scada.pdf
TRANSCRIPT
-
SCADA
-
1. SCADA2.SCADA3. SCADA System4. SCADA System Interface5. SCADA 6. Misconception about SCADA System Security 7. Security Vulnerabilities Affecting SCADA System8. SCADA Security Strategy - Network Rings of Defense9. SCADA System10. SCADA Configuration & Technical Controls11. SCADA System Attack Simulation 1/2/3 12. SCADA System 13. SCADA Technical Assessment Topics14. SCADA Security Plan
-
SCADA
Supervisory Control And Data Acquisition Initial, .
. SCADA Data.
SCADA , , , , , , , , , .
1.
2. 1. , , 2. /, 3.4.5.6.Plant
-
SCADA1. Remote Terminal Units (RTU)RTU.
2. RTUsMTU Data (Fiber Optic), (Dial-up)Modem.
3. Master Terminal Units (MTU)MTU(Control Center). , KeyBoardMouseMTU .
-
SCADA System(Ex. )
MODICON(Modular Digital Controller), Computer, RS-485(), ABB() , Ethernet , PC
PLC(Programmable Logic Controller) Digital Signal, Server Control PC, ControlPC PLC .
-
SCADA System Interface
System Control Log Visual Control System
SCADA System System Ethernet IT
-
SCADA 1. Cyber terror. Microstan 2D, 3D autocad 2000 . 9 The national strategy To SECURE CYBER SPACE.
2. 19981998 12, SCADA System. 489 400 5.3. 2000 4 SCADA System 2000 4, , Vitek Boden. 2 40 .
-
Misconception about SCADA System Security
Misconception # 1The SCADA system resides on a physically separate stand-alone network
Misconception # 2Connections between SCADA systems and other corporate networks are protected by strong access controls
Misconception # 3
SCADA systems require specialized knowledge, making them difficult for network intruders to access and control
-
Security Vulnerabilities Affecting SCADA System1. Common Vulnerabilities
Web Site System, ,
DNS Server Zone-Transfer IP, E-mail Transfer
2. Network Structure FTP, WEB, Mail Server Network Firewall, IDS, VPN
Network Segment Firewall Network
3. Lack of Real-Time Monitoring Network Log IDS
4. SCADA Control System User Interface VB, RAD Tool Data
ODBC Interface Enterprise Information System TCP/IP Protocol
-
SCADA Security Strategy - Network Rings of DefenseAttacks can originate from
1) either Internet Paths through the corporate network to the SCADA network.2) within the SCADA network from either upstream(applications) or downstream(RTUs) paths.
Corporate Network SCADA Network
Policies & ProceduresApplications
Operating SystemProxy
FirewallBorder Router
SCADAPolicies &
Procedures
SCADA ApplicationOperating Systems
SCADA Internal NetworkFirewall
SCADANetworkNetwork
Attacks DirectSCADANetwork Attacks
External Exposure
Internal ExposureExternal
ExposureInternal Exposure
-
SCADA System1. Enterprise Information System Control System
2. Control System Utility Tool
3. Control System Vendor Port
4. Remote management tool Control System Control
-
SCADA Configuration & Technical Controls
Corporate Network
Network for SCADA
OperationsPartners,
Energy Trading
Remote Access
Control (C) Control (B)
Control (A)
Operators
Acquired data users
Control (D)
OperationsPartners,
Energy TradingOther
CorporatePartners Internet
OtherCorporatePartnersInternet
-
SCADA System Attack Simulation 1
DMZ Web Server Mail Server IP Internal Network Internal Firewall SCADA System
-
SCADA System Attack Simulation 2
Control Scenario Server PC Virus Firewall ID Password
-
SCADA System Attack Simulation 3
DMZ Access SCADA System Control System SCADA SystemPLC(Programmable Logic Controller) Line Signal Packet Capture Command Signal Control ( PLC Command)
-
SCADA System 1. Control System. .
2. RTU IED IP . .
3. Device Protocol (ex. UCA/MMS & DNP),
4. Legacy System Legacy System.
5.
6. IDS Control Utility Protocol. , TCP/IP PLC Line Pattern.
-
SCADA Technical Assessment Topics
Server hardening Network equipment access controls Server access controls Physical security Console security Secure communications Authorization according to principles of least privilege & segregation of responsibilityWireless Local Area Networks
D
Firewall topology & rule base ; other Internet controls like content filtering Authentication Auditing & logging Intrusion detection Wireless Local Area Networks Operating System hardening
C
The security of common points of management (e.g. SNMP, Consoles) Trust relationships at the Operating System(OS) level Protection of key shared resource infrastructure(e.g. Domain Name Services)
B
Location & sensitivity of data Topology Network Access Controls System access controls User Authentication User Entitlements Auditing & logging Intrusion detection Physical controls
A
Technical Assessment TopicsControl Points
-
SCADA Security Plan1. Security Policy
Cyber Terror Cyber war Control System Control System PC Server Virus Control System Solution
2. Security Technic DMZ VPN Server E-mail File/Directory Locking SCADA Control