IFIP Session5 Christiansson-Luiijf 0307
Transcript of IFIP Session5 Christiansson-Luiijf 0307
-
8/8/2019 IFIP Session5 Christiansson-Luiijf 0307
1/16
Eric Luiijf, Principal Consultant
Reflections on a European
SCADA Security Test Bed
-
8/8/2019 IFIP Session5 Christiansson-Luiijf 0307
2/16
March 20, 2007Reflections on a European SCADA Security Test Bed2
Authors
Swedish Defence Research Agency (FOI)
Henrik Christiansson PhD
Netherlands Organisation for Applied Scientific Research TNO
Eric Luiijf MSc
-
8/8/2019 IFIP Session5 Christiansson-Luiijf 0307
3/16
-
8/8/2019 IFIP Session5 Christiansson-Luiijf 0307
4/16
March 20, 2007Reflections on a European SCADA Security Test Bed4
SCADA
SCADA = Supervisory Control and Data Acquisition automatics, electronics, pneumatics, and ICT to
monitor (supervisory)
control of processes, and data acquisition
SCADA general term - comprises Process Control Systems (PCS) Distributed Control Systems (DCS) Energy Management Systems (EMS) local processors
Programmable Logic Controller (PLC)
Remote Terminal Units (RTU), .
-
8/8/2019 IFIP Session5 Christiansson-Luiijf 0307
5/16
March 20, 2007Reflections on a European SCADA Security Test Bed5
SCADA application areas
Critical infrastructures
energy (power, gas, oil)
water (drinking water, sewage, water levels) transport (trains, metro, automated loading, ..)
Other chemical industry
industrial processes
many small installations
e.g., automatic milking and feeding
-
8/8/2019 IFIP Session5 Christiansson-Luiijf 0307
6/16
March 20, 2007Reflections on a European SCADA Security Test Bed6
Examples of differences with business ICT
Reliability
limited # prime time hours
occasional failures allowed
beta test in the field
Risk impact
integrity, privacy, confidentiality
Risk management
safety is non-issue
red-button reset culture
Information
delay & jitter may be accepted
Reliability
24*7 operations
disruptions intolerable
Q/A required before fielding
Risk impact
loss of life, production, equipment,
(critical) service delivery
Risk Management
hazard analysis required
fault tolerance by design
Information
long delay is concern
Business ICT SCADA
-
8/8/2019 IFIP Session5 Christiansson-Luiijf 0307
7/16
March 20, 2007Reflections on a European SCADA Security Test Bed7
The SCADA threat scene
SCADA operators
not prepared for information security in SCADA
manual operation of critical processes infeasible (no fall-back) business drivers require externalconnections
SCADA suppliers
functionality has priority over information security SCADA becomes open (protocols; COTS)
Motivation for interested attackers
through SCADA, a large kinetic, economic, ecological, and
psychological impact is possible
-
8/8/2019 IFIP Session5 Christiansson-Luiijf 0307
8/16
March 20, 2007Reflections on a European SCADA Security Test Bed8
Some SCADA risk issues
Critical infrastructure owners unaware of SCADA risk
automation background neglects information security
information security & EDP audit neglect pumps and valves
SCADA information security lags 8 - 15 years behind
protocols developed for non-hostile environment
no up-to-standards security solutions if protected, only a boundary focus
But: SCADA environment becomes more integrated and hostile
-
8/8/2019 IFIP Session5 Christiansson-Luiijf 0307
9/16
March 20, 2007Reflections on a European SCADA Security Test Bed9
Incidents?
Almost all public incidents occurred in the USA and Australia????
European incidents under the carpet
not in the press
but, ..
incidents with potentially high consequences happened
?
-
8/8/2019 IFIP Session5 Christiansson-Luiijf 0307
10/16
March 20, 2007Reflections on a European SCADA Security Test Bed10
General reasons for SCADA test beds
Interference with life-systems is risky, therefore a closed SCADA
environment required for
systematic vulnerability analysis active penetration testing
testing common ICT-security measures
testing fixes for security problems (patch validation)
Developing hands-on SCADA risk analysis expertise
Developing standards and best-practices
Developing new, more secure architectures
-
8/8/2019 IFIP Session5 Christiansson-Luiijf 0307
11/16
March 20, 2007Reflections on a European SCADA Security Test Bed11
Specific reasons for a European SCADA test facility
Currently only some small scale test benches in Europe
Architectural differences of critical infrastructures in Europe vs. US
more distributed national manufacturers diversified technologies and applications different standards
Distributed and encompassing different technologies fine grain PLC testing to large-scale grid operation validation allow connection of existing test benches different national interests on what to test
Constitute a European validation and second opinion to the resultsemanating from the USA
-
8/8/2019 IFIP Session5 Christiansson-Luiijf 0307
12/16
March 20, 2007Reflections on a European SCADA Security Test Bed12
Potential problems for a European SCADA test bed
A very different political and economical environment
national security issues emanating from different nations have
to be handled at one site
probably less pronounced at for instance the US test beds
since it works in the boundaries of one nation
Financing and strategic operation will be quite difficult for these
reasons
-
8/8/2019 IFIP Session5 Christiansson-Luiijf 0307
13/16
March 20, 2007Reflections on a European SCADA Security Test Bed13
The vision: distributed SCADA test bed
International
test bed
Existing SCADA test benches
SCADAtest bed
-
8/8/2019 IFIP Session5 Christiansson-Luiijf 0307
14/16
March 20, 2007Reflections on a European SCADA Security Test Bed14
Distributed European SCADA test bed
Patch validationCERTs, operators, and manufacturers
Stress testing
Specific
vulnerabilitytesting
Validation of
IA solutions
Newtechnologies
Newarchitectures
New tools
academics; R&D
Interoperability testingoperators
Testing new applicationsmanufacturers
SECURESCADA
test facility
long-haulcommunication
testing
Good Practices
Reach-outrisk analysis
Red-teaming
Systematicvulnerability
analysis
academics; R&D
Specific testbenches (e.g. PLC)
-
8/8/2019 IFIP Session5 Christiansson-Luiijf 0307
15/16
March 20, 2007Reflections on a European SCADA Security Test Bed15
Conclusions
SCADA security issues require international efforts
systematic approaches
validation of security solutions before going life
A distributed European SCADA security facility is required
Many stakeholders and multi-national security is a major challenge
controlled dissemination of information
Side benefits of a test bed
good practices, red team, expert risk assessment
-
8/8/2019 IFIP Session5 Christiansson-Luiijf 0307
16/16
March 20, 2007Reflections on a European SCADA Security Test Bed16
Questions?