situations, generalized
    threats, classes of consequences
  • Best Practices handbook information

Topic 1 First Year Workshop
  • The workshop was held in Houston, Texas, on June
    2-3, 2005
  • Sample highlights from industry breakout
  • On-site contractors present a major vulnerability
    to facility and IT/SCADA security
  • Attackers can use easily accessible emergency
    response plans and identification of key
    personnel to amplify attacks
  • Vendors are only able to provide the products
    (including security) demanded by their clients
  • Cost and certification of security measures are a
  • Systems in the oil gas industry represent wide
    range of maturation levels from beginner to
  • Need to include consideration of all systems
    legacy, modern, and heterogeneous
  • Most control systems in use today are insecure by

Topic 1 Results
  • One page summary of workshop
  • Workshop analysis report being prepared
  • Industry perspectives
  • Profiles of security situations
  • Technological profiles
  • Understanding the threat
  • Consequences and measures
  • Industry risk trends
  • Future Work
  • Attack taxonomy
  • Interim and final risk characterization reports
  • Risk characterization to quantify security impact
    and improve business case
  • 2nd workshop focused on technical demonstrations
  • June 8, 2006 in La Jolla, CA

Topic 2 Interdependencies
  • Assess the degree of SCADA dependence and
    associated risk exhibited by interlinked critical
  • Understand the indirect risk to the U.S. Economy
    resulting from Oil Gas SCADA system
    vulnerability and cyber threat potential
  • Develop risk management practices that reduce the
    risk of cascading effects resulting from system
    interdependencies and cyber attacks

Topic 2 General Response Model Overview
  • Purpose
  • 1) Map cyber intrusion events to macro-economic
    inoperability effects
  • 2) Integrate System Dynamics model with the
    Inoperability Input-Output Model (IIM) for
    comprehensive and tractable impact analysis
  • 3) Use scenarios of cyber attack, information
    security, infrastructure resilience and emergency
    management systems to derive supply- and
    demand-side perturbations for IIM economic and
    inoperability impact analysis
  • 4) Understand the role of public response to
    industry events in shaping, amplifying and
    dampening economic impact
  • 5) Develop means by which the efficacy of
    candidate risk management strategies can be
    quantitatively evaluated

Topic 2 General Response Model Framework
Topic 3 Security Metrics
  • Problem How can the security of control systems
    be measured and related to business and
    functional requirements?
  • Security metrics provide tools that enable
    decisions based on quantitative or qualitative
    assessments rather than hunches or best guesses.
  • Lead Pacific Northwest National Laboratory
    Martin Stoddard (
  • Team Members Sandia National Laboratory,
    University of Virginia, The MITRE Corp.

Topic 3 A Few Sample Metrics
  • Adversary work factor
  • Capability Maturity Model (CMM)
  • Security Scorecard
  • Assurance Levels/Categories
  • Risk Analysis/Security Vulnerability Assessments
  • Readiness Levels

Topic 3 Approach
  • Phase I Survey existing security metrics and
    provide a high-level view of metrics tools and
    their application to PCS.
  • Phase II Develop detailed requirements for
    process control metrics. Apply existing
    technologies where applicable and identify gaps
    requiring further development.
  • Phase III Prioritize the gaps from Phase II and
    apply research to develop the highest-priority
    metrics tools.

Topic 4 Inherently Secure SCADA Systems
  • Problem How do you design, verify, install and
    monitor secure process control systems?
  • Deliverables Tools and techniques to
  • Support Secure Operations
  • Risk management for configuration and deployment
  • Assess architectural security vulnerabilities
  • Model and monitor correct behavior
  • Enable Secure Components
  • Application software
  • Protocols and protocol stacks
  • Operating systems

Topic 4 Team Members
  • Topic Lead MIT/LL Rob Cunningham
  • Support Secure Operations
  • Risk management for configuration and deployment
    - MITRE
  • Assess architectural security vulnerabilities -
    University of Illinois
  • Model and monitor correct behavior - SRI
  • Enable Secure Components
  • Application software - MIT/LL
  • Protocols and protocol stacks - University of
  • Operating systems - PNNL

Topic 4 Research Strategy
  • Pull Expand operator awareness of approaches to
    improved security
  • Develop prototype tools to suggest, verify
    implementation, monitor systems
  • Push Enable more secure vendor solutions
  • Develop prototypes to improve application
    software, protocols, underlying operating system

Research to support market conditions for more
secure components and systems
Topic 4 Reference Refinery Network Architecture
Topic 4 Architecture With I3P Security
The Traffic Assessment Tool (TAT) analyzes how
well the system of firewall rules adheres to
global traffic policy. The JSST is a SCADA
protocol policy-aware network monitor. The HSMTU
(High Security MTU) is an architecture that
hardens the master control functions from. The
HIDS (host intrusion detection system) and NIDS
(network intrusion detection system) look for
misbehavior, reported to the SIM (security
incident manager).
Topic 4 Risk Management
Topic 4 Architectural Vulnerabilities
Topic 4 Modeling and Monitoring
Topic 4 Application Software
Topic 4 Protocols
Topic 4 Operating Systems
Topic 5 Cross Domain Information Sharing (CDIS)
  • Domain A collection of individuals, resources,
    and information owned by one organization that
    requires protection from other domains
  • Cross Domain Information Sharing Exchange of
    information between two or more domains

Topic 5 Research Plan
  • Prioritize the information sharing needs within
    the Gas Oil sector
  • What information sharing is taking place, but at
    a risk?
  • What necessary information sharing is not taking
    place, and why not?
  • What information sharing will be necessary to
    support new business processes?
  • What information sharing would be beneficial, if
    properly constrained? (e.g., non-attribution)
  • Identify where existing solutions do not meet
    critical needs
  • Research, develop, and demonstrate CDIS solutions
    to address high priority needs
  • Feed Technology Transfer

Topic 5 Use Cases
  • Business LAN - Control Center LAN
  • Database queries against financial databases that
    reside on the Business LAN
  • Email containing product orders or inventory
  • Fixed formatted messages containing product
    nominations or sampling results
  • Asset Owner - Asset Owner
  • Use collaborative environment to share IDS scan
    results, raw log data, reconnaissance activities,
    attack techniques (including social engineering),
    forensic information, system vulnerabilities,
    system status information
  • Asset Owner - Government Agencies
  • Submit formal reports of incidents to appropriate
    government agencies
  • Coordinate with first responders and law
    enforcement in the event of a crisis as well as
    to share after action reports
  • Asset Owner - Vendor
  • Push/pull product updates and security patches
  • Discuss product features and their operational use

Topic 5 One Solution
  • Industry site is accessible by authenticated
  • Owners report problems to vendors
  • Vendors and owners report problems and solutions
    anonymously to industry site
  • Industry site analyzes anonymous data
  • Industry site reports analysis to government site

Topic 6 Technology and Knowledge Transfer
  • We are not doing blue sky basic research
  • Transition of our results into the infrastructure
    is essential for success
  • If what we are doing is not relevant to industry
    cyber security needs, then we shouldnt be doing
  • In this project, we are actively working to
    organize and speed up the transfer process

Topic 6 Technology Transfer Mechanisms
  • Technology Transition Taskforce
  • Partnerships
  • Evaluations and Experiments
  • Technology demonstration programs
  • Structured Process for Value Creation

Topic 6 Knowledge Transfer
  • Knowledge transfer is bidirectional
  • Researchers ? Industry
  • Workshops
  • Site visits
  • Technical papers
  • Project books will be published by ISA
  • Training class offered to industry
  • Working with industry groups API, NPRA

Related Efforts
  • This is the only large government-funded research
    effort for control system security for the oil
    and gas infrastructure
  • Focused on industry needs
  • 6 topic areas, 11 institutions, hundreds of
    stakeholders, thousands of lives at risk in a
    major cyber attack on oil gas systems
Write a Comment
User Comments (0)